>>Return to the Compare IBM DataPower Site
Protecting Enterprise, SaaS & Cloud based Applications – A Comprehensive Threat model for REST, SOA and Web 2.0
This technical document describes a comprehensive threat model for a new breed of threats based on XML content, including XML languages used in the Service Oriented Architecture (SOA) paradigm such as SOAP and the Web Services Description Language [WSDL]. In today’s environment, architectures and protocols are shifting towards XML and new sets of technology vectors are emerging such as REST and XML-RPC. With Web 2.0, new threats loom on the horizon and consequently new protection methods are required to defend the application layer consuming and serving XML streams. Ajax- and RIA-based applications (Flash and Silverlight) are redefining the usage of XML streams and bringing about a shift in the threat model.
In addition, this document attempts to define the concept of XML Intrusion Prevention (XIP) as an analog to traditional network-based intrusion prevention. A new type of threat called an XML Content Attack is defined, and examples are provided for each layer in the threat model. Also, this document attempts to use the problem of lost context between XML processing layers to characterize many of the security problems that arise during XML processing. Finally, a specifc type of content-aware application-level proxy or firewall countermeasure is illustrated with Intel SOA Expressway.
Information Library
-
White Paper:
-
White Paper:
-
Video:
-
White Paper:
-
Analyst Report(New):
-
Analyst Report:
-
Analyst Report:
-
White Paper:
-
White Paper:
The XACML Enabled Gateway – The Entrance to a New SOA Ecosystem
-
White Paper:
-
SOA Mag Article:
-
White Paper:
Accelerate SOA Processing
with Intel SSE4.2 Instruction Sets -
Data Sheet:
-
Security for Oracle Fusion/11G
-
SOA Expressway Web Site:
News/Events
-
Blog:
Truth in SOA
-
Blog:
Joshua Painter
Learn About 8 Core SOA Appliance Usage Scenarios-Digital White Board
