Undertanding XML Gateways
The Washington Post published an interesting article highlighting security vulnerabilities in XML. The article titled XML Flaws are pervasive reinforces the need for XML Gateways such as Forum Sentry as a line of defense beyond what is provided by classic IP firewalls.
Also, for pre-production or post-production XML/SOAP-based services, using SOA Testing products such as Crosscheck Networks SOAPSonar provides extensive Security Testing to identity XML-related flaws. Once identified, the remediation strategy can involve:
- code-refactoring that can have a serious cost and production up-time impact
- deploying XML Gateways with general a application specific XML protection policies
Time and cost savings aside, using XML Gateways to protect XML Flaws, as highlighted by the Washington Post article, has a significant architectural advantage of decoupling application business logic from application security.