The Internet of Things (IoT) brings connectivity beyond computers—to everything from pacemakers to pedometers. But new connectivity means a broader attack surface for hackers to steal personally identifiable information (PII), medical records, and intellectual property.
IoT security requires a combination of embedded software, data, mobile application and cloud security. It can be a challenge to evaluate each area while managing the big picture.
We offer:
- Full Stack Penetration testing of your Internet of Things product—the device, how the device talks to your smart phone or the internet, the could services that hosts that data, websites or applications that talk to your device.
- PII data security review
- Code review—embedded code, remote procedure calls, mobile and web application code.
- Evaluation of authentication, authorization and auditing structure.
- Data security evalution at rest and in motion.
- Protocol communication review: REST, SOAP, RPC, etc
- Security evalutions databases and directories including queries, stored procedures, authentication and ACLS
- Reviewing privilege escalation attacks
- Reviewing cryptographic protection on applications and/or delivery mechanisms
- Reviewing application binary or packages for embedded passwords, keys, certificates
- Reviewing log handling, insecure storage, and caching/temp file issues
- Provide policy and compliance gap analysis to major standard and best practices (PCI, HIPAA, HITECH, FDA)
