Secure SOA Infrastructure - Better Control Mission Critial SOA Deployments by Forum SystemsWelcome, Guest      sign in | register | help


   Search for:        Advanced Search
Research Abstract
Secure SOA Infrastructure - Better Control Mission Critial SOA Deployments
by Forum Systems

> View this now

Published on: September 13, 2005
Type of content: WHITE PAPER
Format: Adobe Acrobat (.pdf) (294 kb)
Length: 13 pages
Price: FREE

Overview:
Service Oriented Architectures (SOAs) create fundamental changes in application architecture, service design, development practices as well as operational management and governance. The reason for such deep-rooted change is that SOA applications have the following distinctive characteristics:

1. Modular software that communicates using eXtensible Markup Language (XML)
2. Service-to-service interactions that work on behalf of, or instead of, users
3. User rights that are delegated to federated Web services
4. Reusable and loosely coupled processes and software that are invoked

Since all clients and service/resource providers participating in a SOA setting have to install some sort of XML component, hackers and malicious users are free to discover vulnerabilities resident in XML parsers, WSDL1 end-points and SOAP2 processors. More over, client/server and Web application security controls were not designed for a threat profile brought on by a constantly evolving set of XML-related specifications. The limitations in traditional security controls lie in their inability to inspect and act upon machine-to-machine interactions that use XML, SOAP and the WS-OASIS standards.

The new threats that emerge within a SOA environment include:

*Parameter Tampering: Manipulated XML values are used to conduct fraudulent transactions
*Coercive Parsing: Corrupted XML/SOAP messages are used to disrupt and disable unprepared and vulnerable services
*Recursive Payload: Deeply nested XML documents are constructed to exhaust computing resources
*WSDL Scanning: Business API's are probed for sensitive data and vulnerabilities
*External Entity Attacks: External references can be made to import compromised data
*SOAP Routing Detours: Messages are re-directed to malevolent processing intermediaries
*SOAP with malicious software: SOAP hides and obscures viruses, spyware and other unwanted programs
*SQL Injections into SOAP: SQL code is modified and left undetected because it is embedded in XML
*WS-Security Spoofing: SOAP security contexts are overridden to gain unauthorized data access

> View Company Report
> View all content by this company
> Return to Search Results


 
 Forum Systems recommends the following related solutions and research:
Forum Presidio - Open PGS Security Gateway - Regulatory Compliance (SOFTWARE PRODUCT)
Forum Sentryâ„¢ - Web Services Security Gateway - Drive Return on Investment (SOFTWARE PRODUCT)
Forum XWall - Web Services Security Firewalls - Prevent Unauthorized Access (SOFTWARE PRODUCT)
     
  The Complete KnowledgeStorm Network of Technology Search Sites. Focused searching for faster results.

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints




  TechTarget - The IT Media ROI Experts