DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
Course Overview
In this course, you will learn how to mitigate the risks associated with a lack of ability to securely update the device. This includes lack of firmware validation on a device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notifications of security changes due to updates.
After you have completed this course, you will be able to:
- List the steps of a typical update process
- Describe how to protect update connections
- Explain how to protect the update server
- List the steps to securely sign and verify an update
- Evaluate whether Secure Boot is necessary for your device at this time
- Identify types of sensitive data that should not be included in updates
- Securely implement transport encryption for an Internet of Things (IoT) system
Looking To Learn More?
Request more information on our courses and labs.
* required
Course Details
Course Number: DES 284
Course Duration: 12 minutes
Course CPE Credits: 0.25
NICE Work Role Category
Available Languages
- English