0P3N Blog Blog Post
Ready to Start Your Career?
Create Free Account
By: chiheb chebbi
August 25, 2016

"HEATHEN" IoT Pentesting Framework is Released

By: chiheb chebbi
August 25, 2016
By: chiheb chebbi
August 25, 2016
"HEATHEN" IoT Pentesting Framework is Released - CybraryOxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”Heathen IoT of Things Penetration Testing Framework developed as a research project, which automatically help developers and manufacturers build more secure products in the Internet of Things space based on the Open Web Application Security Project (OWASP). It provides a set of features in every fundamental era. -Insecure Web Interface-Insufficient Authentication/Authorization-Insecure Network Services-Lack of Transport Encryption-Privacy Concerns-Insecure Cloud Interface-Insecure Mobile Interface-Insufficient Security Configurability-Insecure Software/Firmware-Poor Physical SecurityGetting Started with Heathen Framework:Installation : https://github.com/chihebchebbi/Internet-Of-Things-Pentesting-FrameworkTo start, just make sure that you got all the dependencies. If not, just run the deps.sh script.To Lunch Heathen IoT Pentesting Framework run  Heathen.shFeatures -Insecure Web Interface:
  • Now, you can scan all your web interfaces to ensure that any web interface in the product has been tested for XSS, SQLi and CSRF vulnerabilities
 -Insecure Network Service:
  • Ensure all devices do not make network ports and/or services available to the internet via UPnP, for example
 -Lack of Transport Encryption:
  • Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the internet
  • Use recommended and accepted encryption practices and avoid proprietary protocols
  • Ensure SSL/TLS implementations are up to date and properly configured
  -Insecure Software/Firmware:
  • Ensure all system devices have update capability and can be updated quickly when vulnerabilities are discovered
  • Ensure update files are encrypted and that the files are also transmitted using encryption
  • Ensure that update files are signed and then validated by the device before installing
  • Ensure update servers are secure
  • Ensure the product has the ability to implement scheduled updates
Acknowledgments: Craig Smith - Daniel Miessler - Dirk Wetter -Justin Klein Keane - YunsoulPS: This is a Beta Version.The final release will be ready shortly.

Join over 2 million IT and cyber professionals advancing their careers

OR REGISTER WITH

Google

Already have an account? Sign In »

Ready to Share Your Original Content?

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry