[Back]


Talks and Poster Presentations (with Proceedings-Entry):

S. Taber, C. Schanes, C. Hlauschek, F. Fankhauser, T. Grechenig:
"Automated Security Test Approach for SIP based VoIP Softphones";
Talk: The Second International Conference on Advances in System Testing and Validation Lifecycle, Nice, France; 2010-08-22 - 2010-08-27; in: "Proceedings of The Second International Conference on Advances in System Testing and Validation Lifecycle", IEEE Computer Society Press, (2010), ISBN: 978-0-7695-4146-4; 114 - 119.



English abstract:
Robustness of applications used for Voice
over Internet Protocol based systems against attacks
is a critical part to secure such systems. Automatic
security testing is required to detect security vulnera-
bilities in an efficient way. This enables to harden the
applications early during the development phase. In the
paper we present a fuzzer framework to detect security
vulnerabilities in Voice over IP (VoIP) Softphones which
implement Session Initiation Protocol (SIP). The pre-
sented approach automates the Graphical User Interface
(GUI) interaction for softphones during fuzzing and
also observes the behavior of the softphone GUIs to
automatically detect application errors. Results of testing
two open source softphones by using our fuzzer showed
that various unknown vulnerabilities could be identified
with the implemented fuzzer and some vulnerabilities
were found that are only detectable by using GUI
observation.

Keywords:
Software testing; Computer network se- curity; Graphical user interfaces; Internet telephony; Fuzzing

Created from the Publication Database of the Vienna University of Technology.