WEBVTT 00:00.000 --> 00:03.930 >> Another topic bursting onto the scenes today is IoT, 00:03.930 --> 00:05.835 the Internet of Things. 00:05.835 --> 00:07.530 With the Internet of Things, 00:07.530 --> 00:08.820 the idea is everything is 00:08.820 --> 00:10.755 network ready and network capable. 00:10.755 --> 00:12.360 That gives us so much ease to 00:12.360 --> 00:14.145 use with these personal assistants, 00:14.145 --> 00:15.570 games that are accessible, 00:15.570 --> 00:18.179 and being able to be configured through Wi-Fi connection, 00:18.179 --> 00:21.030 but will also give us all of these issues. 00:21.030 --> 00:24.375 There's always going to be security considerations. 00:24.375 --> 00:26.340 Often we have cool technology that comes 00:26.340 --> 00:28.875 out and then all of a sudden we say, 00:28.875 --> 00:30.840 it's insecure, is it? 00:30.840 --> 00:32.610 You can see that just from a handful of 00:32.610 --> 00:35.895 these being hacked through its Bluetooth system, 00:35.895 --> 00:39.395 ring doorbells and ring doorbells get rid of them. 00:39.395 --> 00:41.200 They really are a security concern 00:41.200 --> 00:42.815 as far as privacy goes. 00:42.815 --> 00:44.480 Then again, anything you put on 00:44.480 --> 00:46.550 the network can be accessed through your network. 00:46.550 --> 00:48.005 If we don't have firewalls, 00:48.005 --> 00:49.250 if we don't have protection, 00:49.250 --> 00:51.170 if we don't have strong authentication, 00:51.170 --> 00:52.820 then we just have this wealth of services 00:52.820 --> 00:55.050 we need to be compromised. 00:55.370 --> 00:58.220 The Internet of Things is much more than 00:58.220 --> 01:00.560 having Alexa to track your grocery list. 01:00.560 --> 01:03.005 We're again seeing every environment 01:03.005 --> 01:04.645 really taking advantage of this. 01:04.645 --> 01:06.830 We have smart cities now where I can pull up to 01:06.830 --> 01:09.275 a parking meter based on a tag of my car, 01:09.275 --> 01:11.870 I can automatically be debited for parking. 01:11.870 --> 01:14.765 I've got general use for controlling lighting systems, 01:14.765 --> 01:17.780 large computer-based systems, inventory control, 01:17.780 --> 01:19.115 just on and on and on. 01:19.115 --> 01:21.080 Even the deployments in healthcare monitoring 01:21.080 --> 01:22.490 with Internet of Things. 01:22.490 --> 01:24.650 Again, these personal systems and 01:24.650 --> 01:27.155 home monitoring tools are everywhere. 01:27.155 --> 01:30.755 What we have to consider is as handy as some of this is, 01:30.755 --> 01:33.740 surely there aren't any security considerations. 01:33.740 --> 01:35.510 Of course, we built these to 01:35.510 --> 01:36.860 be secure from the ground up. 01:36.860 --> 01:38.285 But we know that's not true. 01:38.285 --> 01:39.650 When we look to understand what 01:39.650 --> 01:40.920 vulnerabilities are out there, 01:40.920 --> 01:42.695 it's always good to know where to go. 01:42.695 --> 01:45.620 It's always good to have a trusted, reliable source. 01:45.620 --> 01:48.275 OWASP is one of those. 01:48.275 --> 01:50.120 OWASP stands for 01:50.120 --> 01:52.790 the Open Web Application Security Project. 01:52.790 --> 01:54.560 They present a top 10 list for 01:54.560 --> 01:56.690 a lot of different types of technology. 01:56.690 --> 01:59.600 They primarily focus on web applications. 01:59.600 --> 02:02.270 Every few years, they update their top 10. 02:02.270 --> 02:05.570 Here are the most common vulnerabilities with web apps. 02:05.570 --> 02:08.780 They also talk about other application security. 02:08.780 --> 02:10.280 Then in 2018, 02:10.280 --> 02:11.840 they published the top 10 issues 02:11.840 --> 02:13.300 for the Internet of Things. 02:13.300 --> 02:14.805 This is not testable. 02:14.805 --> 02:17.645 For instance, you're not going to get a test question. 02:17.645 --> 02:19.160 What's the seven most common issue 02:19.160 --> 02:20.600 with the Internet of Things? 02:20.600 --> 02:22.595 However, I do want to go through these. 02:22.595 --> 02:23.750 I'm not going to spend a lot of 02:23.750 --> 02:25.130 time on them but I do want to 02:25.130 --> 02:28.620 communicate some of the vulnerabilities that do exist.