With growing adoption of IoT and connected devices, organizations need to focus on their embedded systems security.
While many organizations conduct regular application and network penetration testing, they often forget to evaluate connected devices for vulnerabilities. Embedded pen testing analyzes connected devices, including IoT products, for potential weaknesses.
To help security teams and interested individuals conduct proper embedded pen testing, Jean-Georges Valle wrote Practical Hardware Pentesting. During Valle’s career, he has worked in embedded pen testing, security architecture and risk management. He currently serves as senior vice president at Kroll, a cyber risk and financial services consultancy.
The book, currently in its second edition, teaches readers how to conduct offensive techniques to test embedded devices for vulnerabilities and weaknesses.
While the goal is the same as software pen testing, it’s a different experience for the tester. “It’s a practical activity,” Valle said. “You’re physically interacting with the devices: You’re soldering, opening up parts and reverse-engineering a physical device.”
In an interview, Valle discussed the…
