Codenomicon, the main focus of Ari's work is with security testing of various next generation communication technologies such as VoIP, WiMAX and IPTV. His latest book is focused on this topic, and is titled "Fuzzing for Software Security Testing and Quality Assurance". You can win a free copy of The Fuzzing Book from the Codenomicon web site. What is VoIP security all about? After close to ten years of hacking and bashing VoIP, Ari Takanen will finally reveal the secrets and discuss the hype around VoIP security. The discussions in this blog will draw from his book "Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures" co-authored by Peter Thermos, and published by Addison-Wesley. Ari will answer any questions and comments you might have regarding penetration testing and fuzzing of next generation communication networks such as IP telephony. Check out the sample chapter of the VoIP book here!" /> Ari Takanen | ITworld

Security: Secrets and Hype

RSS Link

The topics of this blog are in Fuzzing and VoIP security. As the CTO of Codenomicon, the main focus of Ari's work is with security testing of various next generation communication technologies such as VoIP, WiMAX and IPTV. His latest book is focused on this topic, and is titled "Fuzzing for Software Security Testing and Quality Assurance". You can win a free copy of The Fuzzing Book from the Codenomicon web site. What is VoIP security all about? After close to ten years of hacking and bashing VoIP, Ari Takanen will finally reveal the secrets and discuss the hype around VoIP security. The discussions in this blog will draw from his book "Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures" co-authored by Peter Thermos, and published by Addison-Wesley. Ari will answer any questions and comments you might have regarding penetration testing and fuzzing of next generation communication networks such as IP telephony. Check out the sample chapter of the VoIP book here!

by Ari Takanen

  • IPv6 Day: Time to think about security testing for IPv6

    Posted Jun 08, 2011 - 08:41 am

    Today, on Wednesday June 8th, we celebrate the World IPv6 Day. Although IPv6 itself is a big step towards more secure Internet, the transition from IPv4 to IPv6 is bound to also create new security, quality and interoperability challenges. IPv6 is not thoroughly tested because IPv6 has not been widely adapted. Read more to find out what you should do to prepare, or rather what you should have done already.

  • Vulnerability management: not just for scanning known vulnerabilities

    Posted Apr 08, 2011 - 02:16 pm

    Proactively searching and fixing the unknown zero-day vulnerabilities saves time and money for everyone. And it is easy! Proactive testing is the most effective form of vulnerability management, because the earlier vulnerabilities are discovered, the easier and cheaper it is to fix them. Do not wait for the hackers to find the vulnerabilities!

  • Security Testing: It Is About Coverage

    Posted Feb 01, 2010 - 06:19 pm

    It is easy to do pentetration testing. My two year daughter can do it (well at least she broke through a screen-lock). But doing it well is the challenge. That is what coverage is about. Security test coverage, like any test coverage, is measuring how much of all the possible sensible options you cover with your testing. Let's dig into this topic a bit more, and perhaps next time someone comes offering you pentesting services, you will have a few new questions to ask the auditors.

  • Vulnerability Disclosure: Is it Blackmail, Whitemail or Bluemail

    Posted Jul 23, 2009 - 03:25 pm

    Hackers (or security researchers) come with a range of rainbow colored hats. Some guys'n'gals are nice (the White Hats). They find and disclose problems in communication products using approved responsible disclosure models. Others are in the business for money, and are not satisfied by the fame they get for disclosing problems. The process can easily get close to what some would consider unethical, or even direct blackmailing.

  • What to Look in a Test Automation Product: Features or Benefits

    Posted Jul 20, 2009 - 11:10 am

    The leap from manual tests or simple scripts into fully automated test suites makes all self-respecting test engineers just simply excited. It is difficult to see the limits to the things where test automation could be used. But hold on! Are you thinking straight? Why was it that you were looking for test automation in the first place?

  • Visualizing Security - The Challenge of 2009

    Posted May 20, 2009 - 07:53 am

    Have a look at all leading security companies today, and you see all of them launching or planning to launch solutions targeted at visualizing and collaborating over security issues. What is this about? Let's have a look at different initiatives in this area.

  • Fuzzing and Product Security

    Posted Mar 18, 2009 - 03:40 am

    Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar.

  • Fuzzing Is Still Widely Unknown

    Posted Jan 19, 2009 - 09:18 am

    Based on a recent study by Gary McGraw and other well known security gurus, all major product security teams apparently use fuzzing. But most (even security specialists) still seem to misunderstand what fuzzing really is about. Enter the world of fuzzing!

  • Good VoIP Deployment Guidelines (Do Not Exist?)

    Posted Oct 23, 2008 - 07:27 am

    I get questions regarding VoIP deployment all the time. Sometimes it is someone looking for simple and cheap Enterprise VoIP, who are unsure if VoIP can be deployed securely with those two parameters in the equation. More often it is the security aware people who are willing to invest almost anything to make it work, but cannot. As always, there is no silver bullet solution for either. If you look at my past opinions, I keep changing my mind between cheap that works, and secure that doesn't. What do you think? Which way should we go in VoIP?

  • VoIP Still Not Ready For Carrier-Grade Networks

    Posted Oct 02, 2008 - 12:22 pm

    After a quick tour of some Really Talented Groups dedicated to fuzzing research, I noticed three things: 1) Most teams are focused on fuzzing VoIP 2) Most if not all VoIP devices still break with fuzzing 3) Most VoIP vendors still do not get it. The tour continues...

White Papers & Webcasts

White Paper

Smarter Commerce is redefining value chain visibility

Smarter Commerce is redefining the value chain in the age of the customer. It starts with putting the customer at the center of your operations - which of itself is not a new idea - however, truly operationalizing this strategy is not easy.

White Paper

Digital Transformation: Creating New Business Models Where Digital Meets Physical

Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil society, as well as friends and family.

White Paper

IBM Synchronizes its Commerce 2.0 Strategy with 'Smarter Commerce' Initiative

On March 14, IBM announced "Smarter Commerce", a strategic initiative that addresses the surging market for Commerce 2.0 solutions that take advantage of the convergence of a number of disruptive software and hardware technologies.

Webcast On Demand

Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware

Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.

Sponsor: VMware

White Paper

An Interactive eGuide: Big Data

Experts predict in the next five years the amount of data that exists will grow by tenfold. This data explosion is in large part thanks to 'big data'-weblogs, equipment logs, social media, email, sensors, photographs, video footage, etc.-that is typically unstructured and voluminous. New networked devices and applications are collecting more data than ever, and more organizations are holding on to it

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join Now

New questions

How to use social media to increase app downloads
0 answers
Are mobile workers more productive?
0 answers
How to distribute apps to mobile employees?
0 answers
How to market a mobile app
0 answers
How to get started developing Android applications
1 answer
View more questions

Ask a question

Join Now or Sign In to ask a question.

Security: Secrets and Hype Archive

See all blogs
2011
June (1)
April (1)
2010
February (1)
2009
July (2)
May (1)
March (1)
January (1)
2008
October (2)
September (2)
August (1)
Ask a Question