Chapter 11: VoIP Fuzzing

Previous page
Table of content
Next page

There are a handful of very bright 13-year-olds out there who can do remarkable things, and there are not-so-bright 13-year-olds who have access to software designed by others to detect and explore security vulnerabilities.

Steven Aftergood

Overview

It's become an everyday fact of life that all vendors have security bugs in their products. It's fairly rare that developers and quality assurance (QA) teams can find all of their own security flaws before a product ships. More often than not, a third party (an end user , security enthusiast, and so on) is responsible for unearthing a security flaw in many of the more widely used products today. To get a sense of this, simply read the acknowledgments section of some of the security advisories listed on Cisco's (http://www.cisco.com/security/) or Microsoft's (http://www.microsoft.com/technet/security/current.aspx) security response websites .

However, you can't simply judge the security strength of a VoIP application or device merely on the number of security issues that are discovered . If a technology or application is not as widely used, or is cost prohibitive for the masses to poke at, it is obviously a less accessible security research target. For many security enthusiasts , there's more sex appeal in discovering a security vulnerability in Microsoft's Internet Explorer Browser (top market share) rather than the lesser-known Opera Browser (less than 3 percent market share). It is no different for VoIP products; we've only reached the tip of the iceberg with the general security community scrutinizing many of these new devices and applications. Also, many VoIP vendors are now starting to target the consumer market with affordable home VoIP offerings.

Security researchers and the common tech enthusiast can discover security vulnerabilities in a VoIP product either through dumb luck or through methodical black box testing. As the name might suggest, black box testing occurs when a tester has neither inside knowledge nor source code to the targeted device or application (thus a virtual black box). Besides reverse engineering the application itself, black box testing is usually the easiest approach to uncovering security issues. Some of those security issues may result in the application or device crashing, while others, after some investigation, may allow an attacker to execute commands of his choosing on the victim application.

This chapter focuses on one type of black box testing called fuzzing.


Previous page
Table of content
Next page
Hacking Exposed VoIP. Voice Over IP Security Secrets & Solutions
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
ISBN: 0072263644
EAN: 2147483647
Year: 2004
Pages: 158
Authors: David Endler, Mark Collier
BUY ON AMAZON
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
.NET System Management Services
The Oracle Hackers Handbook: Hacking and Defending Oracle
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy