[SIPForum-discussion] security testing

• Previous message: [SIPForum-discussion] security testing (UNCLASSIFIED)
• Next message: [SIPForum-discussion] security testing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Apologies for the shameless plug.

My company makes the Mu-4000 Security Analyzer that (among other things) has
about 2,000,000 deeply stateful test cases designed to expose protocol
implementation flaws. We can deliver those 2 million test cases over any of
5 transports (UDP, TCP, SSLv2, SSLv3, and TLSv1). Early next year, all those
will work over IPv6, making 10 different "transport stacks" for SIP. We also
support some IMS options that can affect our SIP test cases.

The analyzer is highly automated and can monitor the target any way you
like. The analyzer also does response-time profiles for how the invalid test
cases we are sending affects the target's ability to respond to valid
traffic.

We have participated in SIPit events for the last year or so (see you in
Beijing?) and after next week will have participated in all three IMS
Plugfests (so far!). CT Labs uses the product as well, in their VoIP testing
facility.

Cheers,
~tom



On 10/10/07 4:06 AM, "nazeema Tasneem" <nazeema_guttur at yahoo.com> wrote:

> Hi all,
>  can anyone tell me about automated tools for testing
> security considerations(message flooding, registration
> hijak, call teardown etc) in SIP.
> 
> Thanks 
> Nazeema

• Previous message: [SIPForum-discussion] security testing (UNCLASSIFIED)
• Next message: [SIPForum-discussion] security testing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]