Our approach for delivering a complete IoT assessment comprises:
- Mobile Application Security Assessment. If the IoT devices can be controlled or interact with a mobile application (Android or iOS), our company can perform security assessment on it and identify all the issues related to this kind of remote controller.
- Device Security Assessment. We perform a black-box assessment against the device while inside a specific testing network in order to better understand device behavior and identify possible data leakage. It is also possible to perform a white box analysis and the source code review of device firmware.
- Web Application Penetration Test (WAPT). It is important to test all the Web Applications that, in many parts of the IoT environment, can collect data or send commands to the devices. For example, it is possible to perform a WAPT against the cloud application used by the employee to control and monitor remote devices or test the device built-in web application.
- Network Penetration Test (NPT). The best way to find communication protocol vulnerabilities or networking misconfiguration is to perform a wide network assessment aimed at highlighting any potential side channels, data leakages or insufficient encryption inside the customer’s IoT ecosystem.