Testing IoT Cloud APIs From the Device Side
A connected device’s cloud API is part of its attack surface. Here is how to test it from the device’s perspective, where the real trust assumptions live.
Defining Trust Boundaries in an IoT Product
Most attacks happen where trust changes hands. Here is how to find and harden the trust boundaries in a connected product.
Mapping an IoT Attack Surface
A connected product’s attack surface spans hardware, firmware, radios, and the cloud. Here is how to map all of it before testing.
Using the OWASP IoT Methodology in Practice
The OWASP IoT testing guidance gives a shared structure for assessing connected devices. Here is how to apply it to real products.