Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Securing SOA: Filling a Hole

It's certainly a good idea to build security into your SOA, but once you've done that how do you know it's secure? And while you can certainly hope that you've achieved WS-I Basic Profile compliance, how do you know if you don't have a way to test for it?

Forum Systems thinks they have the answer...
Web application security vendor Cenzic as well as many others already provide web-based application vulnerability assessment services. And while there are plenty of players in the SOA security space, including some traditional web application security players, no one yet has seen fit to offer SOA specific vulnerability assessment as a service. And they certainly aren't offering any of them for free.

Mindreef has long offered SiteScope for WS-I Basic Profile conformance testing, while Parasoft recently jumped into the security assessment game with its SOAPtest 4.0.

But Mindreef's jabberwocky-like report for WS-I Basic Profile compliance is barely understandable to even those with a PhD, and SOAPtest is not a service and takes some time and effort to configure and understand before it's useful to security staff.

So Forum Systems decided to marry the two and will soon be offering a service-based vulnerability assessment and WS-I compliance scan designed to help discover vulnerabilities in your SOA offering and present WS-I Basic Profile compliance assessments in an easily understandable report. Forum XPose is an on-line, subscription based offering not only testing Web services for vulnerabilities, but also providing actionable intelligence based on role and responsibility. Forum indicates it will also offer some reports for free, though which reports will be free has yet to be determined.

  • 1