Building an Attack Tree for Embedded Hardware
An attack tree breaks a goal into the steps an attacker would take. Here is how to build one for embedded hardware and use it to prioritize defenses.
Defining Trust Boundaries in an IoT Product
Most attacks happen where trust changes hands. Here is how to find and harden the trust boundaries in a connected product.
A Repeatable Hardware Security Test Plan
Ad-hoc probing finds some bugs. A repeatable plan finds them consistently. Here is the structure of a hardware security test plan that scales across products.
Mapping an IoT Attack Surface
A connected product’s attack surface spans hardware, firmware, radios, and the cloud. Here is how to map all of it before testing.
Prioritizing Embedded Vulnerabilities by Impact
Not every finding deserves equal attention. Here is how to rank embedded vulnerabilities so you fix the ones that matter first.
Threat Modeling before the First Board Spin
The cheapest time to fix a security flaw is before the board exists. Here is why threat modeling belongs in the design phase, not after.
Using the OWASP IoT Methodology in Practice
The OWASP IoT testing guidance gives a shared structure for assessing connected devices. Here is how to apply it to real products.
Writing a Security Requirements Doc for Hardware
Security that is not written down does not get built. Here is how to turn a threat model into requirements engineers can implement and test.