XML to XHTML rendition and stylesheets via
XSL•FO
by
RenderX
- author of
XML to PDF formatter. Originally used stylesheets by P.Mansfield.
|
Keywords: XML, intrusion prevention, security, web services, XML web services
Many organizations are discovering that traditional network protection and infrastructure systems lack the functionality, performance, and operational efficiencies to provide a cost effective and scalable XML Threat Prevention solution. This presentation describes the unique security challenges that XML Web Services present to traditional network protection and infrastructure solutions such as Firewalls (FW), Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS). To address these concerns, the presentation establishes a new XML Web Services Network IPS as an important element to address key XML Web Services threat and security requirements. With this next generation IPS, the presentation defines a new approach for XML security and threat prevention with a logical separation between:
XML Web Services Trust Enablement: The ability for Web Service applications to proactively protect data and communication
XML Web Services Threat Prevention: The ability for Web Service network infrastructure to protect against known and unknown XML network threats that could impact the availability and integrity of the Web Services application
The participant will learn more about:
*Concerns with the span of functionality attempted by XML Proxy FW
*Impact of XML Proxy FW on enterprise organizations and operations
*Concerns with specific limitations of XML Proxy FW implementations
*How a next-generation XML NIPS addresses XML Web Services security and threats
The author did not prepare a paper for the proceedings.
Steve Orrin is CTO for Sarvega, Inc. and is responsible for the product strategy and direction. Steve was formerly Vice President of Security Solutions for Watchfire, Inc. and was responsible for the product strategy and direction of Watchfire's web application security and privacy software product lines. Steve was previously CTO of Sanctum, a pioneer in Web application security testing and firewall software, and came to Watchfire through an acquisition of Sanctum. Prior to Sanctum, Steve was CTO and co-founder of LockStar Inc. LockStar provided enterprises with the means to secure and XML/WebService enable legacy and enterprise applications for e-business. Steve joined LockStar from SynData Technologies, Inc. where he was CTO and chief architect of its desktop email and file security product and also managed the technology and software development team. Steve has spoken several times at RSA, ISACA conferences, N+I, TEPR, Vanguard and SANS conferences. Most recently he presented at Best's Review E-Fusion, and NGN. Steve was named one of InfoWorld's Top 25 CTO's of 2004 and has developed several patent-pending technologies covering user authentication, secure data access and steganography and has one issued patent in steganography. Steve is a member of the Network and Systems Professionals Association (NaSPA), the Computer Security Institute (CSI) and the Information Systems Security Association (ISSA), SEI (Software Engineering Institute), and is a co-Founder of WASC (Web Application Security Consortium). He participates in several working groups of the Internet Engineering Task Force (IETF) and OASIS, the Organization for the Advancement of Structured Information Standards.