"Vordel delivered a high performance, highly scalable solution that has enabled GISS secure and manage the efficient delivery of our eGovernment services. They complemented our Software AG Web Services environment by providing the requisite levels of security for external and internal usage of these key services."
Eladio Quintanilla,
Manager of Information Systems,
Spanish Social Security
Challenges Faced
XML is now almost uninversally used as the data "glue" to link applications together. XML-based integration is being deployed using development platforms such as Microsoft .NET and J2EE.XML interfaces have been introduced into established products from vendors such as SAP and Oracle. However, the downside is that XML applications are vulnerable to a range of content-based attack avenues which must be blocked. Strong threat analysis involves scanning XML to discover whether it contains any malicious content. Examples of malicious XML content include XML Denial of Service (XDoS) attacks, unwanted or virus-laden SOAP attachments, malformed XML and SQL injection
An application which processes XML is vulnerable to attack at a number of levels. These attack levels are varied and include:
XML Structural Attacks
Attackers can create XML documents which are structured in such a way as to create a Denial of- Service attack on the recipient system by tying up parsing resources.
XML content-level attacks
These attacks involve malicious content inside XML elements and attributes. This category of attack includes SQL Injection, buffer-overflow attempts, XPath injection, and command injection.
DTD-based attacks
DTD (Document Type Definition) descriptors are the precursors to XML Schema Definition (XSD) definitions. They are not secure, because they can contain "Include" directives to load in files from the local file system (an "external entity attack"), and can be used to create recursive functions that use up memory.
REST attacks
Many XML applications are invoked by passing them parameters using HTTP GET. Also known as "REST-style" Web Services. These Web Services can be attacked by passing malicious content on the HTTP GET string.
SOAP attachments
A SOAP message may contain attachments that could contain a macro virus, an executable, XML, or any other digital content.
Brute force attacks
These include bombarding a system with many XML messages, or sending extremely large messages.
Vordel Solution
Vordel's XML Firewall detects and deflects all attacks on XML Web Services. It augments existing network firewalls by scanning XML content.
This site, and all contents and graphics, copyright © 1999 - 2008 Vordel Limited | Legal notices | Privacy policy