Best Certification for Firmware and Embedded Systems?
I'm in the process of determining the best certification for learning security testing of embedded systems. I've completed the GWAPT certification from GIAC and the SEC642 course from SANS. However, I'm looking for a training course that focuses on firmware security, preferably with the option of a certification.
I believe one of the two courses linked below could teach what I'm looking for. However, I wanted to hear everyone else's thoughts. There may be another certification I'm not considering.
https://www.giac.org/certification/exploit-researcher-advanced-penetration-tester-gxpn
https://www.giac.org/certification/global-industrial-cyber-security-professional-gicsp
The first offers a course in advanced pentesting, but is more broad to cover network security as well. The second covers industrial control systems, which has embedded systems included. However, I'm concerned firmware may only be covered briefly at a high level, as the GICSP covers broader areas like monitoring, logging, and incident management. I'm having trouble finding a security course that addresses firmware and embedded systems specifically. It doesn't have to be a GIAC course, that's just the source I'm most familiar with. Any help would be appreciated and thanks in advanced.
I believe one of the two courses linked below could teach what I'm looking for. However, I wanted to hear everyone else's thoughts. There may be another certification I'm not considering.
https://www.giac.org/certification/exploit-researcher-advanced-penetration-tester-gxpn
https://www.giac.org/certification/global-industrial-cyber-security-professional-gicsp
The first offers a course in advanced pentesting, but is more broad to cover network security as well. The second covers industrial control systems, which has embedded systems included. However, I'm concerned firmware may only be covered briefly at a high level, as the GICSP covers broader areas like monitoring, logging, and incident management. I'm having trouble finding a security course that addresses firmware and embedded systems specifically. It doesn't have to be a GIAC course, that's just the source I'm most familiar with. Any help would be appreciated and thanks in advanced.
Comments
-
JDMurray
Admin Posts: 13,091 Admin
"Embedded systems?" You must be an old guy. That term has been re-marketed as "Internet of Things" now.
But seriously, any certs that test for security in design, implementation, or testing of soft/firmware systems (in both network and OS) would be a good candidate--including application pentesting certs. The monitoring, logging, incident handling is the same for embedded systems as it would be for any other IP network endpoint (e.g., local/remote access (HTTP/SNMP), local/remote logging (file/db/syslog), asset management, point of contact determination, mitigation/remediation, etc.). Cets that test for network security (e.g., segmentation, VLANs, authentication, etc.) are useful too. It seems like the IoT community would already have this covered. -
BlackBeret
Member Posts: 683 ■■■■■□□□□□
It's not SANS, but this course is amazing for this topic - https://www.attify.com/offensive-iot-exploitation/ -
ihk
Registered Users Posts: 1 ■□□□□□□□□□
If you're talking about some more complex products rather than IoT (mobile payment devices, hardware security modules, smartcard OSs etc.), there are some courses on Coursera;
https://www.coursera.org/learn/embedded-operating-system
https://www.coursera.org/learn/intro-fpga-design-embedded-systems
For certificaiton, as you mentioned GXPN may be a good option.