Embedded software is the core of all that is considered IoT, although embedded application security is often not thought of as a high priority for embedded developers and IoT device makers. This may be due to the lack of secure coding knowledge or other challenges outside of a team's code base. Other challenges developers face may include, but are not limited to, the Original Design Manufacturer (ODM) supply chain, limited memory, a small stack, and the challenge of pushing firmware updates securely to an endpoint. This chapter provides practical best practice guidance developers can incorporate in embedded firmware applications. As per OWASP's Embedded Application Security project (https://www.owasp.org/index.php/OWASP_Embedded_Application_Security), embedded best practices consist of:
- Buffer and stack overflow protection
- Injection attack prevention
- Securing firmware updates
- Securing sensitive information
- Identity management controls
- Embedded framework and C-based toolchain hardening...