Application Security , Endpoint Security , Internet of Things Security

Ensuring Connected Devices Are Secure

Aaron Guzman of OWASP Says IoT Security Basics Are Improving
Aaron Guzman, OWASP

The emergence of the Mirai botnet four years ago created a wave of worry over how increasing numbers of internet-connected devices could be abused by cybercriminals.

See Also: The Essential Guide to Container Monitoring

Mirai’s malicious code was designed to take advantage of weak or default credentials in digital video recorders, routers and CCTV cameras. Then, the commandeered devices were used to launch staggering distributed denial-of-service attacks (see: Mirai Botnet Pummels Internet DNS in Unprecedented Attack).

The lessons from Mirai have been taken to heart, says Aaron Guzman, who is the IoT and Embedded AppSec Project leader for the Open Web Application Security Project, also known as OWASP.

“I definitely see at least the IoT security landscape progressing in many different ways, especially in certain industry sectors,” Guzman says. "The awareness of Mirai and the impact of insecure devices really hit home for some companies, some organizations, manufacturers and even federally.”

Guzman is one of many experts working to create tools to better evaluate the security of connected devices and embed security into software design processes. OWASP and other organizations are working on specifications and methods for evaluating and securing connected devices.

“With all the awareness and all the interest, several communities have created a kind of 'call to action' and essentially put together their own flavors of what you should do to ensure your IoT devices are secure,” Guzman says.

In this video interview with Information Security Media Group, Guzman discusses:

  • The security challenges around IoT devices connected to cloud services;
  • How OWASP is creating tools and methods to help organizations test and secure connected devices on their own;
  • Whether a global IoT security standard will be developed.

Guzman is the lead for OWASP’s IoT and Embedded AppSec Project as well as its Firmware Security Testing Methodology project. He’s an expert in web application security and is a technical leader with Cisco’s Meraki unit.

About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.