October 2024|Event
Doulos is pleased to be sponsoring the 10th annual IoT Security Foundation Conference in London on Wednesday, October 23rd.
This one-day conference is designed to expand your knowledge on the best practices, next-practices and the latest developments in IoT cyber security. With talks delivered by leading cyber security experts with multi-track sessions for executives, developers, engineers, managers and security professionals as well as networking opportunities.
Check out Doulos Senior Member Technical Staff, Dr Des Howlett presentation:
Where is your weakest link? Observations from teaching Embedded System Security
Everybody wants their product to be secure and it is now, rightly, a legal requirement for it to be so. People often think of security as encryption or protecting data, but it extends far beyond that.
There are important questions to ask, that are frequently overlooked, such as: Did you leave a secret test mode open, or did you fail to check statuses and user data? Do your product tests go beyond a pure check for functionality and ensure that bad inputs are also rejected?
It is surprising how many vulnerabilities are left in products in the rush to get something out the door. It is also amazing how engineers focus on securing one part, while leaving glaring holes that can be easily circumvented. Even the most experienced pilots follow checklists, but are you following a logical process or security framework in your designs?
Do you spend time, before starting the design, thinking about the possible problems that could befall your product? Do you write defensive code, looking at areas where bad data could have disastrous consequences? Do you realise that something as simple as an unchecked data string could let somebody execute code and do practically anything they choose?
It is common to look at security as a separate discipline, although many secure design practices will also give you a more reliable and higher-quality end product. Most security flaws are bugs in their own right, so fixing one will often help with the other.
This talk will include examples of some of the points we teach, that have triggered engineers to think twice about how they approach security.
Visit the Doulos booth to find out more about the Doulos security training portfolio. Find out more and register »