Difference between revisions of "OWASP Internet of Things Top Ten Project"

From OWASP
Redirect page
Jump to: navigation, search
m (removing this project and redirecting)
 
(233 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
+
#REDIRECT [[OWASP_Internet_of_Things_Project]]
 
+
{{Top_10_2013:TopTemplate
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}}
+
 
+
{{Social Media Links}} 
+
 
+
 
+
='''___________Main___________'''=
+
 
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
+
 
+
 
+
{{Top_10:SubsectionTableBeginTemplate|type=headertab}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=firstLeft|title=1|risk=10|year=2013|language=en}}
+
 
+
==OWASP Internet of Things Top Ten Project==
+
 
+
Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”
+
 
+
The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.
+
 
+
Examples of IoT Devices: Cars, lighting systems, refrigerators, telephones, SCADA systems, traffic control systems, home security systems, TVs, DVRs, etc…
+
 
+
Internet of Things Top 10 (tentative):
+
#Administrative Interface with Weak/Default Credentials
+
#Buffer Overflow of Available Network Service
+
#Lack of Network Encryption
+
#Insecure Software Update System
+
#Denial of Service
+
#Information Disclosure Through Network Services
+
#Insecure Web Interface
+
#Network Attack Magnification
+
#Trivial Physical Security Bypass
+
#Poor Security Management Capabilities
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=right|title=2|risk=1|year=2013|language=en}}
+
 
+
==Introduction==
+
 
+
Write a short introduction
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=3|risk=1|year=2013|language=en}}
+
 
+
==Description==
+
 
+
Write a description that is just a few paragraphs long
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=4|risk=1|year=2013|language=en}}
+
 
+
==Licensing==
+
 
+
The OWASP Internet of Things Top Ten Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=5|risk=1|year=2013|language=en}}
+
 
+
== What is the OWASP Internet of Things Top Ten Project? ==
+
 
+
The OWASP Internet of Things Top Ten Project  provides:
+
 
+
* xxx
+
* xxx
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=6|risk=1|year=2013|language=en}}
+
 
+
== Presentation ==
+
 
+
Link to presentation
+
 
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=7|risk=1|year=2013|language=en}}
+
 
+
== Project Leaders ==
+
 
+
* Daniel Miessler
+
* Jason Haddix
+
* Craig Smith
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=8|risk=1|year=2013|language=en}}
+
 
+
== Related Projects ==
+
 
+
* [[OWASP_CISO_Survey]]
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=9|risk=1|year=2013|language=en}}
+
 
+
== Quick Download ==
+
 
+
* Link to page/download
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=10|risk=1|year=2013|language=en}}
+
 
+
== News and Events ==
+
* [20 Nov 2013] News 2
+
* [30 Sep 2013] News 1
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=11|risk=1|year=2013|language=en}}
+
 
+
== In Print ==
+
 
+
This project can be purchased as a print on demand book from Lulu.com
+
 
+
 
+
 
+
 
+
 
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=12|risk=1|year=2013|language=en}}
+
 
+
==Classifications==
+
 
+
  {| width="200" cellpadding="2"
+
  |-
+
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
+
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
+
  |-
+
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
+
  |-
+
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
+
  |-
+
  | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
+
  |}
+
 
+
 
+
{{Top_10:SubsectionTableEndTemplate}} {{Top_10_2013:TopTemplate
+
    |headertab=Main
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}}
+
 
+
='''___________FAQs___________'''=
+
 
+
{{Top_10:SubsectionTableBeginTemplate|type=headertab}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=firstLeft|title=1|risk=10|year=2013|language=en}}
+
 
+
; Q1
+
: A1
+
 
+
; Q2
+
: A2
+
 
+
{{Top_10:SubsectionTableEndTemplate}} {{Top_10_2013:TopTemplate
+
    |headertab=FAQs
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}}
+
 
+
='''___________Acknowledgements___________'''=
+
 
+
{{Top_10:SubsectionTableBeginTemplate|type=headertab}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=firstLeft|title=1|risk=10|year=2013|language=en}}
+
 
+
==Volunteers==
+
The OWASP Internet of Things Top Ten Project is developed by a worldwide team of volunteers. The primary contributors to date have been:
+
 
+
* xxx
+
* xxx
+
 
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=2|risk=1|year=2013|language=en}}
+
 
+
==Others==
+
 
+
* xxx
+
* xxx
+
 
+
{{Top_10:SubsectionTableEndTemplate}} {{Top_10_2013:TopTemplate
+
    |headertab=Acknowledgements
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}}
+
 
+
='''___________Road Map and Getting Involved___________'''=
+
 
+
{{Top_10:SubsectionTableBeginTemplate|type=headertab}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=firstLeft|title=1|risk=10|year=2013|language=en}}
+
 
+
As of January 2014, the priorities are:
+
* xxx
+
* xxx
+
* xxx
+
 
+
Involvement in the development and promotion of the OWASP Internet of Things Top Ten Project is actively encouraged!
+
You do not have to be a security expert in order to contribute.
+
Some of the ways you can help:
+
* xxx
+
* xxx
+
 
+
{{Top_10:SubsectionTableEndTemplate}} {{Top_10_2013:TopTemplate
+
    |headertab=Road Map and Getting Involved
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}}
+
 
+
 
+
='''___________Project About___________'''=
+
 
+
{{Top_10:SubsectionTableBeginTemplate|type=headertab}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=firstLeft|title=1|risk=10|year=2013|language=en}}
+
{{:Projects/OWASP_Internet_of_Things_Top_Ten_Project}}
+
 
+
{{Top_10:SubsectionTableEndTemplate}} {{Top_10_2013:TopTemplate
+
    |headertab=Project About
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}}
+
 
+
 
+
 
+
='''A1-Injection'''=
+
 
+
 
+
='''A2-Broken Authentication and Session Management'''=
+
 
+
 
+
 
+
 
+
='''A3-Cross-Site Scripting (XSS)'''=
+
 
+
 
+
 
+
='''A4-Insecure Direct Object References'''=
+
 
+
 
+
 
+
 
+
='''A5-Security Misconfiguration'''=
+
 
+
 
+
='''A6-Sensitive Data Exposure'''=
+
 
+
 
+
 
+
 
+
='''A7-Missing Function Level Access Control'''=
+
 
+
 
+
 
+
 
+
='''A8-Cross-Site Request Forgery (CSRF)'''=
+
 
+
 
+
 
+
 
+
='''A9-Using Components with Known Vulnerabilities'''=
+
 
+
 
+
 
+
 
+
='''A10-Unvalidated Redirects and Forwards'''=
+
 
+
 
+
 
+
 
+
<headertabs />
+
 
+
{{Top_10_2013:BottomAdvancedTemplate
+
    |type={{Top_10_2010:StyleTemplate}}
+
    |usenext=2013NextLink
+
    |next=A2-{{Top_10_2010:ByTheNumbers
+
              |2
+
              |year=2013
+
              |language=en}}
+
    |useprev=2013PrevLink
+
    |prev={{Top_10:LanguageFile|text=top10|year=2013|language=en}}
+
    |year=2013
+
    |language=en
+
}} 
+
 
+
|}
+
 
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
+

Latest revision as of 16:23, 11 November 2015