[Owasp-leaders] [Owasp-community] Owasp Embedded Application Security Project

Aaron Guzman aaron.guzman at owasp.org
Wed Mar 11 16:24:19 UTC 2015


Hi Timo, 

Thanks for joining the list.

> Is this about the security of web applications related to embedded devices? 
Web applications are a fraction but there are other attack surfaces for embedded applications using application protocols to the cloud as a reverse proxy and to mobile apps. With embedded devices, firmware code might decide to wget something without validating input and a malicious binary can be uploaded. 

> Like will this be about looking for remote execute execution from the web interface of a router for example etc?
Sure. It can be the web application or the mobile application kicking off a call over to the device that performs business logic which has not validated user input where strings can be concatenated giving you an RCE.


I will be starting up some discussions on the embedded list in the coming days.

thank you, 
--
Aaron G
OWASP-LA Board Member
Twitter: @scriptingxss
Linkedin: http://lnkd.in/bds3MgN <http://lnkd.in/bds3MgN>
> On Mar 11, 2015, at 9:12 AM, Timo Goosen <timo.goosen at owasp.org> wrote:
> 
> Is this about the security of web applications related to embedded devices? 
> 
> Like will this be about looking for remote execute execution from the web interface of a router for example etc?
> 
> Sounds like an interesting project. I'd be happy to help out where I can. Spent some time working on embedded stuff.  
> I'll join your mailing list.
> 
> Regards.
> Timo.
> 
> On Tue, Mar 10, 2015 at 11:14 PM, Aaron Guzman <aaron.guzman at owasp.org <mailto:aaron.guzman at owasp.org>> wrote:
> Hi fellow OWASPers, 
> 
> I am looking for volunteers to help kick start the Embedded Application Security Project.
> 
> 
> I have many drafts of best practices for embedded on my own but I would like to kick some ideas around with other members to make this a more mature project. 
> 
> https://www.owasp.org/index.php/OWASP_Embedded_Application_Security <https://www.owasp.org/index.php/OWASP_Embedded_Application_Security>
> 
> 
> Please reach out to me if anyone is interested.
> 
> 
> Thank you, 
> --
> Aaron G
> Twitter: @scriptingxss
> Linkedin: http://lnkd.in/bds3MgN <http://lnkd.in/bds3MgN>
> 
> _______________________________________________
> Owasp-community mailing list
> Owasp-community at lists.owasp.org <mailto:Owasp-community at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-community <https://lists.owasp.org/mailman/listinfo/owasp-community>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150311/2e3dadb3/attachment.html>


More information about the OWASP-Leaders mailing list