Article

XML viruses threaten Web services security

Nitin Bharti, News Editor

Gone are the days when it was enough to scan your computer and e-mail attachments for malicious files. As XML traffic over the Internet increases, the threat of viruses, worms and malware is crossing over into the world of Web services.

On Monday, Layer 7 Technologies Inc. added Cupertino, Calif.-based Symantec Corp.'s AntiVirus Scan Engine to its SecureSpan Gateway product. Under the partnership, SecureSpan, which enforces security policies for Web services, can now forward any malicious SOAP attachments to the AntiVirus Scan Engine, which in turn rejects or quarantines any infected files before they can penetrate an application.

In a related announcement, Forum Systems Inc. and Islandia, N.Y.-based Computer Associates

    Requires Free Membership to View

XML Security Learning Guide

Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security.

(CA) Inc. teamed up to integrate CA's eTrust EZ antivirus software with the Forum XWall Web Services Firewall. XWall will add a new XML Antivirus module that will apply security policies and antivirus signatures to SOAP messages, SOAP attachments and raw XML.

"The ability to attach files to SOAP messages is a powerful integration tool for enterprise applications, but it also provides a potentially dangerous vector for threats and attacks," Scott Morrison, director of architecture for Vancouver, B.C.-based Layer 7 Technologies, said in a statement.

The need for virus protection against XML documents and attachments demonstrates that many companies are still vulnerable to XML traffic, even those that aren't using Web services.

XML traffic has increased because common formats like MP3 files and Microsoft Word documents can now be sent as XML. Additionally, the fact that SOAP envelopes and WSDL files can carry embedded macros and files increases the risk of exchanging Web services messages.

"XML and Web services cut through existing firewalls and email-based spam

News on SAML

Liberty Alliance begins SAML 2.0 testing in July

Skeptics of federated identity management say the technology is too young for widespread use; that countless legacy applications would have to be adjusted for everything to work properly.

and virus filters like a hot knife through butter," said Ron Schmelzer, senior analyst at Waltham, Mass.-based ZapThink LLC. "Existing routers don't inspect the actual content at the level necessary to deal with XML-based virus and content-based attacks."

The Layer 7 and Forum Systems announcements emphasize the need for companies to think about the potentially new threats in Web services and how they can protect themselves, Schmelzer said.

While viruses embedded inside SOAP attachments are the easiest way to strike, a sophisticated parser can find sensitive information inside XML documents like credit card numbers or "dirty words", according to Wes Swenson, CEO of Salt Lake City-based Forum Systems.

"Anything that's XML-ified needs to be parsed," Swenson said. "Most network layer technologies do not parse, they only deal with packets, envelopes and messages."

Parsing attacks and XML schema poisoning are the next types of Web services security threats we can expect to see, Swenson said. Malicious macros or circular references can poison schemas and cause a parser to consume all of its resources and shut down.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: