O'Reilly logo

IoT Penetration Testing Cookbook by Aditya Gupta, Aaron Guzman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to do it...

General application principles for securely authenticating users apply to mobile applications as well. A great reference is OWASP's Authentication Cheat Sheet (https://www.owasp.org/index.php/Authentication_Cheat_Sheet). Common authentication controls and best practices consist of:

  • Proper password strength controls
    • Password length
      • 10 characters or more
    • Password complexity policies
      • 1 uppercase, 1 lowercase, 1 digit, 1 special character, and disallowing 2 consecutive characters such as 222
    • Enforce password history
      • Disallow the last three used passwords (password reuse)
  • Transmitting credentials only over encrypted communications (TLS)
    • Send credentials over an HTTP POST body
  • Re-authenticate users for sensitive ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required