Application Security: 2007 Readers' Choice Awards


This article can also be found in the Premium Editorial Download "Information Security magazine: Security Products Readers' Choice Awards 2007."

Download it now to read this article plus other related content.

GOLD | IBM WebSphere DataPower XML Security Gateway XS40

Price: $65,000

They say you never get fired for buying IBM. Information Security readers are in line with that thinking when it comes to securing

    Requires Free Membership to View

applications running in a service-oriented architecture or Web services applications.

They made IBM's WebSphere DataPower XML Security Gateway XS40 their top choice in the application security category.

Further validating the hype over service-oriented architecture (SOA) and the standards-based XML applications around it, readers said the XS40 appliance did better than counterparts at detecting, reporting and preventing known and unknown attacks. It also scored well in integration with other security tools for remediation and reporting, and ease of installation, configuration and administration.

IBM, in 2005, acquired DataPower and its trio of products, which also includes an XML accelerator and an integration appliance. As with any SOA or Web services product, standardization is critical. In addition to the WS-* family of standards, the DataPower appliances support a new breed, including XACML, which is a standard for uniformly expressing fine-grained authentication and authorization rules. This is key with SOA applications, whose machine-to-machine interactions must properly exchange credentials to ensure a secure transaction. XACML enables companies to move authorization rules from one enforcement point to another.

"CISOs are looking at SOA in two ways--one, if the security piece isn't done right, this is a huge liability, exposing the back end to new threats and unauthorized access," says Eugene Kuznetsov, founder of DataPower. "The other part is, if you do this right, your security and compliance improve at the same time."

The DataPower appliance acts as an XML proxy that can parse and validate XML schema, encrypt XML message flows and verify digital signatures. Enterprises can use it as an enforcement point for XML and Web services interactions, providing not only encryption, but firewall filtering and digital signatures.

Some of the country's leading banks have deployed the appliance to process mortgage applications using XML or Web services, validating messages and making calls to authentication systems. It's also present in the Department of Defense for internal security between different tiers of applications and filtering messages between classified networks and applications.

"Customers are increasingly recognizing that to make applications scalable to make the business agile, you can't have security architecture teams go into every application, audit and modify it to make sure it's secure," Kuznetsov says. "There is a trend of figuring how to move security to hardware or other tiers, abstracted out of applications."

SILVER | SPI Dynamics WebInspect
SPI Dynamics

Price: $25,000

SPI Dynamics' WebInspect scans Web applications for vulnerabilities introduced during development; it's a tool that can help security managers eliminate the disconnect between coders and the security office. In according it the silver medal, readers said installation, configuration and administration of WebInspect was a breeze, potentially making it attractive to developers looking for tools they can use during coding. SPI Dynamics says it has re-architected WebInspect 7 to assess the security of Web 2.0 applications built on AJAX, JavaScript, Flash and other dynamic development languages and methods. The vendor says the re-build took three years.

BRONZE | Citrix Application Firewall
Citrix Systems

Price: $45,000

Citrix's Application Firewall models application behavior, then applies policy against the baseline; any application straying from the baseline is treated as malicious and blocked. In earning the bronze medal, the product scored well on preventing known attacks and vulnerabilities, as well as detecting and reporting them. It also scored consistently well in support and installation, and most respondents in this category said they were satisfied with their investment ROI. Citrix touts the product's ability to learn application behavior and generate policy recommendations. Citrix says it can be deployed as a standalone firewall or in tandem with the Citrix NetScaler Application Delivery Systems.

This was first published in April 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: