Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

IoT Penetration Testing Cookbook

You're reading from IoT Penetration Testing Cookbook Identify vulnerabilities and secure your smart devices

Product type Paperback

Published in Nov 2017

Publisher Packt

ISBN-13 9781787280571

Length 452 pages

Edition 1st Edition

Languages

Python

Tools

Burp Suite

Concepts

Penetration Testing

Table of Contents (19) Chapters

Title Page

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Customer Feedback

Dedication

Preface

1. IoT Penetration Testing FREE CHAPTER

2. IoT Threat Modeling

3. Analyzing and Exploiting Firmware

4. Exploitation of Embedded Web Applications

5. Exploiting IoT Mobile Applications

6. IoT Device Hacking

7. Radio Hacking

8. Firmware Security Best Practices

9. Mobile Security Best Practices

10. Securing Hardware

11. Advanced IoT Exploitation and Security Automation

Threat modeling an IoT mobile application

For our next threat modeling exercise, we will examine IoT mobile applications for our DVR system. This DVR system (like many others in IoT) has several mobile applications available developed by resellers and different OEMs. For demonstration purposes, we will only threat model one Android and one iOS application.

How to do it...

Since we have the majority of our data flow diagrams created from previous recipes, we will continue to use the same Microsoft Threat Modeling Tool for this recipe.

Step 1: Creating an architecture overview and decomposition

Similar to our last couple of recipes, we will jump right to creating a data flow diagram which includes all known assets for the mobile applications. The following is the data flow diagram for the mobile applications:

We can see that the applications contact the third-party vendor cloud environment each time in order to view account details and camera feeds. This also occurs when the user is in the same...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Other recommended products

Related to this chapter

Practical Security Automation and Testing

Practical Security Automation and Testing

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

Feb 2019 8h 32m

Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

Jul 2018 11h 52m

Burp Suite Cookbook

Burp Suite Cookbook

The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.

Sep 2018 11h 56m

Practical Internet of Things Security

Practical Internet of Things Security

This book will take you on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architecting and deploying a secure IoT in your enterprise. The book showcases how the IoT is implemented in early-adopting industries and describes how lessons can be learned and shared across diverse industries to support a secure IoT.

Nov 2018 12h 44m

Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

Aug 2018 8h 28m

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Practical Hardware Pentesting

Practical Hardware Pentesting

Hardware security has become a major concern in recent times making it crucial for companies and end users to focus on protecting hardware. If you're a security practitioner who is more familiar with software and binary hacking or someone looking to repurpose devices, this book will demonstrate how to approach hardware hacking of embedded devices.

Apr 2021 12h 44m

Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments.

Feb 2018 13h 12m

Learning Android Forensics

Learning Android Forensics

This book will introduce you to Android forensics helping you to set up a forensic environment, handle mobile evidence, analyze how and where common applications store their data. You will also learn to identify malware on a device, and how to analyze it.

Dec 2018 10h 56m

Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.

Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

Sep 2018 8h 20m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m