DES 284 - OWASP IoT4: Mitigating Lack of Secure Update Mechanism


Course Overview

In this course, you will learn how to mitigate the risks associated with a lack of ability to securely update the device. This includes lack of firmware validation on a device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notifications of security changes due to updates.

After you have completed this course, you will be able to:

  • List the steps of a typical update process
  • Describe how to protect update connections
  • Explain how to protect the update server
  • List the steps to securely sign and verify an update
  • Evaluate whether Secure Boot is necessary for your device at this time
  • Identify types of sensitive data that should not be included in updates
  • Securely implement transport encryption for an Internet of Things (IoT) system

Looking To Learn More?

Request more information on our courses and labs.

Course Details

Course Number: DES 284

Course Duration: 12 minutes

Course CPE Credits: 0.25

Platform

Standard

Type

Foreign Languages Available:

  • English