Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection

Introduction to Securing the Internet of Things

Course Description

This course introduces the complexities of the Internet of Things (IoT) and the security issues that plague IoT systems. The core focus of the course is IoT security. We’ll cover the unique and manifold features of IoT and how they relate to security and privacy. At the end, learners will know enough about the security pitfalls of IoT systems to make informed decisions, whether as IoT vendors creating products or as enterprise or personal consumers making choices about what devices to deploy.

Learning Objectives

  • Understand the top security issues plaguing IoT
  • Perform threat modeling on an IoT product design
  • Have a clear grasp of the regulatory concerns for IoT

Details

Delivery Format: eLearning

Duration: 1 hour 15 minutes

Level: Beginner

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers
  • QA Engineers

Prerequisites: None

Course Outline

Introduction to the Internet of Things:

  • What is IoT?
  • Consumer IoT
  • Medical IoT
  • Smart City

IoT Architecture

  • IoT Device(s) and Communication
  • IoT Supporting Services
  • Web Client
  • Mobile Client
  • Engineering Challenges of IoT

IoT Communication Protocols

  • Types of Communication
  • Short-Range Communications
  • Long-Range Communications
  • Application Data Protocols

IoT Threat Modeling

  • Threat Modeling Review
  • STRIDE
  • Threat Countermeasures
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

IoT Security Concerns

  • OWASP Top 10 for IoT
  • Weak, Guessable, or Hardcoded Passwords
  • Insecure Network Services
  • Insecure Ecosystem Interfaces
  • Lack of Secure Update Mechanism 
  • Use of Insecure or Outdated Components
  • Insufficient Privacy Protections
  • Insecure Data Transfer and Storage
  • Lack of Device Management
  • Insecure Default Settings
  • Lack of Physical Hardening
  • Case Study: Mirai Botnet 

IoT Regulatory Concerns

  • Disclaimer
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • IoT Device Security Act (SB-327)
  • Payment Card Industry Data Security Standard (PCI DSS)

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster