Welcome!

XML Gateway Alchemy

Rizwan Mallal

Subscribe to Rizwan Mallal: eMailAlertsEmail Alerts
Get Rizwan Mallal via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Rizwan Mallal

Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an infrastruture that enables rapid addition of both suppliers, buyers and partners for information exchange will perish and get demolished by a nimble and flexible competitor whose infrastructure has integration capabilities for rapid information exchange. Mike Vizard from CTOEdge talks about the business drivers that compel companies to integrate yet face security challenges that hamper integration efforts: Reducing the Complexity of Application Security Here's a snippet from Mike's article: "As business-to-business interactions over the Web become more pervasive, so too does the complexity associated with securing those transact... (more)

Tale of Two XML Gateways

XML Magazine on Ulitzer These days,  XML Gateways are a core infrastructure component of any enterprise SOA deployment.  XML Gateways provide the ability to integrate services securely with granular access control, data-level encryption, integrity through signatures and XML threat mitigation.  XML Gateways can be deployed as a hardware appliance or as a software gateway ( also as cloud based instances).  Both of these form factors have their advantages and disadvantages.  This article provides readers with a quick synopsis of the pros and cons of each form factor. XML Gateway Ha... (more)

XML Security Gateway plugging holes for Public Clouds

Recently, there has been a flurry of news emanating from the XML security world related to researchers demonstrating an attack on Amazon's AWS cloud management interface. The attack takes advantage of a well known exploit known as XML signature wrapping or XML signature manipulation. Amazon since the publication of this paper has plugged the security hole in its interface. It is a labor intensive effort to plug these holes that requires constant monitoring especially when cloud service interfaces are public facing. Risk can be more easily mitigated by a deployment of an XML secur... (more)

The Differences Between an XML Gateway and a Web Application Firewall

Jason Macy, CTO   Forum Systems, Inc Introduction A common industry misconception is understanding the differences between an XML Gateway and a Web Application Firewall.   These technologies are sometimes confused as being competitive, but in fact they are complementary technologies that together provider the foundation of modern-day network perimeter security infrastructure. Key Areas of Comparison To better understand the distinctions between these product technologies, the primary areas of comparison are as follows: Topology Deployment ModesProtocols and Message Formats StandardsP... (more)

XML Security Trust and Threat Models for Dummies

It is very rare today to find a business application that has not exposed its interface via SOAP/XML. XML is the building block that enables business or consumer applications to exchange data in a standard structured format.  The exchange of XML data typically takes place through an SOAP/XML interface based on the Web Services standard or through the REST-based standard.  These flexible standards that richly describe interface functions of an application also introduce a host of XML and Web Services security vulnerabilities.  This article is a quick guide to most common XML and W... (more)