Briefing: XWall 3.0
starting at $2500
With Web services having been around for a few years now, we're finding
out that life isn't quite as easy as just throwing objects over the wall
on port 80 and reconsituting them on the other end of the wire. Forum
offers a number of products designed to make exposing Web services more
secure, as well as to improve functionality and interoperability over
what's offered by the basic Web services protocols. This week they
announced version 3.0 of their XWall Web services firewall. I managed to
drag them away from the N+I trade show floor long enough to talk about
the new release.
One of the problems to just exposing your WSDL to the world is that this
opens you up to a variety of attacks. How will your XML parser react if
someone throws a few megabytes of information into what should be a
short element? Are you free of SQL injection attacks carried by XML
payloads? These are just two of the possibilities covered by Forum's XIP
(XML Intrusion Prevention) protocol, which allows you to set parameters
on things like the amount or size of traffic, and to do so on a document
or element level. You can also secure all or part of a document so that
it's only available to particular users, create an audit trail, and hide
your actual Web services servers behind the firewall.
The new version adds WS-I 1.0 Basic Profile conformance checking at both
design and runtime. One unique capability is that you can decide which
parts of WS-I really matter to your organization, and configure the
XWall accordingly. A developer can then upload the WSDL they're working
on to the XWall, and get back a log or HTML report listing any
conformance problems that reflects the corporate choices. The XWall will
also help you analyze WS-I failures with plain language explanations of
the sometimes cryptic conformance test names.
If you're interested in following up, there's a 90-day free download
version on the company's Web site. I'll be taking a more in-depth look
myself for a future review.
Mike Gunderloy has been developing software for a quarter-century now, and writing about it for nearly as long. He walked away from a .NET development career in 2006 and has been a happy Rails user ever since. Mike blogs at A Fresh Cup.