The Session Initiation Protocol (SIP) is a signalling protocol for Internet telephony, instant messaging and alike. Although SIP implementations have not yet been widely deployed, the product portfolio is expanding rapidly. A subset of SIP, namely INVITE messages, was chosen as the subject protocol for vulnerability assessment through syntax testing and test-suite creation. A survey of the related standards was made. Test-material was prepared and tests were carried out against a sample set of existing implementations. Results were gathered and reported. Many of the implementations available for evaluation failed to perform in a robust manner under the test. Some failures had information security implications, and should be considered as vulnerabilities. In order to achieve a robustness baseline for SIP products this test-material should be adopted for their evaluation and development. A more comprehensive test-suite should be developed as the SIP scene matures.
See AlsoProtocol Verification and Testing
Created by: jht2, Last modification: Mon 12 of Apr, 2004 (09:37 UTC)
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+