C. Schanes, S. Taber, K. Popp, F. Fankhauser, T. Grechenig:
"Security test approach for automated detection of vulnerabilities of sip-based voip softphones.";
International Journal On Advances in Security,
Voice over Internet Protocol based systems replace phone lines in
many scenarios and are in wide use today. Automated security tests
of such systems are required to detect implementation and configuration
mistakes early and in an efficient way. In this paper we present
a plugin for our fuzzer framework fuzzolution to automatically detect
security vulnerabilities in Session Initiation Protocol based Voice
over Internet Protocol softphones, which are examples for endpoints
in such telephone systems. The presented approach automates the interaction
with the Graphical User Interface of the softphones during test execution
and also observes the behavior of the softphones using multiple metrics.
Results of testing two open source softphones by using our fuzzer
showed that various unknown vulnerabilities could be identified with
the implemented plugin for our fuzzing framework.
Erstellt aus der Publikationsdatenbank der Technischen Universitšt Wien.