| layout | title | tags | level | type | pitch |
|---|---|---|---|---|---|
col-sidebar |
OWASP IoT Security Testing Guide |
istg |
2 |
documentation |
The OWASP IoT Security Testing Guide provides a comprehensive methodology for penetration tests in the IoT field. |
The OWASP IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results. This guide provides an understanding of communication between manufacturers and operators of IoT devices, facilitated by establishing a common terminology. Its methodology, underlying models, and the catalog of test cases present tools that can be used separately and in conjunction with each other.
Please check the OWASP Contributing Guidelines as well as the ISTG Project Contributing Guide to find more information about how to contribute to this project. Your support is highly welcome!
You can find the latest version of this guide here or in the GitHub Repository.
The concepts, models and test steps presented in the OWASP IoT Security Testing Guide are based on the master's thesis "Development of a Methodology for Penetration Tests of Devices in the Field of the Internet of Things" by Luca Pascal Rotsch.
Test cases were derived from the following public sources:
- OWASP "Web Security Testing Guide"
- OWASP "Firmware Security Testing Methodology"
- OWASP "Mobile Security Testing Guide"
- "IoT Pentesting Guide" by Aditya Gupta
- "IoT Penetration Testing Cookbook" by Aaron Guzman and Aditya Gupta
- "The IoT Hacker's Handbook" by Aditya Gupta
- "Practical IoT Hacking" by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
- further sources are referenced in the respective test cases
We also like to thank our collaborators and supporters (see Project Collaborators and Acknowledgements)!