Forum Systems Announces Enterprise Edition of XRay(TM) Policy Testing Solution for Web Services Security; New Automated Penetration Testing Suites Improve Security Policy Compliance and Reduce Time to Market for Web Services Applications.SAN FRANCISCO San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden -- Forum Systems, the leader in Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. security for threat protection and trust management, today announced the Enterprise Edition of Forum XRay(TM), a product that is designed to close the loop between perimeter security enforcement and policy design and configuration. The new enterprise features include penetration testing suites that can be automatically generated to simulate attacks and root out the latest system weaknesses and vulnerabilities throughout the Web services lifecycle, from development through to production. "By applying proven penetration testing techniques that exploit common weaknesses in Web services frameworks, development teams are able discover policy violations that may expose an enterprise to harm," said Walid Negm, vice president of marketing for Forum Systems. "When used as part of an ongoing process of quality control, Forum XRay has also shown to reduce Web services costs by eliminating programming errors as early as possible in the development life-cycle." Web services are prey to both accidental (design-centric) and malicious (attack-centric) security exploits. These exploits can be dangerous to an enterprise because they involve process automation closely tied to critical business functions. An exploit can lead to system delays, violations in service level agreements, stolen data, and false alarms that disrupt the flow of information and time-sensitive decision making. Forum XRay works in conjunction with VulCon(TM) (http://vulcon.forumsys.com/) and Forum XWall Web Services Firewall to create a closed-loop security solution for Web services. Forum VulCon is an online source of XML-related threat intelligence and associated remedies. These integrated solutions are part of Forum Systems Automated Threat Response Initiative(TM) aimed at reinventing the delivery of vulnerability data, policy updates and software upgrades to XML firewalls and security gateway products. About Forum XRay Enterprise Edition The Enterprise Edition of Forum XRay ships with 20 Security Test Profiles, each of which automatically generates test cases for a specific Web services vulnerability. Testers can import additional profiles as they become available through Forum Systems. Through this extensible library of profiles, organizations developing Web services can benefit from the latest knowledge of Web services vulnerabilities and industry best practices. With its automated test generation capabilities and easy-to-use interface, Forum XRay enables Web development teams to apply security policy expertise in their work, easily and automatically. Tests can focus on entire WSDLs or specific services or ports. Detailed tests results appear in results panel and can be saved, shared, and distributed for future analysis. By implementing systematic quality assurance to addresses functionality, performance, availability and vulnerability, companies can mitigate the risk of failures, accidents and cyber attacks. Forum XRay Enterprise Edition is a comprehensive security policy testing solution offering the following security and message validation feature set: --New: Library of Security Test Profiles and automated generation of test cases for specific vulnerabilities --New: Straightforward authoring tools for users who want to create their own tests using SOAP Requests --New: Support for SOAP Attachments (MIME and DIME) --New: SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. client authentication for improved security --New: Point-and-click GUI (Graphical User Interface) A graphics-based user interface that incorporates movable windows, icons and a mouse. The ability to resize application windows and change style and size of fonts are the significant advantages of a GUI vs. a character-based interface. that makes testing fast and easy --WS-I Basic Profile Compliance Validation --Support for XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. Digital Signatures, XML Encryption XML Encryption is a specification that defines how to encrypt the content of an XML element. It's recommended by the W3C. XML Encryption encompasses the encryption of any kind of data, including the encryption of XML. and WS-Security Headers --WSDL-Inspection User Interface --Web Services Penetration Test Case Suite --SOAP Request/Response Management --HTTP Basic Authentication with SSL v3/TLS --Detailed Logging and Monitoring Forum XRay Enterprise Edition is available immediately and is priced at $1,500 per seat. The Professional Edition is priced at $800 per seat. For more information visit http://forumsys.com/download_xray.htm About Forum Systems Trustworthy, ubiquitous and robust Web services can only be achieved by combining security controls that are proactive, always on and systematic. The Forum Seamless Security Solutions Architecture (Forum S3A(TM)) is an adaptive approach to building security minded service-oriented applications and data-level networks using life-cycle solutions including vulnerability management, testing systems, firewalls and gateways. Forum products are available as software, PCI-card and appliance options and comply with government requirements including FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. Certification, Common Criteria (Common Criteria for Information Technology Security) An international standard process for defining security objectives and for evaluating compliance with those objectives. The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian EAL EAL English as an Additional Language EAL Evaluation Assurance Level EAL Eastern Airlines EAL Emergency Action Level EAL Environmental Analysis Laboratory EAL Evidence Analysis Library (American Dietetic Association) 4+ and JITC JITC Joint Interoperability Test Command (formerly Joint Interoperability Test Center) JITC Joint Interoperability Test Center (obsolete; now Joint Interoperability Test Command) DoD PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of Certification. Forum Systems is an active a member of OASIS and WS-I (Web Services Interoperability Organization, www.ws-i.org) A consortium founded by Microsoft, IBM, BEA Systems and Intel that is dedicated to the development of Web services. Its goals are to provide guidance and education, to promote interoperability and to ensure that Web services helping mature standards such as WS-I Basic Profiles, SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or and WS-Security. Customers can immediately benefit from Forum technology that is bundled with market leading products including Microsoft ISA Server 2004, NetContinuum NC-1000 WSE WSE Web Services Enhancements (Microsoft) WSE Warsaw Stock Exchange (Warsaw, Poland) WSE Symposium on Web Site Evolution (IEEE International Symposum) , Network Engines NS6300X, and Oblix COREid and COREsv. For more information on adaptive solutions for Web services security visit http://vulcon.forumsys.com Forum Systems, Inc. is the Leader in Web Services Security(TM) with a comprehensive suite of trust management, threat protection and information assurance solutions for the automated Web. Forum Systems flexible hardware, software and embedded products make vibrant business communications possible by actively protecting XML data and Web services across networks and business boundaries. Forum's products have been chosen by over 80 Fortune 1000 industry leaders and are winners of Network Computing Magazine's Well-Connected 2004 Award and Product of the Year 2004 Award, Network Computing Magazine's Editor's Choice 2003 Award, Network Magazine's Product of the Year 2003 Award and DEMO 2004 Invitation. Forum XWall Web Services Firewall is the industry's only XML Firewall selected by InfoWorld LEADERBOARD lead·er·board n. A board that displays the leaders in a competition. leaderboard Noun a board displaying the current scores of the leading competitors, esp in a golf tournament 2004. Visit Forum at http://www.forumsys.com/. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion