[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS Member News: ADVANCED XML SECURITY LABS PROVIDES INDUSTRY'S FIRST XML WEB SERVICES INTRUSION PREVENTION MODEL
http://www.sarvega.com/press.php?pressID=273 ADVANCED XML SECURITY LABS PROVIDES INDUSTRY'S FIRST XML WEB SERVICES INTRUSION PREVENTION MODEL XML Web Services Vulnerability Threat Model to be made available to Network Security Managers and Web Services Architects to help secure Service Oriented Applications (SoA) Washington, D.C., February 18, 2005 - The Advanced XML Security Laboratories (AXSL) announced today the availability of the XML Web Services Vulnerability Model, the first tool designed to help network and application security managers plan and implement XML Web Services threat mitigation solutions. The model is the result of extensive research done by AXSL and its partner organizations. XML Web Services threats are fundamentally different from network based threats. They represent a new class of risks that are directed specifically at the application layer of the network protocol and application stack. XML Web Services security threats can vary from application to application. Without a clear understanding of these differences, commonly accepted threat models and mitigation strategies can lead to unforeseen vulnerabilities and a false sense of security of XML Web Services applications. "Our research shows that most network security managers and web services architects put XML web services intrusion prevention high on their list of application security concerns," stated Dr. Newton Howard, founder and chairman of CADS. "However, a significant number of security managers indicated that there is limited information available regarding XML threats and their impact on Web Services applications. Security managers welcome the idea of an XML Web Services Threat model." XML Web Services traffic can be modified, processed or secured in layered form, illustrating one clear distinction from network based threats. The AXSL research highlights another type of XML threat, referred to as vertical threats, which are multi-dimensional in nature and span multiple layers of the protocol and application stack. AXSL research further categorizes horizontal and vertical XML threats. Horizontal Threats include encoding threats, structural threats, grammar validation threats, semantic representation threats, and semantic implementation threats. Vertical Threats involve Algorithmic threats, external entity threats, and XML web services security threats. The research establishes that the characteristics of XML threats make them complicated and particularly hard to address with conventional security mechanisms and threat models. AXSL is providing the XML Web Services Threat Prevention Model to the public as a means to improve overall security of XML Web Services. A complimentary copy of the "XML Web Services Vulnerability Intrusion Prevention Model" can be downloaded from AXSL at: http://www.sarvega.com/axsl.php About AXSL "AXSL" was founded by the Center for Advanced Defense Studies (CADS), a renowned think tank focusing on global information security and defense initiatives, and Sarvega, Inc., the leading provider of XML networking products, to conduct advanced research into XML Web Services security, XML vulnerabilities, and the secure exchange of information amongst trading partners. About CADS CADS is an independent non-profit, non-governmental research institution located in Washington DC. Created in 2001, CADS focuses its expertise on issues of technology transfer, information sharing, global defense policy initiatives, international education, and capacity building. About Sarvega Sarvega, Inc. is the leading manufacturer of XML networking products, providing enterprises with unprecedented security, performance, and ease of operation for XML Web Services. Sarvega's underlying technology, the XML Event Stream Operating System (XESOST, Patent Pending), combines comprehensive XML security and XML routing functionality with wire-speed performance, non-stop availability, and hardware platform independence. Sarvega's XML networking products are available both as secure network appliances and on multiple third party blade alternatives. Sarvega introduced the industry's first wire-speed XML appliance, the first XML content router, and the first XML grid computing solution. Sarvega's worldwide customer base includes governments and leading companies in Financial Services, Telecommunications, and Media and Entertainment. Sarvega is the recipient of numerous technology awards for innovation, including Computerworld's Innovative Technology Award and CMP Media's COMET Award. For details, visit www.sarvega.com, send email to info@sarvega.com, or call 630- 627-3131. # # # Press Contact: Peter Borbely Sarvega (919) 345-5079 peter@sarvega.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]