Penetration Testing mailing list archives
Re: XML firewall/gateway needed
From: Theodoros Assimakopoulos <theo () xelmos com>
Date: Fri, 04 Jun 2004 15:44:04 +0200
Hi Erwin, our company does security testing and evaluation of products and solutions for security product manufacturers and for their customers, very often in preparation for the potential use of these products in telecommunications. Quit recently, we evaluated for a large installation in telecoms an XML/SOAP Firewall product from Xtradyne Technologies, (look at: http://www.xtradyne.com)They call it Web Services Domain Boundary Controller. It is a software product for Unix and Linux platforms and provides, roughly speaking, deep packet inspection firewalling and detailed WS-Security, including things such as XML Encryption and XML Digital Signature, but also things such as Schema checking, access control down to single operations and even parameter values. Not only the rich and mature functionality was convincing, but also the solutions regarding the practical issues typical for large enterprises, such as high-availabilty and scalability.
As far as I can see it does perfectly all the things you mention.Particularly, I remember a nice feature: they can generate Schemas from the WSDL descriptions and then perform really detailed controls based on these Schemas. This gateway is a control point where each message is stopped, checked, and passed further only if permitted by the security policy. Of course, they support the use of public key certificates, but I think that's something all these products of this type do.
Cheers, Theodoros >From: Erwin van der Zwan <erwin.zwan-van-der_at_siemens.nl> >To: pen-test_at_securityfocus.com >Subject: XML firewall/gateway needed > > > >Hi list, >>Does anybody know a good solution/product which can act as a XML/SOAP secure proxy. Thus validating the namespace/method combination, verifying the XML message against a given WDSL template, block error messages, terminate the XML session and initiate a new one to the back office server and provide optionally support for secure XML as well (XMLDsig and XMLEnc) using certificates?
>>I know this might not be the right list but here is where lots of experts hangout :-)
> >Erwin -- Theodoros Assimakopoulos XELMOS Technologies GmbH, Tel: +49 (0)30 5304 1720 Ostendstr. 25 Fax: +49 (0)30 5304 1729 D-12459 Berlin, Germany Mobile: +49 (0)175 6015 009 http://www.xelmos.com email: theo () xelmos com
Current thread:
- XML firewall/gateway needed Erwin van der Zwan (Jun 01)
- <Possible follow-ups>
- Re: XML firewall/gateway needed George Romas (Jun 02)
- Re: XML firewall/gateway needed Ivan Coric (Jun 02)
- Re: XML firewall/gateway needed Theodoros Assimakopoulos (Jun 04)
- Re: XML firewall/gateway needed Larry Vezz (Jun 17)