Ecosystem of security tools at your service

Years back, one of us participated in a project that studied the use of open-source tools in digital forensics. The study revealed that there are hundreds, if not thousands, of free and high-quality tools for different cybersecurity tasks. The doctoral thesis “Transparent and tool-driven security assessment for sustainable IoT cybersecurity” summarises some findings in Chapter 3.3, “Security tools”. The most popular tool categories are the following:

1. Network security scanning tools

2. Traffic capture and inspection tools

3. Interactive host security tools

4. Web security tools

The most popular open-source security tools were Metasploit, Nmap and Wireshark.

All these and other tools can be used in IoT security assessment to verify the attack surface, security controls, and other security-related features. Some tools are easy to use, while others require more effort. Network tools are usually easy to apply, as arranging a network connection for verification is straightforward, and the findings are at the attack surface. Some other tools operating on source code or binaries require access to development artefacts, and findings may not reflect real vulnerabilities.

Our goal at Test of Things is to enable you to take advantage of all these great tools with minimal effort. We run the tools and interpret the results to verify the security properties of your IoT product. Contact us for more information.