XML Security Comes to the Fore at RSA

Computer security comes in many forms. But one of the newest frontiers is
safeguarding and improving the performance of XML, as independent companies
like Forum Systems, Sarvega, Reactivity and DataPower can attest.

Those vendors made a slew of announcements this week at the RSA Conference
2005, where shoring
the network against unwanted intruders, viruses and worms was the key

Improving XML performance and security is of paramount importance for these
vendors, because XML is the most common markup language used to write Web
services , the next generation of distributed

Estimated by research firms such as IDC, Gartner and ZapThink to be a multi-billion-dollar market over the next five years, Web services allow
applications to communicate with each other across different networks, all
over the world, to conduct transactions. Cisco is expected
to enter the market soon.

Unfortunately, Web services are vulnerable to accidental and malicious
exploits, because they have straight-through processing. One little exploit
can lead to system delays and stolen data. In fact, Web services are the
most commonly exploited vulnerability in Microsoft Windows systems,
according to the SANS Institute Top-20 2004 list.

For those reasons and more, Forum has created XRay, a product that aims to
close the loop between security enforcement and software policies.

For $500 a seat, XRay reproduces undesired usage patterns or malicious
activities to zero in on system weaknesses throughout the service-oriented
architecture (SOA) , the framework from which most Web services
will operate in an IT environment.

XRay works in conjunction with VulCon, which Forum described in a statement
as a threat intelligence service for XML Web services vulnerabilities.
Provided for free, VulCon alerts users to malicious cyber attacks and
software vulnerabilities.

XML security vendor Sarvega meanwhile introduced its Command Center, a
drag-and-drop policy software platform that can configure, deploy and manage
Sarvega XML Guardian Gateway appliances individually, or as a cluster.

Command Center provides administrators the ability to provision a Web
service based on its WSDL and allows administrators to write a
default security policy for Web services. The software is available on
Windows 2000, Windows NT and Windows XP, with future availability on RedHat
Linux 9.0.

XML Guardian Gateway software has also been refreshed. Version 5.0 now
enables verification or encryption of XML signatures at over 1,700
transactions per second and support validation throughput at up to Gigabit

Coercive parsing, password guessing threats, SQL code injection, dirty word
filtering, external entity protection and XML security vulnerabilities were
also addressed in 5.0.

In related news, DataPower landed $10 million in a new funding round, led by
Atlas Venture. Also, DataPower’s XS40 XML Security Gateway has passed muster
with the World Wide Web Consortium’s XML Key Management Specification (XKMS)
interoperability testing. XKMS is designed to simplify the integration of
public key infrastructure and digital certificates.

Meanwhile, Reactivity Monday unveiled the Reactivity Federated Identity
Model for Web services, a reference architecture based on the Liberty
Alliance trust model that offers a way to preserve and use layered identity
with XML Web services.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web