From the course: IoT Product Security
Join today to access over 23,100 courses taught by industry experts.
OWASP Top 10: Part 2
From the course: IoT Product Security
OWASP Top 10: Part 2
Hi, I'm Matthew Clark. And this is Lesson 1.6: OWASP IoT Top 10, Part 2. In this lesson, we're going to discuss the remaining five of the OWASP IoT Top 10. This includes insufficient privacy protection, insecure data transfer and storage, lack of device management, insecure default settings, and lack of physical hardening. So let's get started. Number 6 is insufficient privacy protection. There's a lot of momentum going on now in the legal realm to address privacy. Two recent laws have been GDPR and the California Consumer Privacy Act or CCPA. Data classification is a consideration when it comes to privacy. Data classification is the process to identify and classify data. To quote the Version 4 of the OWASP Application Security Verification Standard, the most important asset is the data process, stored or transmitted by an application. Always perform a privacy impact assessment to classify the data protection needs of any stored data correctly. This is mainly a design issue. One of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.