One of the first steps to protect systems that receive XML and SOAP traffic is to scrub the data. Unfortunately, though, most apps don't wash their data before consuming it, which can lead to trouble if the data contains malicious SQL commands, incorrect data types or oversized strings.
To help you find dirty data, Teros offers its Secure Application Gateway, now running version 4 of its Application Protection System (APS), which supports XML traffic, including SOAP (Simple Object Access Protocol). The device ships as a hardened Linux appliance with 4 GB of RAM, dual Xeon processors and internal redundancy. It provides centralized cluster management and standard failover. Like a Layer 4 firewall, APS forwards traffic based on port and secures requests based on the URL or, in APS nomenclature, an application. Those familiar with SOAP would call this an endpoint, but we'll let Teros slide because APS not only handles XML traffic, it also scrubs data headed for legacy Web apps.
APS consumes WSDL (Web Services Description Language) to learn about the endpoint, operations and basic structure of an incoming XML document, but does not fetch the document itself--instead, it must be uploaded to the device.
APS provides SOAP-specific security at the XML element level and at the operational level. Although APS does not provide authentication or authorization, it blocks requests for invalid operations, which prevents attack from probing your service-oriented architecture and keeps back-end servers from consuming resources by unnecessarily parsing verbose XML docs.