SlideShare une entreprise Scribd logo

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By Santhosh Tuppad - For RTC 2018

Santhosh Tuppad
Santhosh Tuppad

Most of us have fear when we have spent so much of time in doing something and all of a sudden we are made to embrace a new change which could be in terms of technology. Recently, IoT, AI, ML and Automation have been great subjects and are made to be believed by testers as “Problem Solvers” for “Testing” problem which isn’t really true. They do add value, but let’s not compare them with testing because they are elements of testing while Testing still remains a profession which requires intelligence and is backed by Science. In this talk, Santhosh Tuppad will try to help the testers to kick-out the fear and embrace the new technologies and learn them by helping them to understand Mindset concept and built their mindset very well. He shall also speak about IoT Security Elements and then relate them to daily life and and current web / mobile hacking. In short, “Once a tester has a mindset of Security or Hacking, it’s much easier to embrace new technologies or domains or software as most of the ideas from web/mobile hacking or life are relevant. This talk relates very much too, Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. ATTRIBUTION: Chinese proverb

Technologie
1  sur  13
Télécharger pour lire hors ligne
Mindset Over Skill Set: Got Hacker Mindset? Testing IoT Security Shouldn’t Fear You Santhosh Tuppad
sh-3.2# whoami I have been a great liar, a thief, physical infrastructure breaker, web application hacker, mobile apps hacker, kiosk machine basher, black-hat hacker, white-hat hacker, trainer, security coach and blah blah blah!
Why I don’t fear testing anything for “SECURITY”?
#CORRELATION Before being a hacker, I experimented and correlated my experimentation journey to hacking.
#InternetOf(every)thing - Connecting the devices like toaster, toothbrush, refrigerator, lights etc. with each other in order to establish communication & perform dangerously insane things.
Things are going to get WORSE. Future is not so cool considering the risks about 80 billion smart devices by 2025.
#WouldYouBeOkay Would you be okay if your car speed is controlled by malicious hacker? Would you be okay to send heart rate data of your baby incorrectly to physician? (Man In the Middle) Would you be okay if someone takes control of your CCTVs or Cameras installed in your home? Would you be okay if...
#LearnFromExistingStories https://github.com/nebgnahz/awesome-iot-hacks These may scare you!
#ToThinkLikeACriminalIsNotACrime Practice thinking like a criminal… Practice more… Practice MORE...
#MyOpinionForMyself #WebOpensTheDoors #CloseTheDoorsIfNotRequired Learn web hacking to understand IoT hacking better… And then correlate… And identify specific attacks for IoT hardware/software ONLY… And Rock!
#MindsetRules #SecurityIsAFeeling • Disable unnecessary ports on hardware interface. • Web UI interface to IoT infrastructure is your start. • Mobile interface? Well, I love *.apk files. • Insecure hardware/firmware. • Poorly configured settings. #Question • Stronger encryption. But, make sure “key” is kept safe. • Let the clouds not thunder and rain. • Test ports are not meant to be in production • Logging and Alerts. • Privacy concerns? #GDPR • Physical Security - People seldom remember this.
#ChoiceIsOurs There are more black-hat hackers than white-hat hackers. We have massive skill shortage. We care about our generation & upcoming generations. Choice is yours… I hope malicious hackers don’t make a choice for you with IoT hacking.
Disclaimer: If I get more great votes, it doesn’t mean I hacked the feedback system and voted for myself. I am a good person. If you liked my talk, please vote for me at, #V193 slido.com

Recommandé

Cyber safety
Cyber safetyCyber safety
Cyber safetyArjun Chetry
 
ethical hacking
ethical hackingethical hacking
ethical hackingSathish Bommisetti
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking pptfuckubitches
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)Stu Sjouwerman
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYFaMulan2
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationGeorgekutty Francis
 

Recommandé

Cyber safety
Cyber safetyCyber safety
Cyber safetyArjun Chetry
 
ethical hacking
ethical hackingethical hacking
ethical hackingSathish Bommisetti
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking pptfuckubitches
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)Stu Sjouwerman
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYFaMulan2
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationGeorgekutty Francis
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptRashed Sayyed
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness programNeel Kamal
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingDamisetty Bala Naga Rama Sesha Sai
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking Amol Deshmukh
 
Internet security
Internet securityInternet security
Internet securityPokanati SatyaPraveen
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet securityuniversity of mumbai
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Vicky Shah
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfInfosectrain3
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA ArrowTrish McGinity, CCSK
 

Contenu connexe

Tendances

Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness programNeel Kamal
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking Amol Deshmukh
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Vicky Shah
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 

Tendances (20)

Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness program
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking
 
Internet security
Internet securityInternet security
Internet security
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 

Similaire à Testing IoT Security shouldn't fear you if you have got a hacker mindset - By Santhosh Tuppad - For RTC 2018

LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfInfosectrain3
 
Internet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisInternet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisDaksh Raj Chopra
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Are You Safe in IOT? - Know About Different Types of Threats
Are You Safe in IOT? - Know About Different Types of ThreatsAre You Safe in IOT? - Know About Different Types of Threats
Are You Safe in IOT? - Know About Different Types of ThreatsAjeet Singh
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoTJason Hong
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!Frode Hommedal
 
Cyber Crime & Security.pdf
Cyber Crime & Security.pdfCyber Crime & Security.pdf
Cyber Crime & Security.pdfMohanPandey31
 
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systemsHacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systemskhalavak
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxvrickens
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfSoo Chin Hock
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
IoT & Robotics Overview
IoT & Robotics OverviewIoT & Robotics Overview
IoT & Robotics OverviewKarthik Sarma
 
6 Insane Challenges of Smart Home App Development & How To Solve Them
6 Insane Challenges of Smart Home App Development & How To Solve Them6 Insane Challenges of Smart Home App Development & How To Solve Them
6 Insane Challenges of Smart Home App Development & How To Solve ThemInnofied Solution
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 

Similaire à Testing IoT Security shouldn't fear you if you have got a hacker mindset - By Santhosh Tuppad - For RTC 2018 (20)

LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdf
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
 
Internet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisInternet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security Analysis
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Are You Safe in IOT? - Know About Different Types of Threats
Are You Safe in IOT? - Know About Different Types of ThreatsAre You Safe in IOT? - Know About Different Types of Threats
Are You Safe in IOT? - Know About Different Types of Threats
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
 
The internet of things
The internet of thingsThe internet of things
The internet of things
 
Security
SecuritySecurity
Security
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!
 
Cyber Crime & Security.pdf
Cyber Crime & Security.pdfCyber Crime & Security.pdf
Cyber Crime & Security.pdf
 
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systemsHacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
 
Dr. Alan Shark
Dr. Alan SharkDr. Alan Shark
Dr. Alan Shark
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 
IoT & Robotics Overview
IoT & Robotics OverviewIoT & Robotics Overview
IoT & Robotics Overview
 
itmsday2.pptx
itmsday2.pptxitmsday2.pptx
itmsday2.pptx
 
6 Insane Challenges of Smart Home App Development & How To Solve Them
6 Insane Challenges of Smart Home App Development & How To Solve Them6 Insane Challenges of Smart Home App Development & How To Solve Them
6 Insane Challenges of Smart Home App Development & How To Solve Them
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 

Plus de Santhosh Tuppad

Tools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadTools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadSanthosh Tuppad
 
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatHacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatSanthosh Tuppad
 
Web and mobile security workshop workbook v1 - by santhosh tuppad
Web and mobile security workshop workbook v1 - by santhosh tuppadWeb and mobile security workshop workbook v1 - by santhosh tuppad
Web and mobile security workshop workbook v1 - by santhosh tuppadSanthosh Tuppad
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadThe BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadSanthosh Tuppad
 
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Santhosh Tuppad
 
Your users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themYour users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themSanthosh Tuppad
 
Test ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login SessionTest ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login SessionSanthosh Tuppad
 
Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.Santhosh Tuppad
 
Software Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat SheetSoftware Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat SheetSanthosh Tuppad
 
Santhosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh Tuppad
 
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...Santhosh Tuppad
 
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh Tuppad
 

Plus de Santhosh Tuppad (13)

Tools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadTools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh Tuppad
 
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatHacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
 
Web and mobile security workshop workbook v1 - by santhosh tuppad
Web and mobile security workshop workbook v1 - by santhosh tuppadWeb and mobile security workshop workbook v1 - by santhosh tuppad
Web and mobile security workshop workbook v1 - by santhosh tuppad
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
 
The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadThe BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
 
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
 
Your users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themYour users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing them
 
Test ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login SessionTest ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login Session
 
Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.
 
Software Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat SheetSoftware Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat Sheet
 
Santhosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentation
 
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
 
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
 

Dernier

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Dernier (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By Santhosh Tuppad - For RTC 2018

  • 1. Mindset Over Skill Set: Got Hacker Mindset? Testing IoT Security Shouldn’t Fear You Santhosh Tuppad
  • 2. sh-3.2# whoami I have been a great liar, a thief, physical infrastructure breaker, web application hacker, mobile apps hacker, kiosk machine basher, black-hat hacker, white-hat hacker, trainer, security coach and blah blah blah!
  • 3. Why I don’t fear testing anything for “SECURITY”?
  • 4. #CORRELATION Before being a hacker, I experimented and correlated my experimentation journey to hacking.
  • 5. #InternetOf(every)thing - Connecting the devices like toaster, toothbrush, refrigerator, lights etc. with each other in order to establish communication & perform dangerously insane things.
  • 6. Things are going to get WORSE. Future is not so cool considering the risks about 80 billion smart devices by 2025.
  • 7. #WouldYouBeOkay Would you be okay if your car speed is controlled by malicious hacker? Would you be okay to send heart rate data of your baby incorrectly to physician? (Man In the Middle) Would you be okay if someone takes control of your CCTVs or Cameras installed in your home? Would you be okay if...
  • 9. #ToThinkLikeACriminalIsNotACrime Practice thinking like a criminal… Practice more… Practice MORE...
  • 10. #MyOpinionForMyself #WebOpensTheDoors #CloseTheDoorsIfNotRequired Learn web hacking to understand IoT hacking better… And then correlate… And identify specific attacks for IoT hardware/software ONLY… And Rock!
  • 11. #MindsetRules #SecurityIsAFeeling • Disable unnecessary ports on hardware interface. • Web UI interface to IoT infrastructure is your start. • Mobile interface? Well, I love *.apk files. • Insecure hardware/firmware. • Poorly configured settings. #Question • Stronger encryption. But, make sure “key” is kept safe. • Let the clouds not thunder and rain. • Test ports are not meant to be in production • Logging and Alerts. • Privacy concerns? #GDPR • Physical Security - People seldom remember this.
  • 12. #ChoiceIsOurs There are more black-hat hackers than white-hat hackers. We have massive skill shortage. We care about our generation & upcoming generations. Choice is yours… I hope malicious hackers don’t make a choice for you with IoT hacking.
  • 13. Disclaimer: If I get more great votes, it doesn’t mean I hacked the feedback system and voted for myself. I am a good person. If you liked my talk, please vote for me at, #V193 slido.com