Security and the Internet of Things: 2018

Wednesday, October 31, 2018

Code of Practice for consumer IoT security

British government has recently published the code of practice for consumer IoT security. According to the summary:
"The aim of this Code of Practice is to support all parties involved in the development, manufacturing and retail of consumer IoT with a set of guidelines to ensure that products are secure by design and to make it easier for people to stay secure in a digital world."
The document proposes 13 securiy guidelines including design constraints as well as end user security features.

Wednesday, September 5, 2018

A Great Book on Cryptography

An Intensive Introduction to Cryptography is a free book on Cryptography, written by Prof. Boaz Barak of Harward University. Acoording to its page:

These are lecture notes for lecture notes for an introductory but fast-paced undergraduate/beginning graduate course on cryptography.

The book includes the basics as well as practical topics of cryptography and security protocols.

Tuesday, June 5, 2018

API security checklist

A checklist for the most important security controls when designing and implementing APIs:

https://github.com/shieldfy/API-Security-Checklist

Friday, April 27, 2018

The Cryptographers' Panel at RSAC 2018

RSA conference has been in my security events favorite list for many years. I always ‌follow the presentations, the innovation sandbox and other ones. One of the interesting sessions at RSAC is the cryptographers' panel. This year's pannel was held with the participation of legends such as Adi Shamir, Ronald Rivest and Whitfield Diffie. The panelists discussed various topics such as the incorrect usage of the word "crypto" in the context of cryptocurrencies, facts and fictions about the blockchain, and so on.

Tuesday, April 10, 2018

Talking Security to the Top Management

Talking to the board is one of the main tasks of the CISO. He/She is expected to discuss security in terms of business risks to the top management in a way that they become able to make supportive decisions. However, it may become a challenge if you fail to use the appropriate language in this talk. Here is a good #SANS2018 presentation by Lance Spitzner on the topic.