The Washington Post published an interesting article highlighting security vulnerabilities in XML. The article titled XML Flaws are pervasive reinforces the need for XML Gateways such as Forum Sentry as a line of defense beyond what is provided by classic IP firewalls.
Also, for pre-production or post-production XML/SOAP-based services, using SOA Testing products such as Crosscheck Networks SOAPSonar provides extensive Security Testing to identity XML-related flaws. Once identified, the remediation strategy can involve:
- code-refactoring that can have a serious cost and production up-time impact
- deploying XML Gateways with general a application specific XML protection policies
Time and cost savings aside, using XML Gateways to protect XML Flaws, as highlighted by the Washington Post article, has a significant architectural advantage of decoupling application business logic from application security.