WoTT IoT Blog Musings, thoughts, ideas, releases on security for the internet of things
tutorials Configuring Nginx with client certificate authentication (mTLS) By Viktor Petersson on July 15, 2019 Configuring Nginx with client certificate authentication (mTLS) Required Skill Level: Medium to Expert One of the cornerstones of Zero Trust Networking is Mutual TLS (known as mTLS). In simple terms, this means that each client is required to present a certificate to talk to the server. This is different compared to how... Continue reading
tutorials Using WoTT credentials to manage access to Adafruit IO feeds By Fiona McAllister on June 27, 2019 Using Adafruit IO with WoTT Credentials Introduction Adafruit IO is a free cloud service interested in making IoT accessible to everyone through presenting data in a useful and user-friendly way. Services that they provide include linking your IoT devices to Twitter and weather services. You can also use Adafruit IO to monitor... Continue reading
tutorials Using WoTT credentials to manage access to Screenly OSE By Fiona McAllister on June 25, 2019 Using WoTT to secure access to Screenly Introduction Screenly is a service that provides digital signage and acts as an OS on the host device. Essentially it treats your host device as a streaming service that projects visual media (such as images and webpages) onto a monitor from multiple different sources. Think... Continue reading
thoughts Why open source solutions are critical for IoT By Al Esmail on June 25, 2019 TL;DR IoT needs one ring to rule them all and it’s not a platform. In my last post, I described the relevance of open source security. For very different reasons, I will argue here that the internet of things (and cyber-physical systems in general) are in desperate need of open source software... Continue reading
thoughts Why open source is critical for InfoSec By Al Esmail on June 24, 2019 TL;DR Proprietary security is a fresh cow pie hiding in the tall grass. Figure 1 - How I imagine decision fatigued CTOs see the world when speaking to proprietary security vendors. Can you spot the cow pie? In a previous post, I advocated for the merits of DevSecOps and shift left security.... Continue reading
thoughts Why shift-left security is relevant for IoT By Al Esmail on June 23, 2019 TL;DR Cyber is best handled by developers with big, bulging…brains. Figure 1 - Cyber is sexier than a Harvard trained, Academy Award winning actress. In our first blog post, I articulated that we are strong proponents of shift-left security. The idea that security should be incorporated as early as possible during application... Continue reading
thoughts WoTT secures the Internet of Things By Al Esmail on June 22, 2019 TL;DR It’s Let’s Encrypt for IoT - you know you want it. Figure 1 - If the web can have it, why can’t IoT? In my first blog post, I articulated why we do what we do at WoTT. Namely, that security is a necessary condition for a future involving advanced cyber-physical... Continue reading
news Why we are doing what we do By Al Esmail on June 20, 2019 TL;DR the future has flying cars, transformers and low calorie diets. Figure 1 - Best free photo I could find when searching for ‘open source’ In our inaugural blog post, my aim is to introduce how we see the world and what we care about. Regarding what we do, I will simply... Continue reading
tutorials Using WoTT credentials to manage access to a Python 3 WebApp By Fiona McAllister on June 18, 2019 Another simple WebApp example Introduction In a previous example we introduced you to setting up a Simple WebApp using mTLS to provide security. This is one of a few ways to secure connection between a client and a server. In this example, we’ll be using another simple WebApp that instead uses HTTP... Continue reading
tutorials Using WoTT to secure a simple Python 3 WebApp By Fiona McAllister on June 16, 2019 A simple WebApp example Introduction In the following example, we’ll walk you through how to secure a simple WebApp using WoTT. Before you begin, you need two devices with the WoTT Agent installed. This can be a combination of devices that are either a Raspberry Pi or a desktop running a Debian... Continue reading
Subscribe to our newsletter