Fuzzing is a proactive method for discovering zero-day security flaws in software. Fuzzing can be used in R&D, but also when deploying communication software. The system BLOCKIN BLOCKIN such as a mobile phone or a set-top box for IPTV. Without proactive tools, the traditional security measures are doomed to fail because they are only focused on defending… (More)
Introduction This Taxonomy defines the many potential security threats to VoIP deployments, services, and end users. The overall goal is to help drive VoIP security awareness with the press, industry and public. In particular this Taxonomy provides a detailed structure for technical vulnerabilities that informs the following constitutencies: • Press and… (More)
AusCERT advisories from summer 1996 pushed him beyond point of no return by raising the question "More of this same kind, again?" Ever since he has been pestering AusCERT and vendors with bug reports too long to be read. Ari Takanen, a complementary reinforcement with NT networking and administration background, brings in his expertise and interests in the… (More)
Standards in communication enable new test automation techniques for verification of reliability and security. Fuzzing is a negative software testing method that feeds a program, device or system with malformed and unexpected input data in order to find critical crash-level defects. The tests are targeted at remote interfaces, and will focus on finding… (More)
About the Authors Ari Takanen is an undergraduate student at the University of Oulu. He comes from an NT networking and administration background, but is now concentrating on vulnerability research. His goal is a master's degree in Information Engineering (MSEE). Meanwhile he is working as a research scientist at the Department of Electrical Engineering.… (More)
A checksum-aware directed fuzzing tool for automatic software vulnerability detection. Detecting communication protocol security flaws by formal fuzz testing and machine learning. Zou. Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting.
Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and… (More)
New wireless technologies such as WiMAX, NFC and ZigBee are rapidly being adopted, along with existing wireless standards such as Bluetooth, Wi-Fi, GSM and other cellular technologies. Bluetooth and Wi-Fi have already become notorious for severe security shortcomings during their relatively brief existence. New vulnerabilities and exploits are reported and… (More)