OWASP IoT Top 10 – Part 1
by Jakob Kunzmann
This is the first of two articles presenting the OWASP Top 10 on the Internet of Things, a list of the top ten security risks in IoT, published by the Open Web Application Security Project (OWASP). In this article, the technical aspects of IoT risks are described and, if possible, prominent cases in which they have been exploited are highlighted. If applicable examples exist, the focus will be on malware or attacks for industrial IoT applications. [read the German article]
Pivoting Through a Web Application to the Internal Domain
Penetration testing projects are all about the defined scope and objective, i.e. which systems, entry points, personal or company sites may be attacked, and what specific scenarios should be tested for. These two properties are usually defined at the beginning of the project with the client, which requires a trade-off to be made between completeness and feasibility from a temporal point of view.