As part of an IT security audit, the CRYPTRON Security Team was commissioned by the Zurich-based company Rex-Royal AG to check the servers and API interfaces for collaboration with the smart coffee machines and the Rex-Royal Cloud for the OWASP Top 10 Web Application vulnerabilities.

The new telemetry solution called "Rex-Royal Cloud" is a connectivity solution that provides complete visibility into your coffee machine fleet and these interfaces have been subjected to a standardized IT security audit by professional hackers. Coffee machines can be connected to the internet to send statistics, status and sales information to the cloud. More details can be read at the following link.

The IT risk and vulnerability analysis was conducted from an external attacker's perspective and risks were classified and assessed based on the OWASP Risk Rating Methodology. The OWASP IoT Security Verification Standard (ISVS) was also used for more advanced analyses. By using the Static Application Security Testing tool from the OWASP Risk Assessment Framework, professional security consultants and penetration testers can analyze and verify the code quality and vulnerabilities of complex IoT applications without additional setup. OWASP Risk Assessment Framework can be integrated into the DevSecOps toolchain to help developers write and build secure code.

The CRYPTRON Security team is happy to support you in the implementation of your cloud and Internet of Things (IoT) projects, as well as to provide neutral second opinions and security-related questions.

Referenzen / Quellenangaben:

• Rex-Royal Cloud – Rex-Royal AG (rex-royal.ch)
• OWASP Top Ten Web Application Security Risks | OWASP
• OWASP Risk Rating Methodology
• OWASP Risk Assessment Framework
• OWASP IoT Security Verification Standard (ISVS)
• Internet of things – Wikipedia