Related OWASP Projects

OWASP is a volunteer-driven organization. Those volunteers contributed many useful documents, and this section points to some related OWASP documents and projects:

OWASP IoT Top 10

The increasing introduction of IoT devices in OT environments (Industrial IoT, IIoT) comes with many of the security problems that are known from common IoT. This makes OWASP IoT Top 10 a valuable resource especially for suppliers and integrators, but for operators as well.

In OT we often analyze whole factory floors or power plants, situating our list of Top 10 vulnerabilities on a higher conceptional level. In addition, OT is burdened with long lifetimes and problematic update cycles placing a greater importance on defense-in-depth measures like good network segregation.

(I)IoT is a part of OT, but OT is broader in scope and utilized IoT devices within. This difference in scope is reflected in the Top Vulnerability list: when using the IoT Top 10, only 2 out of the 10 top vulnerabilities directly map onto the OT domain (I4 and I5).

OWASP hosts multiple projects that aim to increase the security of IOT projects.

OWASP Top 10

The best known OWASP standard, the Top 10 of web application security, is also relevant for OT. Suppliers and integrators developing software in form of web applications, e.g. for control systems with a web interface can find useful information on how to avoid the most common vulnerabilities in web applications – even when they are used in an industrial environment.

In contrast, this document is focused on defensive techniques and controls as opposed to risks. Each control in this document will map to one or more items in the risk-based OWASP Top 10. This mapping information is included at the end of each control description.