Internet of Things
(IoT) audit

The goal is discover any vulnerability that may provoke an unathorized access so developer may fix the problem and make the web application secure


Internet of Things IoT security audit services

Internet of Things devices are everywhere and it is estimated number of IoT sensors and devices is set to exceed 50 billion by 2022. IoT security risks are less well known and usually omitted

Our approach to IoT security

Security on IoT devices is usually dismissed, generating vulnerabilities that can be exploited very easily by cyber criminals. Meanwhile OWASP methodology could be used partially, every IoT device is completely different from the other one and have its own ecosystem.

There is a great lack of awareness of manufacturers about the vulnerabilities that may exist in an IoT ecosystem and the complexity of the security level that this ecosystem supposes. Another reasons could be the scarsity of cyber security experts in this type of devices.

One of the great challenges of the IoT security is the number of endpoints connected in a network. Each endpoint may offer a point of entry to cyber criminals, when the attack surface expands to all the connected devices the rist for the organizaction could be significant.

Risks of not securing IoT

Sales loss or even business shut down

Judgments, legal costs and regulatory penalties

Damages for reputation loss

Problems accepting payment cards

Economic losses by fraud

What our clients say


Why do you need to audit your IoT?

The number of IoT devices in our lifes is experiencing a huge growth, and the degree of security needs to be audited and enhanced to avoid data breaches about sensitive information of their users. IoT try to make our lifes easier and better, smart homes are the future and every day devices are more connected.

At Puffin Security we have a team of experts of IoT security specialists, that may review your firmware and device and detect any vunerability that could be exploited by a cyber criminal. We will analyze in depth your IoT solution to detect any vulnerability that could generate a data breach for stealing or accessing to sensitive data.

Goals of periodical IoT audit

Security is an core issue of every IoT deployment, but many times it is still neglected in the development of system. Auditing IoT mean analyze the following.

Detect vunerabilities in hardware of embeded devices

Analize the firmware of the IoT device

Evaluate the security of the Software and Apps

Benefits of IoT auditing

With a IoT security audit we can find vulnerabilities in Internet of Things devices before attackers exploit them, reducing the risk of exploits

Early Stage Detection

Mitigate risks by detecting and remediating security vulnerabilities and configure it to the maximum security level of your IoT devices.

Boost security

Increase end user confidence and company reputation by boosting your defences and meeting the highest security standards.

Reveal vulnerabilities

Illuminate breaches that could be exploited by an attacker for gaining access to your environment and system, and reduce risks of compliance penalties

Advantages of Puffin services

Why working with Puffin

At Puffin Security we want to help your company assessing the security of your software configuration and web environment. We can conduct a website security audit following the best web application security testing guidelines, this is a complex process that combines automatic and manual methods.

Effectiveness and efficiency

Commitment to results. We use methodologies that ensure the quality policy (ISO 9001) and the achievement of an optimal compromise, prioritizing to response time and speed of execution.

Tailored approach service

Adapt test and rules of engagement to uncover unique vulnerabilities. offering services with flexibility and adequate prices .

Expert execution

Performed by elite security testing consultants on-site or remote. We accredit experience in complex organizations in security projects, providing knowledge in the triple aspect: organizational, legal and technical

A multilayered defense on depth

A multilayered review defenses of management, risk management and internal audit to ensure that cyber security controls are well designed to protect the information assets and are operating effectively.

Compliance with ethical codes

Compliance with audit standards and ethical codes ISACA Code of Ethics, ISSA ethical code, OSSTMM Rules of Engagement, in addition to the standards referenced in the audit methodology.

Cyber criminals
attack IOT with
main 3 strategies

Protecting your company interests is very easy if you take awareness of the challenge of website security. Auditing periodically your websites and web applications can higly mitigate risks.

Access to sensitive data

IoT devices very often record and stream sensitive data. Security systems (cameras, doors), printers and any king of device with Wi-Fi is usually integrated in the business networks, this may be easily exploited by cyber criminals.


Once a cyber criminal access to a IoT device there are multiple actions he may execute, from stopping the activity to generate physical damage. They even may demand a payment to stop the sabotage.


Cyber attackers can use botnets that they use for DDoS attacks (Distributed Denial of Service) to disrupt normal traffic of a targeted server or network. They can use any endpoint like computers or IoT devices.

IoT audit methodology

The Internet of Things (IoT) can increase efficiency but it brings great risks. When performing a IoT audit we start with OWASP methodology, but IoT involves a complex ecosystem that may be analized depending on the the characteristics of the device, and the related parts: hardware, firmware and software and apps.

We also apply traditional techniques used in pentesting like reverse engineering (reversing) for the binaries usually developed for MIPS or ARM architectures and mobile applications that can reveal a myriad of vulnerabilities. Once all he information is analized our staff will prepare the final report with reliable and concrete information.

Phases of the Audit Process


Hardware analysis

Firmware analysis

Software and apps related


Generation of results

cyber security web application auditing final report


Documentation Deliverables

Once all of this is complete you will receive a final report with a detailed information about all the tests and results discovered in the Internet of Things security audit. In this document you will find all the knowledge you need to implement in order to mitigate weakness found. You will find all the vulnerabilities found analysed in depth (description, impact, risk level, evidences…) and all the actions we have executed in the process.

Prioritize Controls and Mitigate Risk
$600 Billion

is the ammount that Cyber crime costs the world a year

Interested in auditing?

Discover all our types of cyber security audit for testing your security plan and all the gaps that can address to a data breach

What our clients say


Years auditing companies


Data breaches prevented


Countries we have worked at


Companies we have worked with

According Verizon an absence of industry-wide IoT standards, coupled with security interoperability make up over 50% of executive concerns around IoT

At Puffin Security we deep into your organization beyond technology. We consider structures, processes, strategy and people, analysing security within the context of your business

Related services you may be interested


Adversarial testing


Manage the security of your company


Enhance your cyber security

Why working with us
View more services