DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
COURSE OVERVIEW
In this course, you will learn how to mitigate the risks associated with a lack of ability to securely update the device. This includes lack of rmware validation on a device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notications of security changes due to updates.
After completing this course you will be able to:
- List the steps of a typical update process
- Describe how to protect update connections
- Explain how to protect the update server
- List the steps to securely sign and verify an update
- Evaluate whether Secure Boot is necessary for your device at this time
- Identify types of sensitive data that should not be included in updates
- Securely implement transport encryption for an Internet of Things (IoT) system
COURSE DETAILS
Course Number: DES 284
Course Duration: 12 minutes
Course CPE Credits: 25
Related Subject Matter
CWE
NICE
NIST
Penetration Testing
Foreign Languages Available:
English
COURSE OVERVIEW
In this course, you will learn how to mitigate the risks associated with a lack of ability to securely update the device. This includes lack of rmware validation on a device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notications of security changes due to updates.
After completing this course you will be able to:
- List the steps of a typical update process
- Describe how to protect update connections
- Explain how to protect the update server
- List the steps to securely sign and verify an update
- Evaluate whether Secure Boot is necessary for your device at this time
- Identify types of sensitive data that should not be included in updates
- Securely implement transport encryption for an Internet of Things (IoT) system
COURSE DETAILS
Course Number: DES 284
Course Duration: 12 minutes
Course CPE Credits: 25
Related Subject Matter
CWE
NICE
NIST
Penetration Testing
Foreign Languages Available:
English
