DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism

COURSE OVERVIEW In this course, you will learn how to mitigate the risks associated with a lack of ability to securely update the device. This includes lack of rmware validation on a device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notications of security changes due to updates. After completing this course you will be able to: List the steps of a typical update process Describe how to protect update connections Explain how to protect the update server List the steps to securely sign and verify an update Evaluate whether Secure Boot is necessary for your device at this time Identify types of sensitive data that should not be included in updates Securely implement transport encryption for an Internet of Things (IoT) system COURSE DETAILS Course Number: DES 284 Course Duration: 12 minutes Course CPE Credits: 25   Related Subject Matter CWE NICE NIST Penetration Testing Foreign Languages Available: English