Advanced XML Security Labs Provides Industry's First XML Web Services Intrusion Prevention Model.WASHINGTON -- XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. Web Services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. Vulnerability Threat Model to be made available to Network Security Managers and Web Services Architects to help secure Service Oriented Applications (SoA) The Advanced XML Security Laboratories (AXSL) announced today the availability of the XML Web Services Vulnerability Model, the first tool designed to help network and application security managers plan and implement XML Web Services threat mitigation solutions. The model is the result of extensive research done by AXSL and its partner organizations. XML Web Services threats are fundamentally different from network based threats. They represent a new class of risks that are directed specifically at the application layer of the network protocol and application stack The set of applications typically required by an organization. A typical "enterprise" application stack would include the basic office functions (word processing, spreadsheet, database, etc.), as well as a Web browser and e-mail and instant messaging programs. . XML Web Services security threats can vary from application to application. Without a clear understanding of these differences, commonly accepted threat models and mitigation strategies can lead to unforeseen vulnerabilities and a false sense of security of XML Web Services applications. "Our research shows that most network security managers and web services architects put XML web services intrusion prevention See IPS and IDS. high on their list of application security concerns," stated Dr. Newton Howard Dr. Newton Howard is the founder and chairman of the Center for Advanced Defense Studies, a Washington, D.C. National Security Group. He is a leading international researcher on the physics of cognition (PoC) and its applications to defense and international security. , founder and chairman of CADS. "However, a significant number of security managers indicated that there is limited information available regarding XML threats and their impact on Web Services applications. Security managers welcome the idea of an XML Web Services Threat model." XML Web Services traffic can be modified, processed or secured in layered form, illustrating one clear distinction from network based threats. The AXSL research highlights another type of XML threat, referred to as vertical threats, which are multi-dimensional in nature and span multiple layers of the protocol and application stack. AXSL research further categorizes horizontal and vertical XML threats. Horizontal Threats include encoding threats, structural threats, grammar validation threats, semantic representation threats, and semantic implementation threats. Vertical Threats involve Algorithmic threats, external entity threats, and XML web services security threats. The research establishes that the characteristics of XML threats make them complicated and particularly hard to address with conventional security mechanisms and threat models. AXSL is providing the XML Web Services Threat Prevention Model to the public as a means to improve overall security of XML Web Services. A complimentary copy of the "XML Web Services Vulnerability Intrusion Prevention Model" can be downloaded from AXSL at: http://www.sarvega.com/axsl.php About AXSL "AXSL" was founded by the Center for Advanced Defense Studies The Center for Advanced Defense Studies (CADS) is a Washington, D.C.-based non-profit, non-governmental National Security Group founded by Dr. Newton Howard. CADS utilizes the intent-centric paradigm to promote research, innovation and education in the fields of information (CADS), a renowned think tank focusing on global information security and defense initiatives, and Sarvega, Inc., the leading provider of XML networking products, to conduct advanced research into XML Web Services security, XML vulnerabilities, and the secure exchange of information amongst trading partners. About CADS CADS is an independent non-profit, non-governmental research institution located in Washington DC. Created in 2001, CADS focuses its expertise on issues of technology transfer, information sharing See data conferencing. , global defense policy initiatives, international education, and capacity building. About Sarvega Sarvega, Inc. is the leading manufacturer of XML networking products, providing enterprises with unprecedented security, performance, and ease of operation for XML Web Services. Sarvega's underlying technology, the XML Event Stream Operating System operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. (XESOS(TM), Patent Pending), combines comprehensive XML security and XML routing functionality with wire-speed performance, non-stop availability, and hardware platform independence. Sarvega's XML networking products are available both as secure network appliances and on multiple third party blade alternatives. Sarvega introduced the industry's first wire-speed XML appliance  This article or section appears to contain a large number of buzzwords and may require cleanup. , the first XML content router, and the first XML grid computing grid computing, the concurrent application of the processing and data storage resources of many computers in a network to a single problem. It also can be used for load balancing as well as high availability by employing multiple computers—typically personal solution. Sarvega's worldwide customer base includes governments and leading companies in Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject.Please [ improve this article] or discuss the issue on the talk page. , Telecommunications, and Media and Entertainment. Sarvega is the recipient of numerous technology awards for innovation, including Computerworld's Innovative Technology Award and CMP CMP (cytidine monophosphate): see cytosine. (1) (CMP Media LLC, Manhasset, NY, www.cmp.com) Part of United Business Media, CMP is a leading integrated media company that offers a wide variety of publications and services in the information Media's COMET Award. For details, visit www.sarvega.com, send email to info@sarvega.com, or call 630- 627-3131. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion