Atomistic IoT Penetration Testing Methodology

BSidesBCN21 - Day 2 - Arc de Triomf Track Atomistic Internet of Things (IoT) Penetration Testing Methodology (Arnau Estebanell Castellví) Although there are more than 50 billion Internet of Things devices, there is not much information online on how to test them for security vulnerabilities. Companies are starting to add more and more intelligent devices to their internal networks, and that opens the room for a new era of security incidents we have not yet seen. During the talk, I will explain why there is not much information about IoT pentesting and define a pentest methodology based on my research and the research available online. I’ll combine the methodology with a checklist to be used by pentesters to make sure nothing is left behind when performing IoT pentests. This is meant to be the starter pack used by any company willing to get IoT security testing capabilities. About Arnau Estebanell Castellví Computers and cybersecurity have always been a passion for me. I started when I was very young, coding in PHP, CSS and HTML when doing web development and managing servers, skills that I needed for different personal projects I had. Later on, while doing the degree in the UPC, I learnt C, Java and Python, skills which I improved later on in my own free time. Lately, my interests and education have focused on cybersecurity, especially in the Application Security area and with a particular interest in ECommerce and IoT devices. I value job positions where I have the opportunity to contribute with my ideas and where I can be a continuous learner. Holding certifications like the OSCP, OSWE, ACIP, CCSK, AZ-500, among others, I'll do my best to make sure your applications are safe, doing pentests and code reviews to applications and providing guidelines on implementing a Secure SDLC. I have no problem working with international teams as I'm currently working in an international company. English is like a mother tongue for me, and I hold the Cambridge Proficiency in English certificate. (cit. Linkedin, Arnau Estebanell Castellví)