Timely Security Issues
Service Offerings
Products and Partners
Internet Security Corporation
|
|
|
| Why Pick on SOAP? What's the
Deal? |
XML is an excellent and versatile tool, and an aesthetically pleasing framework
for data transfer and integration of data systems in an emterprise. SOAP is
a helpful framework for parsing and using XML in a web server context.
However, from a security perspective, this is simply saying "We're going to
avoid security by sending all data around on port 80". Well, that really
works to get data through a universally available service method, TCP on the
World Wide Web port. But it also bypasses all firewall security.
The real problem is that the business logic must be implemented on the
server side, using SOAP or some other XML parsing framework. Regardless of
roles and authorization that are implemented, each time new code is written,
it is a potential error waiting to happen, and must be checked, preferably
with a thorough QA process that vets the code for security flaws. Since
all business logic is by nature particular to each organization, each time
a SOAP or XML-based function is implemented, and allowed through every
firewall, that's a new source of threat.
Internet Security Corporation can apply code evaluation techniques to
Java, C, and C++ based server side interfaces for business logic, and
identify potential and actual security weaknesses in the implementation
of your business logic layer. Our certified auditors can interact with your
personnel to assure that the finished product is safe to bypass all the
firewalls and other intrusion detection systems that it is designed to
circumvent.
Don't let this become a Trojan Horse for your organization's information
assets. Call Internet Security Corporation at (408) 739-1092 to
inquire about our hourly rates for a certified auditor to stop by for a
day or three and audit your SOAP interface.
|
|
