Home : Forum Vulcon™
Forum Vulcon™ Web Service Vulnerability Containment

Web service vulnerability intelligence, surveillance & assessment.

Product Overview

Forum Vulcon prevents against XML-related threats by offering a set of services and countermeasures such as vulnerability assessment, antivirus updates, software updates and recommendations to enhance systems defenses.

click to enlarge

For more information:

Global Shared Vulnerability Executive White Paper
Visit the VulCon Portal

Background

The onslaught of viruses and worms that affect today's email systems, web sites and IT is a steady reminder that security must not be taken for granted. Web Services pose an even greater risk to business because of the open architecture of standards such as XML, SOAP and WSDL that make them susceptible to organized attacks, accidental misuse and malicious abuse.

In fact the degree of information exposure posed by Web services and shared XML data is unprecedented to organizations that have traditionally relied on a DMZ with notions of a perimeter to limit information flow. Web services are causing a "de-perimeterization" of the enterprise and raising a new class of business process security breaches, such as denial of Web Service attacks, unauthorized WSDL API access, XML Schema integrity failures and SOAP attachments with viruses.

The reason for this new breed of "data-level" threats is that the vulnerability profile for an XML-enabled product or Web Services transaction exposes a number of new moving parts:

  • XML Parsers
  • UDDI Directory
  • WSDL End-point
  • SOAP Messages
  • Loosely Coupled Interactions

The discipline of testing for security or vulnerability assessment is needed to complement security policy enforcement and internal controls. While policy enforcement protects an enterprise from "what they know", vulnerability assessment tells a company "what they do not know" in order to take appropriate action before problems actually occur.

Business Benefits

  • Up-to-date security intelligence and awareness of all things XML
  • Network based policy updates
  • Aggregated reports on vendor product vulnerabilities
  • Access to a community of active consumers and producers of Web Services
  • On-line vulnerability assessment services

Feature Highlights

  • Third party source of vulnerability reports
  • WS-I Validation Service
  • WSDL based access to vulnerability database and services
  • Remote Patch Management
  • XML Intrusion Prevention (XIP) Database Update Facility

© Copyright 2001-2008, Forum Systems, Inc. All rights reserved.