SlideShare uma empresa Scribd logo

FS_Usage_Scenarios

K
Kevin Kao
1 de 6
Baixar para ler offline
CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     1. Challenges:   As  more  and  more  organizations  and  businesses  are  adapting  to  SOA  and  Cloud  infrastructure,   when  organizations  want  to  migrate  their  existing  system  to  SOA  or  Web  Service  architecture,   they  are  facing  challenges  of  converting  different  data  types  and  transferring  them  via  different   protocols.  Development  teams  could  try  to  do  this  by  writing  code,  but  as  each  organization  has   their  own  unique  or  preferred  protocol  and  standards,  this  will  be  a  nightmare  for  the  developers.     Solution:     By  having  Forum  Sentry,  developers  and  engineers  can  utilize  its  intuitive  user  interface  to  effetely   achieve  data  conversions  automatically  between  various  protocols  without  user  writing  any  code.       Below  are  some  of  the  standards  and  protocols  supported  by  Forum  Sentry:   • XML,  SOAP   • HTML,  JSON   • AS2,  ebXML   • SAML,  WS-­‐Federation   • XML-­‐Sec,  WS-­‐Sec   • WSDL,  XSD   • WS-­‐Trust,  XACML   • WS-­‐Addressing   • WS-­‐Reliable  Messaging   • WS-­‐Policy   • XPath   • XSLT   • HTTP,  HTTPS   • SSL  /  TLS   • IBM  MQ   • Tibco  EMS   • JBOSS  JMS   • Oracle  JMS   • Sun  JMS   • FTP,  FTPS,  SFTP   • SMTP   • RAW  TCP   • STREAMING  TCP   • X509   • PKCS  #1,7,8,12   • OpenPGP   • SSH   • Key  Import     • Key  Generation   • CSR,  Self-­‐Sign   • CRL,  OCSP,  XKMS,  CDP   • HSM  Security  World    
CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     2.   Challenges:     When  organizations  deploy  their  Web  Services  to  partners  and  outside  users,  it  will  be  very   difficult  for  them  to  control  all  the  incoming  and  outgoing  traffics  and  prevent  security  attacks  to   their  services.     Solution:     Forum  Sentry  is  able  to  automatically  parse,  merge  and  administer  compound  WSDLs  from   multiple  endpoints  into  single  virtual  WSDLs,  to  ensure  the  services  are  being  protected  from   external  attacks.  Forum  Sentry  also  provides  extensive  support  for  WS-­‐Standards  to  ensure  the   interoperability  of  different  services  communicating  with  each  other.     Forum  Sentry  offers  threat  mitigation  as  it  can  act  as  a  XML  Firewall/WAF  to  detect  and  prevent   intrusion  attacks.  User  is  able  to  set  rate-­‐base  or  size-­‐based  rules  to  prevent  information  leakage   and  external  attacks  such  as  XML  bombs,  SQL  injections,  malwares,  and  etc.  Forum  Sentry  also  has   an  onboard  anti-­‐virus  engine  with  BASE64  encoding  malware  scanning  integrated  with  ICAP.       Forum  Sentry  is  the  only  product  out  there  that  is  fully  certified  by  FIPS  140-­‐2  as  it  is  the  most   comprehensive  security  gateway  on  the  market.   3.     Challenges: When  messages  are  traveling  between  departments  within  the  organization  or  third-­‐party   partners  using  different  Identity  Management  Systems  (such  as:  Active  Directory,  LDAP,   Siteminder,  Tivoli  AM,  ClearTrust,  Kerberos  KDC,  CoreID,  JSAM,  WS-­‐Trust,  and  more),   organizations  needs  to  ensure  their  Web  Services  can  process  and  respond  to  different  requests   from  different  Identity  Management  Systems.   Solution:   Forum  Sentry  can  integrate  with  commonly  used  Identity  Management  Systems  such  as  CA   SiteMinder,  LDAP,  MS  Active  Directory,  RSA  SecureID,  Oracle  AM,  HP  Select  Access,  IBM  TAM,   OpenSSO,  OpenAM,  XACML,  OAuth,  SAML  SSO,  WS-­‐Trust,  and  more.  Forum  Sentry  can  achieve   bridging  between  Protocol-­‐based  HTTP  Basic  Authentication  to  message-­‐based  WS-­‐X.509  and   automatically  convert  different  level  of  Identity  certificates  to  achieve  a  single  point  of  login.  In   addition,  Forum  Sentry  can  support  OAuth  SSO,  SAML  SSO,  Cookie  SSO,  and  more  used  by  mobile   devices.  
CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com         4.   Challenges:   When  organizations  are  developing  using  JSON/REST  architectures  for  Mobile  Apps,  they  also   need  to  take  considerations  on  security,  performance,  scalability  of  each  transaction,  and  at  the   same  time,  also  managing  the  productivity/cost  of  the  development  groups.     Solutions:     Forum  Sentry  can  automatically  convert  JSON/REST  messages  with  variety  of  protocols  without   re-­‐development  of  the  interface.  This  will  greatly  reduce  the  cost  and  improve  the  efficiency  of  the   development  teams.     Forum  Sentry  supports  import,  generation  and  management  of  X.509  and  PKCS  format  directly   into  Java  Key  Store;  supporting  PKCS#1  (Public  Key  Cryptography  Standards),  PKCS  #  7,  PKCS  #  8,   PKCS  #  11,  PKCS  #  12,  X.509  Certificate  and  CSRs;  support  up  to  4096  key  size  with  RSA,  DSA,  DES,   3DES,  SHA-­‐1,  SHA-­‐2,  AES,  Elliptic  Curve;  support  digital  signature  encryption  (3DES,  AES  -­‐128,   AES-­‐192,  AES-­‐256  KeyWrap:  3DES,  AES-­‐128,  AES-­‐192,  AES-­‐256,  RSA,  RSA-­‐OAEP)  and  digital   signature  (RIPEMD-­‐160,  SHA-­‐1,  SHA-­‐256,  SHA  -­‐512),  and  more.   5.    Challenges:       The  performance  of  the  system  is  being  affected  due  to  increasing  number  of  transactions;  more     and  more  web  services  require  security  encryptions  and  decryptions,  digital  signature     authentications,  and  handling  parsing  of  XML  messages  with  large  attachments.     Solution:     Forum  Sentry’s  hardware  compliance  offers  various  encryption  and  decryption  methods,  this  can   greatly  reduce  the  workload  on  the  server  and  free  up  resources,  and  will  significantly  improve  the   reliability  of  the  entire  system  and  provide  better  user  experience.   With  patented  XML  security  acceleration  technology  and  an  architecture  certified  by  NIST  and  the   U.S.  Department  of  Defense,  the  Forum  Sentry  XML  Gateway  is  the  industry  standard  for  XML  and     SOAP  security,  access  control  and  integration.    
CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     6.  Challenges:           Web  Application  Firewall  (WAF)  does  not  support  nor  can  it  validate  XML  messages  and  XML   related  documents.  Organizations  are  running  into  risks  of  only  having  a  WAF  as  their  security   gateway.     Solution:     Forum  Sentry  not  only  provides  standard  functionality  as  a  WAF  (such  as:  CSRF  attack  protection,     Cookie  tamper  protection,  web  protection  from  hotlinking,  SQL  injection  attack  protection,  XSS     attack  protection,  application  layer  DoS  protection  of  sensitive  information  leakage  protection,  file     uploading  and  downloading  control),  more  importantly,  it  can  also  protect  security  vulnerabilties     for  XML  transactions  such  as:     Reconnaissance  attacks     • WSDL  scanning   Attacks  on  integrity   • Parameter  tampering   • Message  tampering   • Schema  poisoning   • External  entity  attack   Denial  of  Service  (DoS)  attacks   • Recursive  payloads  sent  to  XML  Parsers   • Oversized  payloads  sent  to  XML  Parsers   • Schema  poisoning   • Memory  leak  exploitation   Command  Injection   • SQL/XQuery  injection   • XML/Query  injection   • Cross-­‐site  scripting   Malicious  code  attacks  (e.g.,  system  compromise)   • Command  Injection   • Malformed  content   • XML  malicious  morphing   • XML  encapsulation   • XML  virus   • Malicious  include   Privilege  Escalation  attacks/Attacks  on  confidentiality   • Dictionary  attack   • Replay  attack   • Message  snooping  
CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com       7.    Challenges:     As  applications  become  more  and  more  complex,  Web  Services  API  management  and  deployment   also  become  more  problematic.  Organizations  are  looking  for  a  centralized  system  that  is  able  to   easily  manage  and  deploy  their  complex  web  services.           Solutions:     Forum  Sentry  is  able  to  automatically  parse,  merge  and  administer  compound  WSDLs  from   multiple  endpoints  into  single  virtual  WSDLs.  User  is  able  to  perform  various  tasks  through  Forum   Sentry’s  intuitive  user  interface,  without  purchasing  any  additional  machines,  to  address  system   mediation  and  other  security  related  concerns.   8.  Challenges:     When  there  are  know  vulnerabilities  in  the  existing  legacy  system  such  as  SQL  injections,   organizations  often  do  not  have  the  time/resource/policy  to  address  these  issues  right  away.               Solution:     Forum  Sentry  provides  an  integrated  anti-­‐virus  engine  on  the  hardware  with  BASE64  encoding   malware  scanning  and  integrated  with  ICAP.  Forum  Sentry  is  also  able  to  effectively  protect  system   from  security  attacks  such  as  SQL  injection,  XSS  attacks,  DoS  attacks,  DDoS  attacks  through  its  IDP   rules  and  WAF  capability.   9.     Challenges:   Data  centers  often  need  to  achieve  a  certain  level  of  SLA  for  their  services;  organizations  need  to   ensure  the  performance  of  their  system  will  meet  the  SLA,  and  also  provide  the  ability  to   distribute  the  transaction  bandwidth  based  on  different  user  groups  or  types.     Solution:     Forum  Sentry’s  built-­‐in  IDP  rules  are  able  to  intelligently  manage  network  traffics  for  users  and   partners.  Forum  Sentry  is  able  to  control  inbound  and  outbound  traffics  according  to  user’s   deployment  strategy.  When  users  or  partners  gone  beyond  the  bandwidth,  Forum  Sentry  will   automatically  log  the  information  via  SNMP,  Email,  SOA  records,  or  Database  trigger  alerts.  All   these  data  also  helps  organizations  to  come  up  with  better  sales  strategy  targeting  different   customer  groups.  
CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     10.  Challenges:     Organizations  need  a  system  that  will  integrate  with  their  existing  architecture  and  support   technologies  such  as:  Intrusion  Detection  and  Prevention,  Anti-­‐virus,  WAF,  XML  Firewall,  traffic   control,  Identity  management  systems,  system  transformation,  secure  PKI  key  management,   encryption/decryption  acceleration,  transaction  auditing.             Solution:   Forum  Sentry  (emphasis  on  XML  and  SOA  security)  is  a  comprehensive  security  gateway  that   offers  XML  acceleration,  Web  application  firewall,  intrusion  detection/preventation,  access  control   management,  onboard  anti-­‐virus,  encryption/decryption  acceleration,  PKI  key  management,  HSM   and  more.  Forum  Sentry  is  capable  of  handeling  volume  of  over  10  billion  times  a  day  worldwide.  It   offers  the  most  comprehensive  HTML,  XML,  SOAP  and  REST  vulnerability  protection  and  will  also   greatly  improve  the  performance  of  business  transactions.  As  the  pioneer  for  XML  security,  Forum   Systems  owns  registered  XML  security  patent  (7,516,333).  Forum  Sentry  is  also  certified  with  FIPS   by  the  U.S.  Department  of  Defense  security  certification.       11.  Challenges:         Banks  and  Telecommunication  companies  need  to  handle  large  number  of  non-­‐core  business     logics  at  the  front  end  of  the  platform  to  improve  efficiency  and  security  of  their  core  system.       Solution:       -­‐Forum  Sentry  allows  customers  to  access  various  transport  protocols     No  matter  if  it’s  financial  bureaus,  enterprise  banks  with  messages  via  MQ  SSL,  or  midsize  banks  using     HTTP/HPPTS,  even  if  customer  is  using  Web  Services  or  FTP,  they  will  be  able  to  utilize  Forum  Sentry’s     multi-­‐protocol  access  to  process  their  transactions.       -­‐Implementation  user  authorization  and  authentication  through  SSL     Forum  Sentry  is  able  achieve  secure  user  authentication  and  access  control  through  SSL  authorization,  no     matter  if  it  is  MQ  or  HTTP.       -­‐File  format  transformation   Forum  Sentry  is  able  to  transform  file  received  via  MQ  and  HTTP  to  the  same  MQ  message  to  reduce  the     workload  of  the  backend  system.  This  can  greatly  improve  the  performance  of  the  entire  system.       -­‐Data  Preprocessing   When  messages  are  being  sent  via  MQ  or  HTTP  to  Forum  Sentry,  user  will  be  able  to  check  and  validate     the  message  content  and  format.  If  the  validation  is  successful,  then  Forum  Sentry  will  then  convert  the     message  into  a  unified  MQ  message  to  the  backend  platform;  if  the  check  fails,  then  user  gets  “Invalid     Format”  message  without  going  through  the  core  processing  platform.  

Recomendados

FreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdmFreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdm
Dru Lavigne
 
Asiabsdcon2017
Asiabsdcon2017Asiabsdcon2017
Asiabsdcon2017
Dru Lavigne
 
SysAdm: Simplifying FreeBSD Administration
SysAdm: Simplifying FreeBSD AdministrationSysAdm: Simplifying FreeBSD Administration
SysAdm: Simplifying FreeBSD Administration
Ken Moore
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
Tobias Koprowski
 
Bloombase StoreSafe Specifications
Bloombase StoreSafe SpecificationsBloombase StoreSafe Specifications
Bloombase StoreSafe Specifications
Bloombase
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
Suman Chakrabarty_CV
Suman Chakrabarty_CVSuman Chakrabarty_CV
Suman Chakrabarty_CV
Suman Chakrabarty
 

Recomendados

FreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdmFreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdm
Dru Lavigne
 
Asiabsdcon2017
Asiabsdcon2017Asiabsdcon2017
Asiabsdcon2017
Dru Lavigne
 
SysAdm: Simplifying FreeBSD Administration
SysAdm: Simplifying FreeBSD AdministrationSysAdm: Simplifying FreeBSD Administration
SysAdm: Simplifying FreeBSD Administration
Ken Moore
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
Tobias Koprowski
 
Bloombase StoreSafe Specifications
Bloombase StoreSafe SpecificationsBloombase StoreSafe Specifications
Bloombase StoreSafe Specifications
Bloombase
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
Suman Chakrabarty_CV
Suman Chakrabarty_CVSuman Chakrabarty_CV
Suman Chakrabarty_CV
Suman Chakrabarty
 
Web Services Security - Presentation
Web Services Security - PresentationWeb Services Security - Presentation
Web Services Security - Presentation
Muhammad Jawaid Shamshad
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Michael J Geiser
 
A secure middleware architecture for web services
A secure middleware architecture for web servicesA secure middleware architecture for web services
A secure middleware architecture for web services
Mangalah Gauari Mahaletchnan
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick Overview
Granikos GmbH & Co. KG
 
Web Service Security
Web Service SecurityWeb Service Security
Web Service Security
n|u - The Open Security Community
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
jucaab
 
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserBlackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
Sigortam.net
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
igsc
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
xKinAnx
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
Shilpin Pvt. Ltd.
 
Uunit 5-xml&web security
Uunit 5-xml&web securityUunit 5-xml&web security
Uunit 5-xml&web security
ssuser3a47cb
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
Valeri Illescas
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
ijsc
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
ijsc
 
Owasp Forum Web Services Security
Owasp Forum Web Services SecurityOwasp Forum Web Services Security
Owasp Forum Web Services Security
Marco Morana
 
the-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-worldthe-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-world
Martin Georgiev
 
the-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-worldthe-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-world
Martin Georgiev
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12
Hai Nguyen
 
Securing Web Application, Services and Servers
Securing Web Application, Services and ServersSecuring Web Application, Services and Servers
Securing Web Application, Services and Servers
Dr.S.Jagadeesh Kumar
 

Mais conteúdo relacionado

Mais procurados

Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
jucaab
 
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserBlackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
 

Mais procurados (8)

Web Services Security - Presentation
Web Services Security - PresentationWeb Services Security - Presentation
Web Services Security - Presentation
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
 
A secure middleware architecture for web services
A secure middleware architecture for web servicesA secure middleware architecture for web services
A secure middleware architecture for web services
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick Overview
 
Web Service Security
Web Service SecurityWeb Service Security
Web Service Security
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
 
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserBlackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
 

Semelhante a FS_Usage_Scenarios

Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
igsc
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
xKinAnx
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
ijsc
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
ijsc
 
Owasp Forum Web Services Security
Owasp Forum Web Services SecurityOwasp Forum Web Services Security
Owasp Forum Web Services Security
Marco Morana
 
the-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-worldthe-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-world
Martin Georgiev
 
the-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-worldthe-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-world
Martin Georgiev
 
Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
Jorgen Thelin
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
 

Semelhante a FS_Usage_Scenarios (20)

Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Uunit 5-xml&web security
Uunit 5-xml&web securityUunit 5-xml&web security
Uunit 5-xml&web security
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
 
Owasp Forum Web Services Security
Owasp Forum Web Services SecurityOwasp Forum Web Services Security
Owasp Forum Web Services Security
 
the-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-worldthe-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-world
 
the-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-worldthe-most-dangerous-code-in-the-world
the-most-dangerous-code-in-the-world
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12
 
Securing Web Application, Services and Servers
Securing Web Application, Services and ServersSecuring Web Application, Services and Servers
Securing Web Application, Services and Servers
 
Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
ScottSalyards
ScottSalyardsScottSalyards
ScottSalyards
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 

FS_Usage_Scenarios

  • 1. CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     1. Challenges:   As  more  and  more  organizations  and  businesses  are  adapting  to  SOA  and  Cloud  infrastructure,   when  organizations  want  to  migrate  their  existing  system  to  SOA  or  Web  Service  architecture,   they  are  facing  challenges  of  converting  different  data  types  and  transferring  them  via  different   protocols.  Development  teams  could  try  to  do  this  by  writing  code,  but  as  each  organization  has   their  own  unique  or  preferred  protocol  and  standards,  this  will  be  a  nightmare  for  the  developers.     Solution:     By  having  Forum  Sentry,  developers  and  engineers  can  utilize  its  intuitive  user  interface  to  effetely   achieve  data  conversions  automatically  between  various  protocols  without  user  writing  any  code.       Below  are  some  of  the  standards  and  protocols  supported  by  Forum  Sentry:   • XML,  SOAP   • HTML,  JSON   • AS2,  ebXML   • SAML,  WS-­‐Federation   • XML-­‐Sec,  WS-­‐Sec   • WSDL,  XSD   • WS-­‐Trust,  XACML   • WS-­‐Addressing   • WS-­‐Reliable  Messaging   • WS-­‐Policy   • XPath   • XSLT   • HTTP,  HTTPS   • SSL  /  TLS   • IBM  MQ   • Tibco  EMS   • JBOSS  JMS   • Oracle  JMS   • Sun  JMS   • FTP,  FTPS,  SFTP   • SMTP   • RAW  TCP   • STREAMING  TCP   • X509   • PKCS  #1,7,8,12   • OpenPGP   • SSH   • Key  Import     • Key  Generation   • CSR,  Self-­‐Sign   • CRL,  OCSP,  XKMS,  CDP   • HSM  Security  World    
  • 2. CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     2.   Challenges:     When  organizations  deploy  their  Web  Services  to  partners  and  outside  users,  it  will  be  very   difficult  for  them  to  control  all  the  incoming  and  outgoing  traffics  and  prevent  security  attacks  to   their  services.     Solution:     Forum  Sentry  is  able  to  automatically  parse,  merge  and  administer  compound  WSDLs  from   multiple  endpoints  into  single  virtual  WSDLs,  to  ensure  the  services  are  being  protected  from   external  attacks.  Forum  Sentry  also  provides  extensive  support  for  WS-­‐Standards  to  ensure  the   interoperability  of  different  services  communicating  with  each  other.     Forum  Sentry  offers  threat  mitigation  as  it  can  act  as  a  XML  Firewall/WAF  to  detect  and  prevent   intrusion  attacks.  User  is  able  to  set  rate-­‐base  or  size-­‐based  rules  to  prevent  information  leakage   and  external  attacks  such  as  XML  bombs,  SQL  injections,  malwares,  and  etc.  Forum  Sentry  also  has   an  onboard  anti-­‐virus  engine  with  BASE64  encoding  malware  scanning  integrated  with  ICAP.       Forum  Sentry  is  the  only  product  out  there  that  is  fully  certified  by  FIPS  140-­‐2  as  it  is  the  most   comprehensive  security  gateway  on  the  market.   3.     Challenges: When  messages  are  traveling  between  departments  within  the  organization  or  third-­‐party   partners  using  different  Identity  Management  Systems  (such  as:  Active  Directory,  LDAP,   Siteminder,  Tivoli  AM,  ClearTrust,  Kerberos  KDC,  CoreID,  JSAM,  WS-­‐Trust,  and  more),   organizations  needs  to  ensure  their  Web  Services  can  process  and  respond  to  different  requests   from  different  Identity  Management  Systems.   Solution:   Forum  Sentry  can  integrate  with  commonly  used  Identity  Management  Systems  such  as  CA   SiteMinder,  LDAP,  MS  Active  Directory,  RSA  SecureID,  Oracle  AM,  HP  Select  Access,  IBM  TAM,   OpenSSO,  OpenAM,  XACML,  OAuth,  SAML  SSO,  WS-­‐Trust,  and  more.  Forum  Sentry  can  achieve   bridging  between  Protocol-­‐based  HTTP  Basic  Authentication  to  message-­‐based  WS-­‐X.509  and   automatically  convert  different  level  of  Identity  certificates  to  achieve  a  single  point  of  login.  In   addition,  Forum  Sentry  can  support  OAuth  SSO,  SAML  SSO,  Cookie  SSO,  and  more  used  by  mobile   devices.  
  • 3. CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com         4.   Challenges:   When  organizations  are  developing  using  JSON/REST  architectures  for  Mobile  Apps,  they  also   need  to  take  considerations  on  security,  performance,  scalability  of  each  transaction,  and  at  the   same  time,  also  managing  the  productivity/cost  of  the  development  groups.     Solutions:     Forum  Sentry  can  automatically  convert  JSON/REST  messages  with  variety  of  protocols  without   re-­‐development  of  the  interface.  This  will  greatly  reduce  the  cost  and  improve  the  efficiency  of  the   development  teams.     Forum  Sentry  supports  import,  generation  and  management  of  X.509  and  PKCS  format  directly   into  Java  Key  Store;  supporting  PKCS#1  (Public  Key  Cryptography  Standards),  PKCS  #  7,  PKCS  #  8,   PKCS  #  11,  PKCS  #  12,  X.509  Certificate  and  CSRs;  support  up  to  4096  key  size  with  RSA,  DSA,  DES,   3DES,  SHA-­‐1,  SHA-­‐2,  AES,  Elliptic  Curve;  support  digital  signature  encryption  (3DES,  AES  -­‐128,   AES-­‐192,  AES-­‐256  KeyWrap:  3DES,  AES-­‐128,  AES-­‐192,  AES-­‐256,  RSA,  RSA-­‐OAEP)  and  digital   signature  (RIPEMD-­‐160,  SHA-­‐1,  SHA-­‐256,  SHA  -­‐512),  and  more.   5.    Challenges:       The  performance  of  the  system  is  being  affected  due  to  increasing  number  of  transactions;  more     and  more  web  services  require  security  encryptions  and  decryptions,  digital  signature     authentications,  and  handling  parsing  of  XML  messages  with  large  attachments.     Solution:     Forum  Sentry’s  hardware  compliance  offers  various  encryption  and  decryption  methods,  this  can   greatly  reduce  the  workload  on  the  server  and  free  up  resources,  and  will  significantly  improve  the   reliability  of  the  entire  system  and  provide  better  user  experience.   With  patented  XML  security  acceleration  technology  and  an  architecture  certified  by  NIST  and  the   U.S.  Department  of  Defense,  the  Forum  Sentry  XML  Gateway  is  the  industry  standard  for  XML  and     SOAP  security,  access  control  and  integration.    
  • 4. CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     6.  Challenges:           Web  Application  Firewall  (WAF)  does  not  support  nor  can  it  validate  XML  messages  and  XML   related  documents.  Organizations  are  running  into  risks  of  only  having  a  WAF  as  their  security   gateway.     Solution:     Forum  Sentry  not  only  provides  standard  functionality  as  a  WAF  (such  as:  CSRF  attack  protection,     Cookie  tamper  protection,  web  protection  from  hotlinking,  SQL  injection  attack  protection,  XSS     attack  protection,  application  layer  DoS  protection  of  sensitive  information  leakage  protection,  file     uploading  and  downloading  control),  more  importantly,  it  can  also  protect  security  vulnerabilties     for  XML  transactions  such  as:     Reconnaissance  attacks     • WSDL  scanning   Attacks  on  integrity   • Parameter  tampering   • Message  tampering   • Schema  poisoning   • External  entity  attack   Denial  of  Service  (DoS)  attacks   • Recursive  payloads  sent  to  XML  Parsers   • Oversized  payloads  sent  to  XML  Parsers   • Schema  poisoning   • Memory  leak  exploitation   Command  Injection   • SQL/XQuery  injection   • XML/Query  injection   • Cross-­‐site  scripting   Malicious  code  attacks  (e.g.,  system  compromise)   • Command  Injection   • Malformed  content   • XML  malicious  morphing   • XML  encapsulation   • XML  virus   • Malicious  include   Privilege  Escalation  attacks/Attacks  on  confidentiality   • Dictionary  attack   • Replay  attack   • Message  snooping  
  • 5. CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com       7.    Challenges:     As  applications  become  more  and  more  complex,  Web  Services  API  management  and  deployment   also  become  more  problematic.  Organizations  are  looking  for  a  centralized  system  that  is  able  to   easily  manage  and  deploy  their  complex  web  services.           Solutions:     Forum  Sentry  is  able  to  automatically  parse,  merge  and  administer  compound  WSDLs  from   multiple  endpoints  into  single  virtual  WSDLs.  User  is  able  to  perform  various  tasks  through  Forum   Sentry’s  intuitive  user  interface,  without  purchasing  any  additional  machines,  to  address  system   mediation  and  other  security  related  concerns.   8.  Challenges:     When  there  are  know  vulnerabilities  in  the  existing  legacy  system  such  as  SQL  injections,   organizations  often  do  not  have  the  time/resource/policy  to  address  these  issues  right  away.               Solution:     Forum  Sentry  provides  an  integrated  anti-­‐virus  engine  on  the  hardware  with  BASE64  encoding   malware  scanning  and  integrated  with  ICAP.  Forum  Sentry  is  also  able  to  effectively  protect  system   from  security  attacks  such  as  SQL  injection,  XSS  attacks,  DoS  attacks,  DDoS  attacks  through  its  IDP   rules  and  WAF  capability.   9.     Challenges:   Data  centers  often  need  to  achieve  a  certain  level  of  SLA  for  their  services;  organizations  need  to   ensure  the  performance  of  their  system  will  meet  the  SLA,  and  also  provide  the  ability  to   distribute  the  transaction  bandwidth  based  on  different  user  groups  or  types.     Solution:     Forum  Sentry’s  built-­‐in  IDP  rules  are  able  to  intelligently  manage  network  traffics  for  users  and   partners.  Forum  Sentry  is  able  to  control  inbound  and  outbound  traffics  according  to  user’s   deployment  strategy.  When  users  or  partners  gone  beyond  the  bandwidth,  Forum  Sentry  will   automatically  log  the  information  via  SNMP,  Email,  SOA  records,  or  Database  trigger  alerts.  All   these  data  also  helps  organizations  to  come  up  with  better  sales  strategy  targeting  different   customer  groups.  
  • 6. CROSSCHECK  NETWORKS  APAC   3F-­‐4,  No.  508.  Sec.  5,  Zhongxiao  E.  Rd.  Taipei  11083,  Taiwan  R.O.C.   www.crosschecknet.com     10.  Challenges:     Organizations  need  a  system  that  will  integrate  with  their  existing  architecture  and  support   technologies  such  as:  Intrusion  Detection  and  Prevention,  Anti-­‐virus,  WAF,  XML  Firewall,  traffic   control,  Identity  management  systems,  system  transformation,  secure  PKI  key  management,   encryption/decryption  acceleration,  transaction  auditing.             Solution:   Forum  Sentry  (emphasis  on  XML  and  SOA  security)  is  a  comprehensive  security  gateway  that   offers  XML  acceleration,  Web  application  firewall,  intrusion  detection/preventation,  access  control   management,  onboard  anti-­‐virus,  encryption/decryption  acceleration,  PKI  key  management,  HSM   and  more.  Forum  Sentry  is  capable  of  handeling  volume  of  over  10  billion  times  a  day  worldwide.  It   offers  the  most  comprehensive  HTML,  XML,  SOAP  and  REST  vulnerability  protection  and  will  also   greatly  improve  the  performance  of  business  transactions.  As  the  pioneer  for  XML  security,  Forum   Systems  owns  registered  XML  security  patent  (7,516,333).  Forum  Sentry  is  also  certified  with  FIPS   by  the  U.S.  Department  of  Defense  security  certification.       11.  Challenges:         Banks  and  Telecommunication  companies  need  to  handle  large  number  of  non-­‐core  business     logics  at  the  front  end  of  the  platform  to  improve  efficiency  and  security  of  their  core  system.       Solution:       -­‐Forum  Sentry  allows  customers  to  access  various  transport  protocols     No  matter  if  it’s  financial  bureaus,  enterprise  banks  with  messages  via  MQ  SSL,  or  midsize  banks  using     HTTP/HPPTS,  even  if  customer  is  using  Web  Services  or  FTP,  they  will  be  able  to  utilize  Forum  Sentry’s     multi-­‐protocol  access  to  process  their  transactions.       -­‐Implementation  user  authorization  and  authentication  through  SSL     Forum  Sentry  is  able  achieve  secure  user  authentication  and  access  control  through  SSL  authorization,  no     matter  if  it  is  MQ  or  HTTP.       -­‐File  format  transformation   Forum  Sentry  is  able  to  transform  file  received  via  MQ  and  HTTP  to  the  same  MQ  message  to  reduce  the     workload  of  the  backend  system.  This  can  greatly  improve  the  performance  of  the  entire  system.       -­‐Data  Preprocessing   When  messages  are  being  sent  via  MQ  or  HTTP  to  Forum  Sentry,  user  will  be  able  to  check  and  validate     the  message  content  and  format.  If  the  validation  is  successful,  then  Forum  Sentry  will  then  convert  the     message  into  a  unified  MQ  message  to  the  backend  platform;  if  the  check  fails,  then  user  gets  “Invalid     Format”  message  without  going  through  the  core  processing  platform.