Keywords:
Astract: Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.

Keywords:

Keywords: Software Testing, Security Tests, GUI Testing, GUI, GUI Testing Framework;
Astract: Nowadays most applications use Graphical User Interfaces (GUIs) to interact with the user. Those GUIs are frequently used by attackers to manipulate applications. Although applications are usually tested intensely, the GUIs of the applications are rarely checked with respect to the most critical security aspects. To increase the robustness of the applications, appropriate automated security testing is required the identifies vulnerabilities in the application reliably.
The objective of this master's thesis is to design a comprehensive GUI testing framework that not only allows functional testing of GUIs but also security tests.
First, fundamentals of automated security testing of GUIs and relevant requirements of these are discussed through literature research.
Subsequently, a comparative overview of existing tools for GUI testing is given. This research shows that most of the tools are only suitable for functional testing, where as using these tools for security testing is not feasible. Reasons for that are the lack of support for suitable analytical systems to identify emerging vulnerabilities and a clear separation between test data and test cases. The latter is required for executing the test cases with many different security-relevant test data.
Based on these observations a new platform- and programming language-independent testing framework is designed. It builds on existing solutions to support many different applications with different GUIs (e.g. Java applications and websites). The designed framework supports not only functional testing of the GUIs but particularly considers the special requirements of security tests. The proposed design serves as a model for the development of GUI testing frameworks to increase the quality and security of GUIs.

Keywords:
Astract: Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.

Keywords:
Astract: The number of Voice over IP systems and the number of Session Initiation Protocol users is constantly increasing. The new Voice over IP infrastructures are connected with the traditional Public Switched Telephone Network and attacks against the phone infrastructure are becoming more imaginative. The attacks can cause financial losses, e.g., attackers steal money or incur costs for the victim. We analyze the current status of toll fraud attacks by analyzing real-world attacks collected in a Voice over IP honeynet solution. Based on the detailed data about real attacks, the creation or adaption of existing prevention mechanisms is possible in order to avoid toll fraud attacks in live environments.