IoT Testing Guides

Tester IoT Security Guidance
(DRAFT)

The goal of this page is to help testers assess IoT devices and applications in the Internet of Things space. The guidance below is at a basic level, giving testers of devices and applications a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly improve the security of any IoT product.

General Recommendations
Consider the following recommendations for all user interfaces (local device, cloud-based and mobile):
 * Avoid potential Account Harvesting issues by:
 * Ensuring valid user accounts can't be identified by interface error messages
 * Ensuring strong passwords are required by users
 * Implementing account lockout after 3 - 5 failed login attempts