OpenSIPS Security audit ( Penetration Tests)
Donation protected
The work aims to uncover critical vulnerabilities within some of the most exposed code in OpenSIPS. Enable Security will be using proven techniques, including instrumented fuzzing, black box fuzzing, manual code review and security testing with their toolset, SIPVicious PRO in a concentrated effort to discover security issues within the project.
The actual work includes development of automated tests, and fuzzing harness code as well as manual testing to identify vulnerabilities such as memory corruption issues, logic issues especially those that may lead to authentication bypass and denial of service vulnerabilities. The identification of such vulnerabilities will allow OpenSIPS to address these bugs which in turn will help the project become an even more robust and secure solution.
Enable Security is known for having dedicated RTC security expertise through its various bug reports, research publications, presentations and other resources that are compiled as part of their contributions to the community and the RTC world. In this case, Enable Security would be focusing on a security audit on OpenSIPS as they do within their commercial security services, thus making a dedicated effort to identify more than just _low hanging fruit_ security issues.
Apart from a technical report with full details of their exploits and methodology, their aim is to provide the community with contributions to the OpenSIPS project so that it can be integrated within the OSS-Fuzz project and other automated quality assurance processes. This will ensure that OpenSIPS can be easily tested for security vulnerabilities that may be introduced in future updates.
This security audit is to be performed by the Sandro Gauci and his team from Enable Security https://enablesecurity.com
The actual work includes development of automated tests, and fuzzing harness code as well as manual testing to identify vulnerabilities such as memory corruption issues, logic issues especially those that may lead to authentication bypass and denial of service vulnerabilities. The identification of such vulnerabilities will allow OpenSIPS to address these bugs which in turn will help the project become an even more robust and secure solution.
Enable Security is known for having dedicated RTC security expertise through its various bug reports, research publications, presentations and other resources that are compiled as part of their contributions to the community and the RTC world. In this case, Enable Security would be focusing on a security audit on OpenSIPS as they do within their commercial security services, thus making a dedicated effort to identify more than just _low hanging fruit_ security issues.
Apart from a technical report with full details of their exploits and methodology, their aim is to provide the community with contributions to the OpenSIPS project so that it can be integrated within the OSS-Fuzz project and other automated quality assurance processes. This will ensure that OpenSIPS can be easily tested for security vulnerabilities that may be introduced in future updates.
This security audit is to be performed by the Sandro Gauci and his team from Enable Security https://enablesecurity.com
Fundraising team (3)
Alex Goulis OpenSIPS
Organizer
Aldine, TX
Bogdan Iancu
Team member
Shlomi Gutman
Team member