Keywords:
Astract: The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security requirements in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. In the presented approach, we observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This is a generic method for different test targets which improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Keywords:
Astract: The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security problems in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. We observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Keywords:
Astract: Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper we present a plugin for our fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented plugin for our fuzzing framework.

Keywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn't considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents a short introduc- tion in testing VoIP components, proposes an architecture and implementation of a robust, flexible and efficient VoIP test environment for security related tests. Experiences us- ing the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the pro- posed test environment for research and teaching purposes

Keywords:
Astract: Since several years the number of VoIP (Voice over IP) infrastructures increases and, consequently, the number of VoIP users increases too. Under these circumstances VoIP systems get more and more attractive for attackers, since the probability of successful attacks increases and attackers gain benefits, e.g., money with fee-based telephone numbers. Therefore, this paper describes a solution to capture, monitor and report VoIP attacks to gain more knowledge on current and new VoIP attacks.