Short description

The Internet of Things (IoT) is growing quickly. Ever more devices are being connected to the Internet to make them easier to use and for automation purposes. Refrigerators are automatically re-ordering milk, an update will teach our cars to drive themselves, whilst bridges send live updates on their structural integrity.

IoT means connecting physical devices with the virtual world. The rapid development of hardware and software, network protocols as well as the incorporation of devices in our day-to-day lives creates a large attack surface culminating in an abundance of security holes and vulnerabilities.

This seminar not only highlights the technical fundamentals and network protocols, but, above all, also uses practical examples to highlight the security of these standards. Compass equips you in this course with the skills you need to securely design, evaluate and operate IoT devices. 

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 more days.


Learning objectives

Participants will learn the fundamental components of the Internet of Things and be able to recognize what attack vectors exist. This applies equally to hardware, firmware and software components as well as to network protocols and architecture. You'll then be able to evaluate the use of IoT systems according to security criteria


Highlights 

  • Penetration tests
    • Attack Surface Analysis
    • Local/Remote Attacks
  • Web Security (OWASP Top 10)
    • XSS
    • SQL Injection
    • Authentication
    • CSRF
  • Communication protocols
    • HTTP
    • TLS
    • MQTT
    • IoTivity
  • Wireless Technologies
    • ZigBee
    • LoRaWAN (Long Range Wide Area Network)
    • Bluetooth (BLE)
  • Cryptography
    • Pseudo Random Number Generators
    • Encryption and Integrity
    • Key Distribution
  • Security of Firmware
    • OS-level Security Using Linux
    • Securely distributing your firmware
  • Hardware Security
    • Physical Integrity
    • UART/JTAG

 

Demarcation: Due to the broad spectrum of the topics covered in this course only the fundamentals and illustrative attack scenarios for the protocols and technologies chosen will be explained and demonstrated. This enables participants to transfer what they've learnt to additional protocols and computer architectures.


Target group

  • Security- and Risk Officers
  • Developers of applications who integrate IoT protocols
  • IoT architecture designers und integrators
  • Manufacturers and developers of IoT devices


Prerequisite

  • Familiarity with the Linux command line
  • Knowledge of networking fundamentals
  • Knowledge of programming is helpful, but not required



    CALENDAR

    Cyber Risks – from abstract risk to everyday reality

    The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more

    Swiss Treasury Summit 2019

    Das Schweizer Jahrestreffen der Treasurer - am 11. September 2019 an der HSLU in Rotkreuz. Read more

    Cyber Security Days an der HSR

    Das INS Institut für vernetzte Systeme und die Compass Security laden ein zur zweitägigen Cyber Security Veranstaltung an der HSR Hochschule für... Read more

    ALL DATES

    NEWS

    Eine gelungene Feier zum 20-Jahre-Jubiläum

    Compass Security lud am 07. Juni 2019 aktuelle und ehemalige Mitarbeitende, Kunden, Partner und Freunde ein, um ihr 20-jähriges Bestehen zu feiern.... Read more

    Butcher Wechsler and the Hackers

    The latest magazine of "Die Mobliliar" focusses on artificial intelligence as well as digitalization - and take a look at cyber crime. Read more

    Hack2improve - a success story

    The Furtwangen University of Applied Sciences offered a hacking workshop for the first time in 2008. What was a novelty at that time is now firmly... Read more

    ARCHIVES

    Compass Security Blog

    From Open Wi-Fi to WPA3

    Security in Wi-Fi networks has been, at some point non-existent, then questioned, improved and questioned again over the last two decades. This post provides an overview over the latest developments... mehr

    Practical OpenID Connect Pentesting

    This post is intended to explain what you typically want to check for during an OpenID Connect assessment and also provide you with a guide to setup your own OpenID Connect test environment. mehr

    ZUM BLOG