product-security-tips.md

Table of contents

1. Product security
2. ML security
3. Data security and E2EE encryption
4. Web, API, cloud security
5. Linux Hardening / OS Hardening
6. Firmware and IoT security
7. Diving deeper into IoT security
8. IoT Security Labs and Train skills
9. IoT Security Books

Product security

• NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations
• NIST SP 800-207: Zero Trust Architecture
• NIST SP 800-161: Cybersecurity Supply Chain Risk Management Practices
• Product development cybersecurity handbook: concepts and considerations for IoT product manufacturers
• Case study: Protecting edge-devices against tampering and reverse engineering

ML models security

• Blog post: Protecting ML models running on edge devices and mobile apps
• MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems)

Data security and E2EE encryption

• RFC 9180: Hybrid Public Key Encryption
• Age cryptographic library for file/data encryption on Linux
• Slides: E2EE != security != privacy
• Slides: Data is a new security boundary

Web, API, cloud security

• OWASP WSTG: Web Security Testing Guide
• OWASP ASVS: Application Security Verification Standard
• Checklist: CIS Critical Security Controls Cloud Companion Guide

Linux Hardening / OS Hardening

• Blogpost: Raspberry Pi Hardening Guide
• Tool: Lynis - Security auditing tool for Linux
• Tool: SSHesame - SSH Honeypots
• Guide: Awesome security hardening collection
• Guide: Ansible collection of hardening for Linux, SSH, nginx
• Checklist: CIS Benchmarks List

Firmware and IoT security

• NIST SP 800-193: Platform Firmware Resiliency
• NIST SP 800-82: Guide to Operational Technology (OT) Security
• NIST SP 800-213: IoT Device Cybersecurity Guidance for the Federal Government
• OWASP FSTM Firmware Security Testing Methodology
• OWASP ISVS IoT Security Verification Standard

Diving deeper into IoT security

• Tool: Firmware Analysis and Comparison Tool
• Checklist: Open-source IoT pentesting framework
• Tool: HAL — The Hardware Analyser
• Guide: Attacks on implementations of secure systems, lectures

IoT Security Labs and Train skills

• Labs: Damn Vulnerable IoT Device
• Labs: Damn Vulnerable router firmware
• Labs: Damn Vulnerable Raspberry Pi

IoT Security Books

• Book: The Hardware Hacking Handbook
• Book: Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things
• Book: The IoT Hacker's Handbook
• Book: Hardware Security: A Hands-on Learning Approach
• Book: Inside Radio: An Attack and Defense Guide