Abstract
Threats in IOT space are increasing at an exponential scale. One of the stringent issue encountered in the IoT devices is the management and deployment of embedded web servers and security controls associated with them. A number of security flaws exist due to the inability of imposing strong authentication and authorization controls at the granular level. In addition, bad design practices result in giving birth to inherent vulnerabilities. This talk highlights the state of security in embedded web servers by presenting undisclosed vulnerabilities in IOT devices. Additionally, the talk unveils how the embedded web servers used in IOT devices are exploited by adversaries to trigger advanced cyber attacks. There will be demonstrations and associated proof of concepts codes will be released.