OWASP IoT Security Testing Guide

The OWASP IoT Security Testing Guide provides a comprehensive methodology for penetration tests in the IoT field offering flexibility to adapt innovations and developments on the IoT market while still ensuring comparability of test results. The guide provides an understanding of communication between manufacturers and operators of IoT devices as well as penetration testing teams that’s facilitated by establishing a common terminology.

The methodology, the underlying models and the catalog of test cases present tools that can be used separately and in conjunction with each other.


Please check the OWASP Contributing Guidelines as well as the ISTG Project Contributing Guide to find more information about how to contribute to this project. Your support is highly welcome!

Latest Version

You can find the latest version of this guide here or in the GitHub Repository.

The concepts, models and test steps presented in the OWASP IoT Security Testing Guide are based on the master’s thesis “Development of a Methodology for Penetration Tests of Devices in the Field of the Internet of Things” by Luca Pascal Rotsch.

Test cases were derived from the following public sources:

We also like to thank our collaborators and supporters (see Project Collaborators and Acknowledgements)!

Project Collaborators and Acknowledgements

We would like to take this opportunity to acknowledge the contributions of our collaborators and supporters who volunteered their time and expertise to this project. Thank you for your support and commitment to IoT security! This guide would not have been possible without you.

  • Antje Winkler
  • Clemens Keil
  • Denny Vogt (Pyxon73)
  • Manfred Heinz (zaphoxx aka CptSpiff)
  • Martin Weißbach
  • Patrick “HomeSen” Walker
  • Sebastian Döring

Contributing to the ISTG Project

Work in Progress: This page is currently under construction. The information displayed is not yet complete.

To contribute, please head over to our GitHub Repository. Here, you can review the project’s documentation, code, and share your valuable feedback. Your expertise and insights will play a crucial role in improving the guide’s quality and relevance.

Whether you are an experienced IoT security tester or someone passionate about ensuring the security of connected devices, your contributions are highly welcome. Join us in this collaborative effort to strengthen IoT security testing practices and make a positive impact on the industry!

Thank you for your support and dedication to IoT security. Together, we can make a difference.