Embedded Application Security Best Practices

OWASP Embedded Application Security Project Wiki Page


Thank you for your interest in the OWASP Embedded Application Security Project. This is the development version of the OWASP Embedded Application Security Best Practices Guide, and will be converted into PDF & MediaWiki for publishing when complete.

This document was put together by the collaborative efforts of developers, engineers, and hobbyists with the sole purpose of assisting manufacturers produce embedded devices with security in mind. A special "thank you" is due to all those who have contributed (see below) as well as those who continue to see this project evolve. It is our goal that this document will provide a detailed technical pathway for manufacturers to build secure devices for an increasingly insecure world. This is considered a "living" document as it is open to feedback and further collaboration, please contact the project leaders with any feedback you may have.

Made possible by contributions from:

  • Jim Manico

  • Benjamin Samuels

  • Janet Kulp

GitBook integration

For a pleasant reading experience, use GitBook to turn this document into a PDF, e-book, website, etc.


You do not have to be a security expert in order to contribute!

Some of the ways you can help:

  • Technical editing

  • Review

  • Diagrams

  • Graphic design

  • Code snippets in your favorite language

  • Translate guidance material

Feel free to sign up for a task out of our roadmap below or add your own idea to the roadmap. To get started, create a GitBook account or sign in with your Github credentials to add comments and make edits. All changes are tracked and synced to https://github.com/scriptingxss/embeddedappsec. Alternatively, clone the Github repo, use your favorite markdown editor, apply/make your edits, and submit a pull request. Feel free to contact the project leaders for ways to get involved.


🚨⚠️ This project is currently going through a revamp of its content and structure. 🚨⚠️

Join the mailing list, slack channel and contact the Project leaders if you feel you can contribute.

Project Leaders

Aaron Guzman @scriptingxss

Alex Lafrenz @zerofrenz

Last updated