One of the main security ob jectives for systems connected to the Internet which provide services like Voice over Inter- net Protocol (VoIP) is to ensure robustness against security attacks to fulﬁll Quality of Service (QoS). To avoid system failures during attacks service providers have to integrate countermeasures which have to be tested. This work evalu- ates a test approach to determine the eﬃciency of counter- measures to fulﬁll QoS for Session Initiation Protocol (SIP) based VoIP systems even under attack. The main ob jective of the approach is the evaluation of service availability of a System Under Test (SUT) during security attacks, e.g., De- nial of Service (DoS) attacks. Therefore, a simulated system load based on QoS requirements is combined with diﬀerent security attacks. The observation of the system is based on black-box testing. By monitoring quality metrics of SIP transactions the behavior of the system is measurable. The concept was realized as a prototype and was evaluated using diﬀerent VoIP systems. For this, multiple security attacks are integrated to the testing scenarios. The outcome showed that the concept provides sound test results, which reﬂect the behavior of SIP systems availability under various at- tacks. Thus, security problems can be found and QoS for SIP-based VoIP communication under attack can be pre- dicted.