Sarvega Becomes First Web Services Security Company to Commit to Ongoing Independent Product Assurance Program.CHICAGO -- Newest Version of Sarvega XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. Guardian Gateway Is First Web Services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. Product Validated by Independent Security Assurance Testing in New Program Offered by iSEC Partners Sarvega(TM), Inc, the leader in XML Networking products, announced today results of an independent product security assessment of its XML Guardian Gateway and the company's commitment to independent ongoing assurance testing of its industry leading XML Firewall First brought to market by Forum Systems, an XML firewall is a specialized firewall used to provide security for XML messaging such as Web services. XML firewalls are types of XML appliances that are separated from internal computer systems and frequently reside in an . The assessment was performed by iSEC Partners, the pre-eminent digital security consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a specializing in security assurance programs for network and application products. The results of iSEC's security assessment validated that the management and administration aspects of the most current release of Sarvega's XML Guardian Gateway adheres to security industry best practices. The product security assessment is part of ISEC's new Security Assurance Program which is designed to validate security best practices for networking and XML Web Services security products. "Sarvega is committed to keeping our products current with security best practices and understands the importance of regularly scheduled security assessments performed by independent industry experts as part of our product security program," said Girish Juneja, co-founder and senior vice president of product management for Sarvega. "The results of iSEC's report confirm Sarvega's ability to deliver products that contribute significantly to the overall protection of an enterprise's Web Services environment." "Security is an ongoing process and it is critical for vendors to keep their products current with the latest security best practices," said Himanshu Dwivedi, Senior Partner for iSEC Partners, LLC (Logical Link Control) See "LANs" under data link protocol. LLC - Logical Link Control . "That can be accomplished only through an approach to design security into the product and then validate the results with ongoing independent product security assessments. Sarvega has demonstrated their commitment to a rigorous assurance program for their XML Guardian Gateway product." iSEC's Security Assurance Program is designed to help product vendors address security requirements upfront and to model specific threat scenarios that can identify product vulnerabilities and enumerate To count or list one by one. For example, an enumerated data type defines a list of all possible values for a variable, and no other value can then be placed into it. See device enumeration and ENUM. exploitation possibilities to assure industry best practices for product security. iSEC implemented numerous test scenarios across a variety of functions by using automated scanners, manual techniques, and propriety methods to assess the security defense capabilities of the management and administration aspects of the Sarvega XML Guardian Gateway. The test methodology included buffer overflows, directory traversal A directory traversal is to exploit insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" is passed through to the file APIs. , denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. , hidden fields, cross-site scripting See XSS. attacks, HTTP Header A record sent by clients and servers communicating with each other via the HTTP protocol. The header is a stream of text that may be sent without any content following it or with the content that it describes. overflow and format string attacks, direct path browsing, CGI CGI in full Common Gateway Interface. Specification by which a Web server passes data between itself and an application program. Typically, a Web user will make a request of the Web server, which in turn passes the request to a CGI application program. and PHD exploits, and Perl script injections to verify the defense capabilities of the XML Gateway. iSEC's independent assessment confirmed that the management and administration aspects of the Sarvega XML Guardian Gateway exceeded industry best practices. About Sarvega Sarvega, Inc. is the leading manufacturer of XML networking products, providing enterprises with unprecedented security, performance, and ease of operation for XML Web Services. Sarvega's underlying technology, the XML Event Stream Operating System operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. (XESOS(TM), Patent Pending), combines comprehensive XML security and XML routing functionality with wirespeed performance, non-stop availability, and hardware platform independence. Sarvega's XML networking products are available both as secure network appliances and on multiple third party blade alternatives. Sarvega introduced the industry's first wirespeed XML appliance, the first XML content router, and the first XML grid computing solution. Sarvega's worldwide customer base includes governments and leading companies in Financial Services, Telecommunications, and Media and Entertainment. Sarvega is the recipient of numerous technology awards for innovation, including Computerworld's Innovative Technology Award and CMP CMP (cytidine monophosphate): see cytosine. (1) (CMP Media LLC, Manhasset, NY, www.cmp.com) Part of United Business Media, CMP is a leading integrated media company that offers a wide variety of publications and services in the information Media's COMET Award. For details, please visit www.sarvega.com, send email to info@sarvega.com, or call 630-627-3131. About iSEC Partners Information Security Partners, LLC (iSEC Partners) has assembled several of the world's best security researchers to create the pre-eminent leader in security consulting, research and tool development. iSEC has created a new standard for customer satisfaction by listening to our Clients and developing innovative solutions like the iSEC Security Assurance Program - A process for validating that product security features are consistent with industry standards. For details, please visit www.isecpartners.com, send email to info@isecpartners.com, or call 415-378-0100. Sarvega, XML Context Router, XML Guardian, XML Speedway, XML EventStream, XESOS, and Context Console are trademarks of Sarvega, Inc. All other names are trademarks of their respective companies. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion