BRK Security

API Testing Will be Harder than Ever

Meaning that experienced, creative API testers will soon be the most sought-after jobs. You’ve got to make sure your API works, even when you may not have access to the final product. “I want to know with 100 percent certainty when I say a device goes on, it goes on. When you think of the hierarchy of needs, security is great but it doesn’t mean anything if I can’t get it to function properly,” said Brian Knopf of BRK Security. Your API is most likely what will decide if that light turns on or off.

If you read or watch anything on the Internet of Things, I’d argue for spending an hour watching his talk on how Knopf threat modeled his wife because the next generation of wearables won’t be on our wrists, they’ll be in our bodies, like his wife’s spinal implant. When someone could live or die on your code and you may not ever be able to perform usability testing or penetration testing, you’ve got to find a way to assure functionality, security and uptime of your API.

Read the article here

I Am The Cavalry, a group of concerned security researchers focused on critical infrastructure, is working on a five-star rating system for consumer IoT. The rating system will give consumers the "quick ability to check device security without having to understand the technical details."

Security researcher Brian Knopf is leading I Am The Cavalry’s charge for a simple security and privacy rating system for IoT devices, which he hopes to release early in 2016. He shared with Ars some of the preliminary criteria that IATC will use to judge devices:

Read the article here