Embedded systems are special purpose systems that cover a wide range of applications, from home electronics and industrial control systems, to medical devices and avionics. The remote management & telemetry features of the so called "Internet of Things" family of embedded devices, have made them quite popular and their placement is almost ubiquitous. From a security standpoint, embedded software is not that different to software found in other domains. However, the criticality of its operation, its exposure on public networks, but also its security limitations make it a very attractive target for attackers. This article presents an overview of the building blocks of today's embedded software, analyses inherent weaknesses in the way this software is built and deployed, and highlights recent developments in the handling of the relevant risk.
CENSUS participated in the "Security B-Sides 2017 Athens" conference with a presentation by Ioannis Stais on the automated discovery of expressions that bypass Web Application Firewalls and Filters, using learning automata. The presentation was entitled
"LightBulb Framework: Shedding Light on the Dark Side of WAFs and Filters" and followed Stais' and Argyros' previous research on the subject (see BlackHat Europe in 2016 presentation). The Security B-Sides presentation introduced an Extension for the Burp Suite web proxy application that allows for easier integration of the expression discovery technique to the standard toolbox of web application penetration testers.