[Owasp_embedded_application_security] Owasp_embedded_application_security Digest, Vol 4, Issue 1

Aaron Guzman aaron.guzman at owasp.org
Thu Feb 5 18:10:48 UTC 2015

Welcome Nizam!

This project is still in its infancy and should have more to pick up this year.

An idea for a roadmap can be to start at best practices  and/or downfalls such as:

Secure C coding functions
Vulnerable Libs used in embedded systems (rompager, upnp etc)
JTAG headers accessible (if not needed)
Serial port accessible (if not needed)
Private keys stored on a embedded device
insecure transport by not using TLS if network connected

Please add additional information, this was just off the top of my head.

It would be great to get this project off the ground given the publicity around IoT security.

If anyone is interested in getting a call, I can create a Doodle and work on getting together. (doodle.com <http://doodle.com/>)

Aaron G
Twitter: @scriptingxss
Linkedin: http://lnkd.in/bds3MgN <http://lnkd.in/bds3MgN>
> On Feb 5, 2015, at 4:00 AM, owasp_embedded_application_security-request at lists.owasp.org wrote:
> Send Owasp_embedded_application_security mailing list submissions to
> 	owasp_embedded_application_security at lists.owasp.org
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.owasp.org/mailman/listinfo/owasp_embedded_application_security
> or, via email, send a message with subject or body 'help' to
> 	owasp_embedded_application_security-request at lists.owasp.org
> You can reach the person managing the list at
> 	owasp_embedded_application_security-owner at lists.owasp.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp_embedded_application_security digest..."
> Today's Topics:
>   1. Interested in OWASP Embedded	Application Security Project
>      (Nizam Ahamed, Mohamed Musthak)
> ----------------------------------------------------------------------
> Message: 1
> Date: Thu, 5 Feb 2015 08:51:09 +0000
> From: "Nizam Ahamed, Mohamed Musthak" <monizamahamed at inautix.co.in>
> To: "owasp_embedded_application_security at lists.owasp.org"
> 	<owasp_embedded_application_security at lists.owasp.org>
> Cc: "Radhakrishnan,	Arunraj Adkapatchi Letchumanan"
> 	<aradhakrishnan at inautix.co.in>
> Subject: [Owasp_embedded_application_security] Interested in OWASP
> 	Embedded	Application Security Project
> Message-ID:
> 	<8AB8AEA0062AC74DA7FD505DDFBC11E85A850384 at WTPCPMBMEM18.ams.bnymellon.net>
> Content-Type: text/plain; charset="us-ascii"
> Hi,
>                This is Musthak with Bachelor Degree in Electronics and Communication Engineering and currently working as a Security Analyst in BNY Mellon. I am interested in your project called  OWASP Embedded Application Security. Could you able to explain me the current status of your project and exact Road Map to follow, So that I can join with you on this wonderful effort if I am able to.
> Thanks,
> Musthak
> Application Security Analyst
> BNY Mellon.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.owasp.org/pipermail/owasp_embedded_application_security/attachments/20150205/9fe299a8/attachment-0001.html>
> ------------------------------
> _______________________________________________
> Owasp_embedded_application_security mailing list
> Owasp_embedded_application_security at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_embedded_application_security
> End of Owasp_embedded_application_security Digest, Vol 4, Issue 1
> *****************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_embedded_application_security/attachments/20150205/bcf44d17/attachment.html>

More information about the Owasp_embedded_application_security mailing list