IOT Penetration Testing


The Internet of Things (IoT) brings connectivity beyond computers—to everything from pacemakers to pedometers. But new connectivity means a broader attack surface for hackers to steal personally identifiable information (PII), medical records, and intellectual property.

Why It's Important

IoT security requires a combination of embedded software, data, mobile application and cloud security. It can be a challenge to evaluate each area while managing the big picture. This leaves major vulnerabilities within IoT systems that must be discovered before hackers find them first.

What We Offer

Digital Warfare's IoT Penetration Testing can consist of a combination of the following:

> Full Stack Penetration testing of your Internet of Things product—the device, how the device talks to your smart phone or the Internet, the could services that hosts that data, websites or applications that talk to your device.
> PII data security review
> Code review—embedded code, remote procedure calls, mobile and web application code.
> Evaluation of authentication, authorization and auditing structure. 
> Data security evaluation at rest and in motion.
> Protocol communication review: REST, SOAP, RPC, etc
> Security evaluations databases and directories including queries, stored procedures, authentication and ACLS
> Reviewing privilege escalation attacks
> Reviewing cryptographic protection on applications and/or delivery mechanisms
> Reviewing application binary or packages for embedded passwords, keys, certificates
> Reviewing log handling, insecure storage, and caching/temp file issues
> Provide policy and compliance gap analysis to major standard and best practices (PCI, HIPAA, HITECH, FDA)