3 A Security Testing Methodology

Where do you start when you want to test an IoT system for vulnerabilities? If the attack surface is small enough, as in the case of a single web portal that controls a surveillance camera, planning a security test might be simple. Even then, however, if the testing team doesn’t follow a set methodology, they might miss critical points of the application.

This chapter provides you with a rigorous list of steps to follow when penetration testing. To do so, we’ll divide the IoT attack surface into conceptual layers, as shown in Figure 3-1.

Figure 3-1: The conceptual layers to test in a security assessment ...

Get Practical IoT Hacking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical IoT Hacking by Fotios Chantzis, Ioannis Stais, Paulino Calderon

3 A Security Testing Methodology

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly