Digital Edition

SYS-CON.TV
Tool to Battle XML Web Services Threats Available
First Tool to Address Web Services Vulnerabilities

The Advanced XML Security Laboratories (AXSL) announced today the availability of the XML Web Services Vulnerability Model, the first tool designed to help network and application security managers plan and implement XML Web services threat mitigation solutions. The model is the result of extensive research done by AXSL and its partner organizations.

"AXSL" was founded by the Center for Advanced Defense Studies (CADS), a renowned think tank focusing on global information security and defense initiatives, and Sarvega, the leading provider of XML networking products, to conduct advanced research into XML Web services security, XML vulnerabilities, and the secure exchange of information amongst trading partners.

XML Web services threats are fundamentally different from network based threats. They represent a new class of risks that are directed specifically at the application layer of the network protocol and application stack. XML Web services security threats can vary from application to application. Without a clear understanding of these differences, commonly accepted threat models and mitigation strategies can lead to unforeseen vulnerabilities and a false sense of security of XML Web services applications.

"Our research shows that most network security managers and Web services architects put XML Web services intrusion prevention high on their list of application security concerns," stated Dr. Newton Howard, founder and chairman of CADS. "However, a significant number of security managers indicated that there is limited information available regarding XML threats and their impact on Web services applications. Security managers welcome the idea of an XML Web services threat model."

XML Web services traffic can be modified, processed or secured in layered form, illustrating one clear distinction from network based threats. The AXSL research highlights another type of XML threat, referred to as vertical threats, which are multi-dimensional in nature and span multiple layers of the protocol and application stack. AXSL research further categorizes horizontal and vertical XML threats. Horizontal Threats include encoding threats, structural threats, grammar validation threats, semantic representation threats, and semantic implementation threats. Vertical Threats involve algorithmic threats, external entity threats, and XML Web services security threats.

The research establishes that the characteristics of XML threats make them complicated and particularly hard to address with conventional security mechanisms and threat models. AXSL is providing the XML Web services Threat Prevention Model to the public as a means to improve overall security of XML Web services.

About SOA News Desk
SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

In today's always-on world, customer expectations have changed. Competitive differentiation is deliv...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, m...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), wh...
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...