IoT Security and Penetration Testing

Course Code: 5021


The IDC estimates that there would be 152,200 IoT devices connected every minute by 2025, indicating that there would be about 80 billion IoT devices connected annually. While IoT devices have numerous benefits and are immensely helpful for different purposes, they also pose as attractive vulnerabilities for cybercriminals. Be it insecure passwords, networks, ecosystem interfaces or any other vulnerability and weakness, once an IoT device is compromised, it can lead to major losses for any organization, and not just financially.

The Ponemon Institute and Shared Assessments Survey indicates that 76% of risk professionals believe that cyberattacks on their organizations would likely be executed through IoT.

To keep up with the changing trends and need of the hour, Cognixia introduces its new course – IoT Security and Penetration Testing. This course aims to highlight the need to incorporate security in IoT devices and solutions. This course employs a holistic approach to provide a comprehensive understanding of security and privacy in an IoT system from device to cloud. This IoT security training imparts a comprehensive understanding and knowledge of threat modelling practices which will help participants unveil potential vulnerabilities as well as possible threats to the IoT ecosystem. The course also covers penetration testing which will help participants deploy best practices to assess and defend their solutions. This IoT security course also incorporates hands-on practical exercises for a thorough experiential and practical learning experience to the participants.

Schedule Classes

Looking for more sessions of this class?
Cognixia logo

Course Delivery

This course is available in the following formats:

Live Classroom 
Duration: 10 days

Live Virtual Classroom
Duration: 10 days

*shipping charges extra

What You'll learn

  • Introduction to cybersecurity
  • Introduction to basic terminology and initiatives
  • Device security and gateway security
  • Communication protocols
  • IoT cloud platforms and their security
  • IoT ecosystem and penetration testing approaches
  • Attack and fault trees
  • Threat modelling IoT systems, applications and hardware
  • IoT testing and security automation
  • IoT hacking


  • Introduction to information and cybersecurity
  • Basic terminologies
  • Standards and open source initiatives
  • CIA triads: Effectively addressing security and privacy concerns
  • Attack surfaces and vulnerabilities: Device, network, gateway and cloud
  • Risk assessment and management
  • Cryptography: Applications of cryptography in IoT communications and data security
  • Device security
    • Application hardening
    • OS/platform hardening
    • Physical security
  • Gateway security
  • Communication protocols and network security
    • Data link layer – wireless communication technology security provisions
      • Wi-Fi, Bluetooth, Zigbee, 802.15.4 protocols
    • Application layer security
      • MQTT and HTTP protocols
    • Network hardening
  • IoT cloud platforms
    • API and endpoint security
    • Security of data at rest
    • Standard security frameworks
    • Example platforms: AWS and Microsoft Azure
  • IoT ecosystem and penetration testing approaches
  • IoT penetration testing lab setup
  • Threats, vulnerabilities, attack surface, attack vector, risk assessment and management
  • Attack and fault trees
  • Threat modeling IoT system
    • What is threat modelling?
    • Why and when to threat model?
    • Threat modeling diagrams and components
    • Relationship with attack and fault trees
    • Identity and address threats
    • Documentation and rating
    • Microsoft threat modeling approach and tool
    • STRIDE – Identifying threats
    • DRIED model to rate threats
    • Countermeasure and mitigation
  • Threat modeling – IoT applications (Device/web/mobile)
  • Threat modeling IoT hardware
  • Firmware and application exploits
  • IoT hacking
  • IoT testing and security automation
View More


In order to be eligible for this course, participants need to successfully complete the Advanced IoT training provided by Cognixia, or have equivalent knowledge and skills in IoT. You can know more about our Advanced IoT course.

Who Should Attend

  • Network security engineers
  • Cybersecurity analysts
  • Network and security analysts
  • Full stack engineers
  • Information system security architects
  • Network security administrators
  • Product security analysts
  • IT security analysts
  • Security test engineers
  • Application security testers/analysts
  • Security delivery analysts, etc.

Interested in this course? Let’s connect!


Once all the sessions of the course are completed, you will be evaluated on the basis of multiple parameters such as your attendance in the sessions, your scores in multiple-choice questions-based assessment, etc. Based on your overall performance, you will receive a course completion certificate from Cognixia.