http://www.itworld.com/fuzzing xx http://www.itworld.com/security/64502/fuzzing-and-product-security Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar. http://www.itworld.com/security/64502/fuzzing-and-product-security#comments Security Best practice analyst fuzzing penetration testing QA research security testing Wed, 18 Mar 2009 04:40:30 -0400 Ari Takanen 64502 at http://www.itworld.com http://www.itworld.com/security/61015/fuzzing-still-widely-unknown Based on a recent study by Gary McGraw and other well known security gurus, all major product security teams apparently use fuzzing. But most (even security specialists) still seem to misunderstand what fuzzing really is about. Enter the world of fuzzing! http://www.itworld.com/security/61015/fuzzing-still-widely-unknown#comments Development Endpoint security Internet Mobile & wireless Networking Operating systems Security Software Opinion fuzzing security testing voip Mon, 19 Jan 2009 09:18:25 -0500 Ari Takanen 61015 at http://www.itworld.com http://www.itworld.com/security/55563/voip-still-not-ready-carrier-grade-networks After a quick tour of some Really Talented Groups dedicated to fuzzing research, I noticed three things: 1) Most teams are focused on fuzzing VoIP 2) Most if not all VoIP devices still break with fuzzing 3) Most VoIP vendors still do not get it. The tour continues... http://www.itworld.com/security/55563/voip-still-not-ready-carrier-grade-networks#comments Development Internet Mobile & wireless Networking Security Server and data center Software Opinion book fuzzing security testing voip Thu, 02 Oct 2008 13:22:42 -0400 Ari Takanen 55563 at http://www.itworld.com http://www.itworld.com/security/54688/there-motivation-voip-fuzzing What have we learned during these six or so years of proactive security work with VoIP fuzzing? Here is my top ten discoveries. http://www.itworld.com/security/54688/there-motivation-voip-fuzzing#comments Networking Security Opinion fuzzing security telecommunications testing voip Thu, 04 Sep 2008 03:06:57 -0400 Ari Takanen 54688 at http://www.itworld.com http://www.itworld.com/security/54291/voip-security-auditing-becoming-more-and-more-complex-not I am curious how people can conduct penetration tests of a complex VoIP system when they barely understand how VoIP infrastructure works. Today, security people are still stuck to auditing practices from 1990s. When asked to do a penetration test, a consultant often is only looking at past issues that can be detected using various vulnerability scanners. Very few of them know that vulnerability scanners have extremely bad coverage of vulnerabilities in VoIP solutions. And even if the tools did know VoIP, who really cares about past issues that might have been relevant several years ago. http://www.itworld.com/security/54291/voip-security-auditing-becoming-more-and-more-complex-not#comments Networking Security Opinion fuzzing security testing tool voip Fri, 15 Aug 2008 07:14:58 -0400 Ari Takanen 54291 at http://www.itworld.com