The Threat is Out There! XML Threats and DataPower
Abstract
Remember when we thought HTML was "harmless text"? And then scripting got added, and the "surprises" that came with that as hackers thought up ingenious ways to hack and compromise Web sites? Well, now systems built using newer technologies such as SOA, Web Services, SOAP, and XML are the new frontier for hackers and there are whole new classes of threats built around these "harmless" and "firewall-friendly" technologies. Newer technologies such as SOA, ESB, and even Web Services often present fertile ground for hackers, as hardening techniques and staff expertise have not yet been established and new products/technologies will have bugs that can be exploited. This session will show several classes and many types of XML attacks, how they can be used to affect service availability in software-based web services hosts, and how DataPower can be used to prevent such attacks. A real-life scenario is described and there may be a short demonstration.
Speaker
