Operationalizing IoT Security Using The OWASP Top 10 Project

Operationalizing IoT Security Using The OWASP Top 10 Project.jpg

This episode of At The Edge is made possible by the generosity of our sponsor, Edgescan.

In today’s episode, Sean Martin connects with Aaron Guzman and Daniel Miessler to take a look at the new edition of the OWASP Top 10 for the Internet of Things.

This project, which began in 2014, contains a lot of work related to identifying the risks, vulnerabilities and controls necessary to safely deploy and use Internet-connected devices at work, at home and in society.

Aaron and Daniel walk us through the top 10 list, giving us some insight into each item and how it can have an impact on how things are built, implemented and broken.

While the goal of the IoT top 10 is to simplify the view for these 3 target audiences (builders, implementers, breakers), the surrounding project elements within the OWASP environment and some of the partner projects outside of the OWASP ecosystem can really make a difference in how we approach IoT security moving forward.

About Aaron Guzman


Aaron Guzman is a Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. Mr. Guzman has spoken at several word-wide conferences which include: DEF CON, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, 44Con, AusCERT as well as several regional BSides events. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a Technical Editor, and author of the IoT Pentesting Cookbook for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and several others. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community.

Find Aaron on LinkedIn
Find Aaron on Twitter


About Daniel Miessler


Daniel Miessler is a recognized cybersecurity expert and writer with 20 years in information security. His experience ranges from technical assessment and implementation to executive level advisory services consulting.

His 20 years of experience in security ranges from the vibrant startup ecosystem in his birthplace of Silicon Valley, to working with many of the top 100 worldwide companies. He frequently gives talks and participates in panels around the world, and his work and commentary have been featured in dozens of the world’s leading publications.

Find Daniel on LinkedIn
Fina Daniel on Twitter