Our team of experts have specialized experience with IoT device security. We work with IoT device manufacturers to ensure your devices do not pose a security risk.
Our Four-Stage IoT Risk Assessment
We use a four-stage process, which follow OWASP’s Application Security Verification Standard (ASVS). This includes a security design and code review to deliver a comprehensive assessment of your IoT application security posture. This is a more thorough analysis than pentesting alone and provides your team with a clearer path forward to securing your organization’s most valuable assets.
During the discovery statge, we gain a deeper understanding of assets handled by the network, likely attackers, and business impact.
This is coupled with a Security Design Review where we review the design of your IoT devices to identify gaps.
2. Threat Modeling
During our threat modeling stage, we identify possible threats scenarios along with risk levels and mitigating controls.
Each threat scenario is assigned an impact and likelihood level to assess the potential risk to your business.
3. Penetration Testing
Using various activities in alignment with OWASP’s IoT Security Verifcation Standard (ISVS) to identify we look to identify any security vulnerabilities.
This includes testing the physical IoT devices along with wireless interfaces, authentication and access control, etc.
Concluding our assessment, we provide an IoT Security Risk Assessment Report that includes all risks and recommended controls.
We ensure your team fully understands the priority and remediation efforts required (based on impact and likelihood) to support business risk management decisions.
|Level 1||Level 2||Level 3
|» Application Security Verification Standard (ASVS):||Level 1 |
(Apps with low assurance needs)
(Recommended for most apps)
(Critical apps needing high trust)
|» Manual and Automated Testing||Included||Included||Included|
|» Security Design Review||None||Standard||Detailed|
|» Threat Modeling||Basic||Standard||Detailed|
|» Automate Code Analysis||None||Optional||Included|
|» Manual Code Analysis||None||Optional||Optional|
|» Duration||2 – 4 Weeks||3 – 6 Weeks||4 – 8 Weeks|