Processing more than one billion transactions per day worldwide, the FIPS- and DoD-certified Forum Sentry XML Gateway offers the industry's most comprehensive protection against XML- and SOAP-based vulnerabilities. Extending its data integration capabilities to self-service portals and Web applications, Forum Sentry now provides enterprises and government agencies with the foundation for achieving SOA federation. By fostering this deeper, more meaningful Web experience, Forum Sentry enables greater visibility into: real-time usage of services; billing information; historical usage and billing data; inventory levels; and product promotions.
"With the maturation of XML- and SOA-based deployments, re-usable Web services are more frequently being invoked by portals and Web applications," said Mamoon Yunus, CEO of Crosscheck Networks. "Forum Sentry empowers more secure, efficient and seamless information exchange among back-office applications, Web services, and customer and partner portals " the hallmarks of true SOA federation " and offers users more control of their Web interactions."
According to Daniel Sholler, Research VP, Gartner, "The goal of this SOA integration is to create federated models across a broad range of functions to provide coherent services that the organization sources internally or externally. This competency will determine the winners in future IT environments."1
Continuing to set the benchmark for securing Web services, key new capabilities available via Forum Sentry include:
* HTML Portal Virtualization " Deployed in a "proxy" setting, Forum Sentry removes the identity and security burden from Web sites and portals. Leveraging Single Sign On (SSO) functionality across existing infrastructures, Forum Sentry's non-intrusive, agentless design accelerates security and identity on a dedicated device " without requiring code changes to backend Web applications and services, or additional capital expenditure costs.
* Central Cookie and SAML Processing " Forum Sentry authenticates and authorizes both portal- and Web services-related identity tokens " the cornerstones of Federated SOA. Credentials are shared " regardless of where the services reside " throughout the entire transaction, producing an enhanced, seamless user experience without compromising security. * Federated Two-Factor Authentication " Promoting greater security, Forum Sentry requires two pieces of information for identity verification of internal and external partners. It removes the complexities so often associated with token sharing across portals and Web services, while still enforcing the highest levels of authentication and authorization.
* Protocol/Document Attribute Mapping " Promoting greater ease of use, HTTP/HTML header information can be mapped into messages and documents. User information from HTTP can be transferred into a SOAP or XML message for usage elsewhere in the network " independent of protocol " enabling SOA Federation across both XML and HTML traffic.
Forum Systems continues to support the widest range of mature and evolving protocols and industry standards. Specifically, Forum Sentry supports: sFTP for secure B2B and internal file transfer in legacy environments; AS2 for secure exchange of structured business data (EDI messages, XML, flat files, spreadsheets and CAD/CAM data) via HTTP or HTTPS; WS-SecureConversation for message integrity (signatures) and privacy (encryption) where performance is paramount; and WS-Reliable Messaging for guaranteed delivery, bolstering Internet reliability.
In May 2009, Crosscheck Networks acquired Forum Systems to provide an industry-first, comprehensive Web services "lifecycle" product suite. The companies' products can be deployed together or seamlessly integrated with organizations' existing infrastructure. In addition to Forum Sentry, the enterprise-class suite comprises:
* SOAPSimulator " An affordable, easy-to-configure, comprehensive service simulation product for developers and testers, SOAPSimulator enables Web services to significantly reduce project expense and duration by allowing parallel development of the client and service components of a SOAP- or XML-based Web service.
* SOAPSonar " Provides modes for functional, multi-client performance, compliance and security testing of SOAP-, XML- and REST-based services. Notably, SOAPSonar offers enterprises the unique ability to test functional and performance characteristics of unlimited-sized Web services attachments via streaming of structured and unstructured data based on industry standards such as MTOM and MIME. And with support for WS-Trust, SAML 2.0, and WS-identity tokens, SOAPSonar ensures a best-practices approach to federated identity management.
Crosscheck Networks at OWASP AppSec 2009
Yunus and CTO Jason Macy will present the session titled, "Techniques in Attacking and Defending XML/Web Services." Members of the media and market research communities interested in meeting with Yunus and Macy at OWASP AppSec 2009 are welcome to contact Bryan Grillo from CHEN PR at [email protected] or 781-672-3129.