Book Image

IoT Penetration Testing Cookbook

Book Image

IoT Penetration Testing Cookbook

Overview of this book

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices. This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud. By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.
Table of Contents (12 chapters)

Introduction


Web applications and web services are used to execute remote access features as well as to manage devices. A great deal of power can be given to web applications of IoT devices that would enable remotely executable control over to an attacker. Certain products such as connected vehicles or smart door locks with remotely executable vulnerabilities can cause harm and personal safety risks to its users. When testing products in the before mentioned categories of IoT, locating vulnerabilities with the highest risk and impact to users are the first to target. In this chapter, we will show how to select a web application testing methodology, setup your web testing toolkit, as well as discuss how to discover and exploit some of the most commonly found embedded web application vulnerabilities.