OWASP Scada Security Project

From OWASP
Jump to: navigation, search

Main

Security of SCADA is great challenge and WEB-applications play huge role in it. The Project aims to research modern SCADA security issues, related to WEB-applications security used in vendors solutions (ICS, SCADA, RTU, PLC, equipment for industrial networks and etc.). According to the statistics, one of the most popular remote attack vectors on SCADA is fingerprinting of exposed industrial devices by its front-ends and server-side components through application procols (HTTP, UPnP, SNMP, FTP, SSH, Telnet). It helps the hackers to detect critical infrastructures, as well as signatures of smart-metering devices, HVAC, medical devices. The idea os the project is to gather information about the ways of improving the security measures in modern ICS environments and to create guidelines for it's hardering.

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Scada Security Project (home page)
Purpose: The primary aim of OWASP SCADA Security project is to gather information about different ICS/SCADA security threats related to WEB-applications and it’s environments, starting from reconnaissance (“foorprinting”) stage to vulnerabilities exploitation.

Primary goals:
-to aware ICS/SCADA developers about security vulnerabilities by providing information about found WEB-application viulnerabilities in software and firmware on famous vendors;
-to create and publish freeware and open-source tools for ICS/SCADA security assessment written on scripting languages.

License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Andrey Komarov @
Project Contributor(s):
  • Holger Junker @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Andrey Komarov @ to contribute to this project
  • Contact Andrey Komarov @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
SCADA/RTU/PLC detection cheet sheet - 09.03.2013 - (download)
Release description: The signatures for the most popular SCADA/RTU/PLC products of famous vendors. It covers several methods of detection through the application level protocols such as HTTP, FTP, SSH. The aim of the cheet sheet is to gather information about the criteria useful for external reconnaissance stage from the hacker side. Additionally, this information will be used for the SCADA Honeypot developing within the project. The file will be regularly updated, feel free to send own signatures and methods of detection.

Release Description

Rating: Projects/OWASP Scada Security Project/GPC/Assessment/SCADA/RTU/PLC detection cheet sheet
last reviewed release
Not Yet Reviewed


other releases