DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism

Course Overview

In this course, you will learn how to mitigate the risks associated with a lack of ability to securely update the device. This includes lack of firmware validation on a device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notifications of security changes due to updates.

After you have completed this course, you will be able to:

• List the steps of a typical update process
• Describe how to protect update connections
• Explain how to protect the update server
• List the steps to securely sign and verify an update
• Evaluate whether Secure Boot is necessary for your device at this time
• Identify types of sensitive data that should not be included in updates
• Securely implement transport encryption for an Internet of Things (IoT) system