Skip to main content

SEC.331 Secure Embedded & (I)IoT-Products

SEC.331 Secure Embedded & (I)IoT-Products

Basic training in implementing security correctly and holistically in embedded and IoT products
Duration: 3 days
Cost/Participant: € 2.350,- plus VAT
Minimum number of participants: 8 people
Requirements: No prior knowledge necessary
Training Format: Public and in-house training possible

To implement security correctly in a product, a holistic approach is crucial. In this training, the necessary building blocks for a secure solution are discussed and possibilities & limitations are shown. From regulatory requirements and threat modelling to various technologies that may be relevant for implementation (virtualization, secure boot, secure storage, …) to secure development practices and test tools, the „Secure Embedded & (I)IoT Products“ training course teaches participants how security can be implemented and verified in products so that products are sufficiently secured for their operating environment.

Content of Training

  • Regulations and standards
    • Regulations (NIS, CRA, RED, MR)
    • IEC 62443
  • Security fundamentals
  • Security Management
    • Roles, responsibilities and expertise
    • Integrity protection (code signing)
    • Supplier management (SBOM)
    • Vulnerability monitoring (CVSS, CVE)
  • Threat modelling
    • Safety vs. security
    • Threat modelling methodology
  • Secure by design
    • Best practices
    • Defense in depth, least privilege, least functionality, secure patterns, secure by default,…
    • System hardening (Linux, Windows, RTOS …)
  • Security Technologies
    • Security components (TPM, secure element,SOC Features)
    • Chain of trust (secure boot)
    • Secure storage
    • Secure interfaces und update
    • Virtualization
    • Audit/Logging
    • Secure communication and protocols
  • Secure implementation
    • Coding standards
    • Reviews
  • Hardware security
  • Security testing
    • Fuzzing
    • Code analysis tools
    • Binary analysis

After the training, participants should

  • understand the need for secure product development
  • understand the basics of security (e.g. cryptography, secure design practices)
  • identify and select the relevant security components/modules for the system architecture (e.g. TPM, secure boot and secure storage)
  • be familiar with testing tools and be able to apply them in the development process

Upon Request

Are you interested in a SEC.331 Secure Embedded & (I)IoT-Products? Contact us!

Request Training