Forum Systems is turning its attention to preventing threats targeted at Web services. The move comes after the company has provided mechanisms to ensure the validity of XML documents.
This week at DEMO 2004, Forum will introduce a firewall designed to stop threats that would otherwise exploit traditional firewalls through open ports designated for HTTP traffic. Dubbed XWall, the new firewall protects against attacks that conceal malicious code within SOAP
and XML messages -- the mechanisms that deliver data in a Web service.
“Trust management has already been addressed, but now we’re working toward threat protection,” said Weston Swenson, president and CEO of Forum Systems. “WSDL files are targeted because they are publicly available and are like an API that tells how to expose our database.” WSDL is an XML format for describing network services as a set of end points operating on messages containing either document-oriented or procedure-oriented information.
Many e-tailers provide a WSDL to trusted partners to allow them to tie into its database, Swenson said. Sophisticated hackers can spoof trusted users who have been granted access to a company’s WSDL and then inject malicious code into packets that can exploit data within a database.
Swenson said a firewall to monitor the traffic flowing between a partner and a company’s back end is key to prevent a number of known attacks, which Forum has addressed with a set of predefined policies.
Pete Lindstrom, research director at Spire Security, says other companies are pursuing Web services firewalls, including Westbridge Technology and Reactivity, but not in the depth of Forum. “The focus of [Forum’s] component technology makes assumptions on threats out there,” he said. “It covers potential exploit points.”