ASVS V20 Internet of Things

V20: Internet of Things Verification Requirements This section contains controls that are Embedded/IoT device specific. These controls must be taken in conjunction with all other sections of the relevant ASVS Verification Level.

Control Objective

Embedded/IoT devices should:


 * Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.
 * Sensitive data stored on the device should be done so in a secure manner.
 * All sensitive data transmitted from the device should utilize transport layer security.

Security Verification Requirements

References:

For more information, see also:


 * [OWASP Internet of Things Top 10](https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf)
 * [OWASP Internet of Things Project](https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project)
 * [Trudy TCP Proxy Tool](https://github.com/praetorian-inc/trudy)