Internet of Things Security

Short description

The Internet of Things (IoT) is growing quickly. Ever more devices are being connected to the Internet to make them easier to use and for automation purposes. Refrigerators are automatically re-ordering milk, an update will teach our cars to drive themselves, whilst bridges send live updates on their structural integrity.

IoT means connecting physical devices with the virtual world. The rapid development of hardware and software, network protocols as well as the incorporation of devices in our day-to-day lives creates a large attack surface culminating in an abundance of security holes and vulnerabilities.

This seminar not only highlights the technical fundamentals and network protocols, but, above all, also uses practical examples to highlight the security of these standards. Compass equips you in this course with the skills you need to securely design, evaluate and operate IoT devices. 

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 more days.


Learning objectives

Participants will learn the fundamental components of the Internet of Things and be able to recognize what attack vectors exist. This applies equally to hardware, firmware and software components as well as to network protocols and architecture. You'll then be able to evaluate the use of IoT systems according to security criteria


Highlights 

  • Penetration tests
    • Attack Surface Analysis
    • Local/Remote Attacks
  • Web Security (OWASP Top 10)
    • XSS
    • SQL Injection
    • Authentication
    • CSRF
  • Communication protocols
    • HTTP
    • TLS
    • MQTT
    • IoTivity
  • Wireless Technologies
    • ZigBee
    • LoRaWAN (Long Range Wide Area Network)
    • Bluetooth (BLE)
  • Cryptography
    • Pseudo Random Number Generators
    • Encryption and Integrity
    • Key Distribution
  • Security of Firmware
    • OS-level Security Using Linux
    • Securely distributing your firmware
  • Hardware Security
    • Physical Integrity
    • UART/JTAG

 

Demarcation: Due to the broad spectrum of the topics covered in this course only the fundamentals and illustrative attack scenarios for the protocols and technologies chosen will be explained and demonstrated. This enables participants to transfer what they've learnt to additional protocols and computer architectures.


Target group

  • Security- and Risk Officers
  • Developers of applications who integrate IoT protocols
  • IoT architecture designers und integrators
  • Manufacturers and developers of IoT devices


Prerequisite

  • Familiarity with the Linux command line
  • Knowledge of networking fundamentals
  • Knowledge of programming is helpful, but not required

    CALENDAR

    Security Training: Secure Mobile Apps

    In the 2-day course (in German) from October 20/21, 2020, you will learn about the most important security problems of mobile apps. Read more

    Cyber-Risiken für Vorsorgeeinrichtungen

    Am BVG-Seminar 2020 werden die aktuellsten fachspezifische Themen der beruflichen Vorsorge diskutiert. In diesem Jahr wird aber auch ein Blick auf die... Read more

    Security Training: Social Engineering

    In the 2-day course (in German) from December 1/2, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more

    ALL DATES

    NEWS

    Durch Penetrationstests Unternehmen sicherer machen

    Die aktuelle Ausgabe des Magazins «Deutscher Mittelstand» befasst sich in mehreren Artikeln mit dem Thema Cybersicherheit.

    In einem dieser Artikel...

    Read more

    Vulnerability in Mailster

    Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more

    Secure Payments on th Internet

    More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more

    ARCHIVES

    Compass Security Blog

    Make the most out of BloodHound

    During internal assessments in Windows environments, we use BloodHound more and more to gather a comprehensive view of the permissions granted to the different Active Directory objects. In this post,... mehr

    Yet Another Froala 0-Day XSS

    Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr

    ZUM BLOG