Home News About Us Contact Us
Protecting your Information Assets

 

 

 

 

 

Web Services and XML Security

As enterprises standardise on Web services and the principles of SOA, they must revisit their security strategy and implementation across their enterprise.

Information represented in the extensible Markup language (XML) and the transactions that rely on Web services protocols are vulnerable because existing security mechanisms such as Secure Sockets Layer, Web Single Sign-On and Basic Authentication cannot control the flow of loosely-coupled interactions. Intelligent security and networking intermediaries that can interpret XML messages and Web services communications are required to enforce enterprise policies such as message-level access control, content-based routing, content encryption, service-level agreements and service-oriented identity management.

Web services transactions and XML data are vulnerable to a number of known attacks that threaten this form of communication including Malicious code injection, XML routing detours, External Entity attacks, Recursive payloads, Schema Poisoning threats and oversized payloads.

The cost of these attacks can be anything from corrupted business transactions, exposure of confidential information, network and application outages to regulatory penalties, disrupted business processes and workflows and damaged reputations and relationships.

If you require security measures to actively protect XML data and Web Services across your networks and business boundaries contact us

Forum Xpose Service

The following tool is designed to identify Web Services vulnerabilities and threats by using your own organisations Web Services schemas. The tool can be used for 14 days unlimited trial version. Click on the following link and follow the registration process

http://vulcon.forumsys.com:8081/xpose/

Forum Vulcon Web Service Containment

Forum Vulcon Web Service Vulnerability Containment is an early warning system that alerts consumers and producers to current and new XML-related vulnerabilities. Forum Vulcon is on-line subscription service that delivers reports of known product exploits and impending threats with recommendations for countermeasures such as antivirus updates, software repair recommendations and proposals to enhance systems defences.

Forum Vulcon™ aggregates third-party data from companies such as Oracle, Microsoft, ISS and Symantec that describe known product weaknesses and exploits with associated corrective actions. Reports can be viewed on-line or accessed via a WSDL Web Services interface for automated report delivery

Contact us to subscribe to this service.

Forum Systems Introduces PCI Standard 1.1 Web Application Firewall Protection Services

Shearwater’s partner Forum Systems, the leader in SOA and Web Services security infrastructure, has announced the release of a Payment Card Industry Data Security Standard (PCI DSS) security module to enable compliance with updated Web application security requirements. Organizations that rely on credit card payments are facing new mandates as part of the PCI standard version 1.1 by mid-2008. The security obligations call for additional protection of Web applications through the use of application code reviews and the implementation of a Web application firewall.

Forum APS™ (Application Protection Services) is a security module designed to help organizations comply with new PCI DSS requirements. Forum APS™ offers organizations security enforcement policies that protect against Web application security vulnerabilities such as invalidated input, broken access control, buffer overflows, injection flaws, improper error handling as well as other application-layer security vulnerabilities. Forum APS™ also packages security functionality to support strong authentication such as Digital Signatures and two-factor authentication for administrators restricting remote access to systems that hold and manage debit or credit card data. For more information please contact us.