Codenomicon, the main focus of Ari's work is with security testing of various next generation communication technologies such as VoIP, WiMAX and IPTV. His latest book is focused on this topic, and is titled "Fuzzing for Software Security Testing and Quality Assurance". You can win a free copy of The Fuzzing Book from the Codenomicon web site. What is VoIP security all about? After close to ten years of hacking and bashing VoIP, Ari Takanen will finally reveal the secrets and discuss the hype around VoIP security. The discussions in this blog will draw from his book "Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures" co-authored by Peter Thermos, and published by Addison-Wesley. Ari will answer any questions and comments you might have regarding penetration testing and fuzzing of next generation communication networks such as IP telephony. Check out the sample chapter of the VoIP book here!" /> Ari Takanen | ITworld

Security: Secrets and Hype

RSS Link

The topics of this blog are in Fuzzing and VoIP security. As the CTO of Codenomicon, the main focus of Ari's work is with security testing of various next generation communication technologies such as VoIP, WiMAX and IPTV. His latest book is focused on this topic, and is titled "Fuzzing for Software Security Testing and Quality Assurance". You can win a free copy of The Fuzzing Book from the Codenomicon web site. What is VoIP security all about? After close to ten years of hacking and bashing VoIP, Ari Takanen will finally reveal the secrets and discuss the hype around VoIP security. The discussions in this blog will draw from his book "Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures" co-authored by Peter Thermos, and published by Addison-Wesley. Ari will answer any questions and comments you might have regarding penetration testing and fuzzing of next generation communication networks such as IP telephony. Check out the sample chapter of the VoIP book here!

by Ari Takanen

Ari Takanen is founder and CTO of Codenomicon (www.codenomicon.com). Since 1998, Ari has focused on information security issues in next-generation networks and other security critical environments. He began this work at Oulu University Secure Programming Group (OUSPG) as a contributing member to PROTOS research. His current company, Codenomicon Ltd. provides commercial solutions for security testing of communication devices and networks. Ari has been speaking at numerous security and testing conferences, and has been invited to speak at leading universities and international corporations.

View Profile

Reason Behind Vulnerabilities

Posted Sep 08, 2008 - 03:54 pm

Now something completely unrelated to VoIP: Reason behind all vulnerabilities in software! I read an article that explained how vulnerabilities are basically created by the fact that people tend to drift from good development principles into practices that are just simply Fun. The engineers among us know that software development can be enormously interesting, something you would happily even do in your leisure time. But can fun be converted into reliable software?
(Is There) Motivation for VoIP Fuzzing

Posted Sep 04, 2008 - 03:06 am

What have we learned during these six or so years of proactive security work with VoIP fuzzing? Here is my top ten discoveries.
- Tweet
- Security, fuzzing, security
VoIP security auditing is becoming more and more complex ... Not!

Posted Aug 15, 2008 - 07:14 am

I am curious how people can conduct penetration tests of a complex VoIP system when they barely understand how VoIP infrastructure works. Today, security people are still stuck to auditing practices from 1990s. When asked to do a penetration test, a consultant often is only looking at past issues that can be detected using various vulnerability scanners. Very few of them know that vulnerability scanners have extremely bad coverage of vulnerabilities in VoIP solutions. And even if the tools did know VoIP, who really cares about past issues that might have been relevant several years ago.
- Tweet
- Security, fuzzing, security
Greatest Challenge in VoIP Security

Posted Jul 16, 2008 - 03:08 am

The greatest challenge in VoIP security is that there are very few good example case studies available. There are some very good VoIP deployments. But try to find a white-paper with someone disclosing all the their success stories in building a perfect VoIP network. No luck! Unfortunately much of that data is hidden in confidential documents. Still, I have really loved to see VoIP security emerge and evolve from being a hindrance in VoIP deployment, into a key marketing value. Finally some of those success stories will get a chance to see daylight.

May is...
Cloud Month

BY THE NUMBERS: Cloud computing

CAREER: Top cloud jobs

MANAGEMENT: Cost battle: Cloud computing vs. in-house IT

REVIEW: 4 killer cloud IDEs

DEVELOPMENT: When to use cloud platforms vs. dedicated servers

SLIDESHOW: Top 10 cloud tools for IT pros

Learn more

Will Microsoft's anti-iPad strategy work?

6 comments
Linux commands: Newusers adds new users ... fast and furious!

2 comments
More Mobile Collaboration Apps Needed

2 comments
Mount Everest ice is melting away, researchers say

2 comments
Which restaurants violate health codes and other insights from open data

1 comment

White Papers & Webcasts

White Paper

Join today!

Get FREE access to premium content, in-depth reviews, practical tips

6 IT hiring tips to weed out the duds
Rule #1: Don't hire out of desperation.
4 free tools to simulate a cloud connection
Linux-based WAN emulation tools worth a look.
15 common IT resume mistakes (and how to avoid them)
Learn how to build a better resume.