Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Mindset Over Skill Set: Got
Hacker Mindset? Testing IoT
Security Shouldn’t Fear You
Santhosh Tuppad
sh-3.2# whoami
I have been a great liar, a thief, physical
infrastructure breaker, web application hacker,
mobile apps hac...
Why I don’t fear testing anything for
“SECURITY”?
#CORRELATION
Before being a hacker, I experimented and
correlated my experimentation journey to
hacking.
#InternetOf(every)thing
- Connecting the devices like toaster,
toothbrush, refrigerator, lights etc. with each
other in or...
Things are going to get WORSE. Future is not so cool
considering the risks about 80 billion smart devices by
2025.
#WouldYouBeOkay
Would you be okay if your car speed is controlled by
malicious hacker?
Would you be okay to send heart rat...
#LearnFromExistingStories
https://github.com/nebgnahz/awesome-iot-hacks
These may scare you!
#ToThinkLikeACriminalIsNotACrime
Practice thinking like a criminal…
Practice more…
Practice MORE...
#MyOpinionForMyself #WebOpensTheDoors
#CloseTheDoorsIfNotRequired
Learn web hacking to understand IoT hacking
better… And ...
#MindsetRules #SecurityIsAFeeling
• Disable unnecessary ports on hardware interface.
• Web UI interface to IoT infrastruct...
#ChoiceIsOurs
There are more black-hat hackers than
white-hat hackers.
We have massive skill shortage.
We care about our g...
Disclaimer: If I get more great votes, it doesn’t
mean I hacked the feedback system and voted
for myself. I am a good pers...
Prochain SlideShare
Chargement dans…5
×

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By Santhosh Tuppad - For RTC 2018

Most of us have fear when we have spent so much of time in doing something and all of a sudden we are made to embrace a new change which could be in terms of technology. Recently, IoT, AI, ML and Automation have been great subjects and are made to be believed by testers as “Problem Solvers” for “Testing” problem which isn’t really true. They do add value, but let’s not compare them with testing because they are elements of testing while Testing still remains a profession which requires intelligence and is backed by Science.

In this talk, Santhosh Tuppad will try to help the testers to kick-out the fear and embrace the new technologies and learn them by helping them to understand Mindset concept and built their mindset very well. He shall also speak about IoT Security Elements and then relate them to daily life and and current web / mobile hacking. In short, “Once a tester has a mindset of Security or Hacking, it’s much easier to embrace new technologies or domains or software as most of the ideas from web/mobile hacking or life are relevant.

This talk relates very much too, Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. ATTRIBUTION: Chinese proverb

  • Soyez le premier à commenter

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By Santhosh Tuppad - For RTC 2018

  1. 1. Mindset Over Skill Set: Got Hacker Mindset? Testing IoT Security Shouldn’t Fear You Santhosh Tuppad
  2. 2. sh-3.2# whoami I have been a great liar, a thief, physical infrastructure breaker, web application hacker, mobile apps hacker, kiosk machine basher, black-hat hacker, white-hat hacker, trainer, security coach and blah blah blah!
  3. 3. Why I don’t fear testing anything for “SECURITY”?
  4. 4. #CORRELATION Before being a hacker, I experimented and correlated my experimentation journey to hacking.
  5. 5. #InternetOf(every)thing - Connecting the devices like toaster, toothbrush, refrigerator, lights etc. with each other in order to establish communication & perform dangerously insane things.
  6. 6. Things are going to get WORSE. Future is not so cool considering the risks about 80 billion smart devices by 2025.
  7. 7. #WouldYouBeOkay Would you be okay if your car speed is controlled by malicious hacker? Would you be okay to send heart rate data of your baby incorrectly to physician? (Man In the Middle) Would you be okay if someone takes control of your CCTVs or Cameras installed in your home? Would you be okay if...
  8. 8. #LearnFromExistingStories https://github.com/nebgnahz/awesome-iot-hacks These may scare you!
  9. 9. #ToThinkLikeACriminalIsNotACrime Practice thinking like a criminal… Practice more… Practice MORE...
  10. 10. #MyOpinionForMyself #WebOpensTheDoors #CloseTheDoorsIfNotRequired Learn web hacking to understand IoT hacking better… And then correlate… And identify specific attacks for IoT hardware/software ONLY… And Rock!
  11. 11. #MindsetRules #SecurityIsAFeeling • Disable unnecessary ports on hardware interface. • Web UI interface to IoT infrastructure is your start. • Mobile interface? Well, I love *.apk files. • Insecure hardware/firmware. • Poorly configured settings. #Question • Stronger encryption. But, make sure “key” is kept safe. • Let the clouds not thunder and rain. • Test ports are not meant to be in production • Logging and Alerts. • Privacy concerns? #GDPR • Physical Security - People seldom remember this.
  12. 12. #ChoiceIsOurs There are more black-hat hackers than white-hat hackers. We have massive skill shortage. We care about our generation & upcoming generations. Choice is yours… I hope malicious hackers don’t make a choice for you with IoT hacking.
  13. 13. Disclaimer: If I get more great votes, it doesn’t mean I hacked the feedback system and voted for myself. I am a good person. If you liked my talk, please vote for me at, #V193 slido.com

×