Programmer errors hurting Web services spread
Worst-case scenarios in which ''the teenage hacker from Albania'' breaks into
corporate XML Web services are not as likely to be the security problem that
disrupts business operations, according to Leon Baranovsky, vice president of
marketing at Reactivity Inc., a Belmont, Calif.-based maker of XML firewall
''What we have found from our early customers is that most of the cost
associated with securing Web services and XML comes not from the teenage hacker,
but from well-intentioned IT professionals,'' he explained.
Like the homeowner who focuses on fireproofing but doesn't notice the small
leak that eventually floods his basement, IT departments obsessing about hacker
attacks can miss little Web services issues that actually disrupt business,
He offered the following example. ''This story comes from a customer of ours
who is a manufacturer on the West Coast,'' Baranovsky said. ''An architect with
that company was awakened at 4 o'clock in the morning because a design partner
on the East Coast had been unable to get a file submitted through a .NET-enabled
application. This architect had to get up, get dressed, go in to work and
rummage through a bunch of log files to figure out what had gone wrong. It
turned out it was something really trivial - their certificate had expired.''
There was no maliciousness in the expiring certificate, he said, it was
simply that the system administrators missed it. But the result, beyond sleep
deprivation for the West Coast architect, was an unnecessary delay for the East
Coast business partner and a bi-coastal loss of productivity, Baranovsky said.
In his view, XML Web services security needs to look beyond putting up
firewalls to stop hackers; it needs to focus on more mundane but potentially
costly problems, like an expired certificate, that bring transactions to a
Reactivity, which for the past year has offered a software security product,
this week announced the release of its Reactivity XML Firewall appliance, which
combines software and hardware.
The company is including features, such as an alert when a certificate is due
to expire, that are designed to prevent non-malicious and unintentional
disruptions of services, Baranovsky said.
For further information, please go to http://www.reactivity.com.
Rich Seeley is Web Editor for Campus Technology.