Application Security , Endpoint Security , Internet of Things Security

Ensuring Connected Devices Are Secure

Aaron Guzman of OWASP Says IoT Security Basics Are Improving
Aaron Guzman, OWASP

The emergence of the Mirai botnet four years ago created a wave of worry over how increasing numbers of internet-connected devices could be abused by cybercriminals.

See Also: OnDemand: 2024 Google Cloud Partner of the Year - Application and Infrastructure Security

Mirai’s malicious code was designed to take advantage of weak or default credentials in digital video recorders, routers and CCTV cameras. Then, the commandeered devices were used to launch staggering distributed denial-of-service attacks (see: Mirai Botnet Pummels Internet DNS in Unprecedented Attack).

The lessons from Mirai have been taken to heart, says Aaron Guzman, who is the IoT and Embedded AppSec Project leader for the Open Web Application Security Project, also known as OWASP.

“I definitely see at least the IoT security landscape progressing in many different ways, especially in certain industry sectors,” Guzman says. "The awareness of Mirai and the impact of insecure devices really hit home for some companies, some organizations, manufacturers and even federally.”

Guzman is one of many experts working to create tools to better evaluate the security of connected devices and embed security into software design processes. OWASP and other organizations are working on specifications and methods for evaluating and securing connected devices.

“With all the awareness and all the interest, several communities have created a kind of 'call to action' and essentially put together their own flavors of what you should do to ensure your IoT devices are secure,” Guzman says.

In this video interview with Information Security Media Group, Guzman discusses:

  • The security challenges around IoT devices connected to cloud services;
  • How OWASP is creating tools and methods to help organizations test and secure connected devices on their own;
  • Whether a global IoT security standard will be developed.

Guzman is the lead for OWASP’s IoT and Embedded AppSec Project as well as its Firmware Security Testing Methodology project. He’s an expert in web application security and is a technical leader with Cisco’s Meraki unit.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.