Digital Edition

SYS-CON.TV
Tool to Battle XML Web Services Threats Available
First Tool to Address Web Services Vulnerabilities

The Advanced XML Security Laboratories (AXSL) announced today the availability of the XML Web Services Vulnerability Model, the first tool designed to help network and application security managers plan and implement XML Web services threat mitigation solutions. The model is the result of extensive research done by AXSL and its partner organizations.

"AXSL" was founded by the Center for Advanced Defense Studies (CADS), a renowned think tank focusing on global information security and defense initiatives, and Sarvega, the leading provider of XML networking products, to conduct advanced research into XML Web services security, XML vulnerabilities, and the secure exchange of information amongst trading partners.

XML Web services threats are fundamentally different from network based threats. They represent a new class of risks that are directed specifically at the application layer of the network protocol and application stack. XML Web services security threats can vary from application to application. Without a clear understanding of these differences, commonly accepted threat models and mitigation strategies can lead to unforeseen vulnerabilities and a false sense of security of XML Web services applications.

"Our research shows that most network security managers and Web services architects put XML Web services intrusion prevention high on their list of application security concerns," stated Dr. Newton Howard, founder and chairman of CADS. "However, a significant number of security managers indicated that there is limited information available regarding XML threats and their impact on Web services applications. Security managers welcome the idea of an XML Web services threat model."

XML Web services traffic can be modified, processed or secured in layered form, illustrating one clear distinction from network based threats. The AXSL research highlights another type of XML threat, referred to as vertical threats, which are multi-dimensional in nature and span multiple layers of the protocol and application stack. AXSL research further categorizes horizontal and vertical XML threats. Horizontal Threats include encoding threats, structural threats, grammar validation threats, semantic representation threats, and semantic implementation threats. Vertical Threats involve algorithmic threats, external entity threats, and XML Web services security threats.

The research establishes that the characteristics of XML threats make them complicated and particularly hard to address with conventional security mechanisms and threat models. AXSL is providing the XML Web services Threat Prevention Model to the public as a means to improve overall security of XML Web services.

About SOA News Desk
SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Dynatrace is an application performance management software company with products for the informatio...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...