Manufacturers of every kind of electronic or electrical devices are rushing to add features which require connection to the internet. In their rush to market, these companies sometimes overlook the complications of hardware and software security design and construction to get the newest, coolest function working at lowest cost. While we aspire for smart cities, smart environments, smart retail or smart homes, it becomes absolutely essential for these diverse industries to evaluate the security implications of IoT in the LIVE environment. This edition will talk about IoT security testing services which are applicable across any and every domain that is ready to leverage the technology. Additionally, it will also provide testing recommendations for SQL injection and overview about BlackArch Linux.
Latest Cyber Security News
- Attackers get root access with Mac OS LPE Exploit
- Processor design flaw lands Intel in security hot seat
IoT Security Testing Services
SQL Injection (SQLi) is one of the oldest, most prevalent and most dangerous vulnerability. In this type of injection attack, attacker executes malicious SQL statements through web forms that control a web application’s database server.
- Access sensitive data from application database
- Can insert, update or remove data from database
- Attacker can execute database administration operation which can lead to shutdown of DBMS
- Opens access to DBMS file system which can result in sharing of sensitive information
- In severe cases, it can open access to operating system commands
- Test by inputting special characters like -- (double-hyphen), ; (semicolon), ‘ (single quote), “ (double quote) and other similar characters of special meaning in different flavors of SQL
- Append universally true expressions like 2>1, at the end of all valid input fields using different expressions coupled with a variety of SQL keywords like AND, OR, UNION etc, to simulate an attack
- SQLi Dumper
Evaluation – Tools and Technologies
BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
- Derived from ArchLinux
- Can install BlackArch components individually or in groups
- Offers over 1900 tools organized by category, for security, and forensic
- Can be used as a standalone live CD or live USB, run from a virtual machine, or be installed to a computer's hard disk
AIEngine - AIEngine is the next generation network intrusion detection engine. This interactive packet inspection engine offers features such as DNS domain classification, spam detection, network collector, network forensics, and many others. What’s more interesting about AIEngine is that it has the ability to learn without any human intervention.
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at firstname.lastname@example.org
The logos used in this post are owned by the individual companies of each logo or trademark. The logo is not authorized by, sponsored by, or associated with the trademark owner, but QASource is using the logos only for reviewing purposes. The endorsement of the used logos by QASource is neither intended nor implied.