Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems



Similar documents
Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

AGILE API SECURITY API SECURITY GATEWAY

Securely Managing and Exposing Web Services & Applications

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

Federated Service Oriented Architecture for Effects-Based Operations

Web Services Security with SOAP Security Proxies

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

Strategic Information Security. Attacking and Defending Web Services

Creating a Strong Security Infrastructure for Exposing JBoss Services

Apigee Gateway Specifications

NIST s Guide to Secure Web Services

AquaLogic Service Bus

IBM WebSphere DataPower Integration Appliance XI52

Managing SOA Security and Operations with SecureSpan

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

CISCO ACE XML GATEWAY TO FORUM SENTRY MIGRATION GUIDE

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Closer Look at Enterprise Service Bus. Deb L. Ayers Sr. Principle Product Manager Oracle Service Bus SOA Fusion Middleware Division

API Management: Powered by SOA Software Dedicated Cloud

Szolgáltatásorientált rendszerintegráció. WS-* standards

Securing Web Services From Encryption to a Web Service Security Infrastructure

This Working Paper provides an introduction to the web services security standards.

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008

A Signing Proxy for Web Services Security. Dr. Ingo Melzer RIC/ED

Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs.

CA SOA Security Manager

Building an Enterprise Service Bus Using Web Services and Apache Synapse v2

Discovering the value of IBM WebSphere DataPower SOA Appliances

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

Reverse Proxy for Trusted Web Environments > White Paper

How To Protect A Web Application From Attack From A Trusted Environment

JVA-122. Secure Java Web Development

Easy CramBible Lab DEMO ONLY VERSION Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0

DataPower SOA Appliances Simplify, Secure, and Accelerate SOA

Security in integration and Enterprise Service Bus(ESB) Anton Panhelainen Principal Technology Consultant Tieto Oy

Service Virtualization: Managing Change in a Service-Oriented Architecture

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

REST web services. Representational State Transfer Author: Nemanja Kojic

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh

SCUR203 Why Do We Need Security Standards?

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Securing SOA and Web Services with Oracle Enterprise Gateway

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

IBM WebSphere DataPower

Web Application Proxy

Federated Identity and Single Sign-On using CA API Gateway

WebSphere Integration Solutions. IBM Day Minsk Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF

AquaLogic ESB Design and Integration (3 Days)

<Insert Picture Here> Oracle Web Services Manager (WSM)

SCA-based Enterprise Service Bus WebSphere ESB

The increasing popularity of mobile devices is rapidly changing how and where we

Barracuda Web Application Firewall

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?

An Oracle White Paper Dec Oracle Access Management Security Token Service

Web Service Security Vulnerabilities and Threats in the Context of WS-Security

IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

Web Application Firewall for Untrusted Web Environments > White Paper

An Oracle White Paper November Oracle Primavera P6 EPPM Integrations with Web Services and Events

Basic & Advanced Administration for Citrix NetScaler 9.2

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Integrated Systems & Solutions. Some Performance and Security Findings Relative to a SOA Ground Implementation. March 28, John Hohwald.

Increasing IT flexibility with IBM WebSphere ESB software.

Publishing Enterprise Mobile Services

REST and SOAP Services with Apache CXF

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

Sharing Data with Customers and Suppliers

Increasing IT flexibility with IBM WebSphere ESB software.

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com

Application Security Made in Switzerland

Network Security. Chapter 10. Application Layer Security: Web Services. Part I: Introduction to Web Services

Get Success in Passing Your Certification Exam at first attempt!

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

Flexible Identity Federation

PARTNER INTEGRATION GUIDE. Edition 1.0

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Agenda. How to configure

Networking for Caribbean Development

Enterprise Refactoring with Apache

Networking and High Availability

Run-time Service Oriented Architecture (SOA) V 0.1

Securing your XML and Web service implementations Nattakan Pengphon Technical Specialist

Interwise Connect. Working with Reverse Proxy Version 7.x

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

Deploying F5 with Microsoft Forefront Threat Management Gateway 2010

THE NEW DIGITAL EXPERIENCE

How To Protect Your Web Applications From Attack From A Malicious Web Application From A Web Attack

Fundamentals of SOA Security Testing

Intro to DataPower IBM WebSphere Connectivity and Integration Appliances

Introduction to Service Oriented Architecture (SOA)

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Final Project Report December 9, Cloud-based Authentication with Native Client Server Applications. Nils Dussart

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Networking and High Availability

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

Transcription:

Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems

XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary Solutions

Key Areas of Comparisons Topology Deployment Modes Protocols and Message Formats Standards Protocols Security Threat Mitigation Transaction Privacy Transaction Integrity Identity Access Control SSO Transaction Processing and Mediation Workflow Transformation / Mapping

- Topology Web Application Firewall Security Layer Deployment modes: LOAD BALANCER Non-Inline Mode (50% of deployments) Transparent Proxy Layer 2 Bridge Reverse Proxy SECURITY ACCESS CONTROL WEB SERVERS APPLICATION SERVERS

XML Security Gateway - Topology SECURITY GATEWAY MEDIATION LAYER Mobile Services HTML Portal Servers XML Gateway REST Services LOAD BALANCER XML Gateway Deployment modes: User Services Reverse Proxy Protocol Break FTP Services XML Services SOAP Services ESB APP DB PORTAL ESBS, APP SERVERS PORTALS, DATABASES XML Gateway SECURE API SECURITY IDENTITY ACCESS CONTROL TRANSFORMATION GOVERNANCE BUSINESS LOGIC ORCHESTRATION PROFILE MANAGEMENT SCRIPTING LEGACY APPS

Protocols & Messages PROTOCOLS AND MESSAGE FORMATS XML GATEWAY Protocols & Messages Standards Web 2.0, HTML, XML, JSON, AJAX, FLASH Protocols HTTP, HTTPS SSL / TLS RAW TCP Standards XHTML, XML, SOAP, JSON, AS2, ebxml, SAML, WS-Federation, XML-Sec, WS-Sec, WSDL, XSD, WS-Trust, XACML, WS-Addressing, WS-RM, WS-Policy, Xpath, XSLT Protocols HTTP, HTTPS SSL / TLS JMS (IBM, Tibco, JBoss, Oracle, Active MQ) AMQP FTP/FTPS SFTP SMTP RAW TCP Protocol Conversion: any-to-any

Threat Mitigation (IDP)?? Parse Detect Prevent SECURITY Threat Mitigation Threat Mitigation (IDP)?? Parse Detect Prevent XML GATEWAY HTML Content Aware Intrusion Detection and Prevention (URI patterns) URI rate-based heuristics Vendor Vulnerabilities URL cloaking / rewrite Parameter Inspection Learning mode XML/SOAP/REST Content Aware Intrusion Detection and Prevention (parsing and deep-inspection) Rate-based, Size-Based heuristics Schema Validation Virus detection on XML/SOAP payloads URL cloaking / rewrite XML Parser Attacks

Transaction Privacy SECURITY Transaction Privacy Transaction Privacy XML GATEWAY Content Encoding / Compression HTML Compression, Gzip SSL / TLS Content Encryption XML-Encryption, WS-Security Content Decryption XML-Decryption, WS-Security HTML Compression SHA-2 Hash and BASE64 Encoding SSL / TLS

Transaction Integrity? SECURITY Transaction Integrity Transaction Integrity? XML GATEWAY Session Tracking Cookies, Source/Dest IPs HTTP RFC conformance HTML Form parameter checking Cross-Site Scripting Cookie Signing Digital Signature XML-DSIG, OASIS WS-Security DSIG Signature Verification X509 Path Validation Schema Validation DTD, XSD, JSON HTTP RFC Conformance

Identity & Access Control IDENTITY Identity & Access Control XML GATEWAY Native Identity Integrations AD, LDAP, RADIUS Protocol Tokens Basic, Digest, Form Post, SSL X509, NTLM, Kerberos Identity Integrations AD, LDAP, Siteminder, Tivoli AM, ClearTrust, Kerberos KDC, CoreID, JSAM, WS-Trust, XACML, OAuth Message-Based Tokens WS-Username, WS-Kerberos, WS-X509, SAML, DSIG Protocol Tokens Basic, Digest, Form Post, Cookie, SSL X509, REST URI, NTLM, Kerberos Credential Translation Message-to-Protocol, Protocol-to-Message SSO + Federation Sessions, SAML, STS

Processing & Workflow PROCESSING & WORKFLOW Processing & Workflow XML GATEWAY Workflow Management Allow/Deny URL Rewrite Compression Content Replacement Workflow Management Attribute Mapping Archiving Content-Based Routing Database Mapping Digital Signatures Header and Body Identification Identity Token Conversion Enrichment Data Aggregation Encryption Node Conversion and Encoding Transformation

Conclusion:!= XML Gateway + XML Gateway = Secure Architecture

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information