Digital Edition

SYS-CON.TV
Tool to Battle XML Web Services Threats Available
First Tool to Address Web Services Vulnerabilities

The Advanced XML Security Laboratories (AXSL) announced today the availability of the XML Web Services Vulnerability Model, the first tool designed to help network and application security managers plan and implement XML Web services threat mitigation solutions. The model is the result of extensive research done by AXSL and its partner organizations.

"AXSL" was founded by the Center for Advanced Defense Studies (CADS), a renowned think tank focusing on global information security and defense initiatives, and Sarvega, the leading provider of XML networking products, to conduct advanced research into XML Web services security, XML vulnerabilities, and the secure exchange of information amongst trading partners.

XML Web services threats are fundamentally different from network based threats. They represent a new class of risks that are directed specifically at the application layer of the network protocol and application stack. XML Web services security threats can vary from application to application. Without a clear understanding of these differences, commonly accepted threat models and mitigation strategies can lead to unforeseen vulnerabilities and a false sense of security of XML Web services applications.

"Our research shows that most network security managers and Web services architects put XML Web services intrusion prevention high on their list of application security concerns," stated Dr. Newton Howard, founder and chairman of CADS. "However, a significant number of security managers indicated that there is limited information available regarding XML threats and their impact on Web services applications. Security managers welcome the idea of an XML Web services threat model."

XML Web services traffic can be modified, processed or secured in layered form, illustrating one clear distinction from network based threats. The AXSL research highlights another type of XML threat, referred to as vertical threats, which are multi-dimensional in nature and span multiple layers of the protocol and application stack. AXSL research further categorizes horizontal and vertical XML threats. Horizontal Threats include encoding threats, structural threats, grammar validation threats, semantic representation threats, and semantic implementation threats. Vertical Threats involve algorithmic threats, external entity threats, and XML Web services security threats.

The research establishes that the characteristics of XML threats make them complicated and particularly hard to address with conventional security mechanisms and threat models. AXSL is providing the XML Web services Threat Prevention Model to the public as a means to improve overall security of XML Web services.

About SOA News Desk
SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
Dynatrace is an application performance management software company with products for the informatio...
Today, we have more data to manage than ever. We also have better algorithms that help us access our...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news an...
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
Adding public cloud resources to an existing application can be a daunting process. The tools that y...
A valuable conference experience generates new contacts, sales leads, potential strategic partners a...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can ...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...