>>Return to the microsite

Protecting Enterprise, SaaS & Cloud based Applications – A Comprehensive Threat model for REST, SOA and Web 2.0

This technical document describes a comprehensive threat model for a new breed of threats based on XML content, including XML languages used in the Service Oriented Architecture (SOA) paradigm such as SOAP and the Web Services Description Language [WSDL]. In today’s environment, architectures and protocols are shifting towards XML and new sets of technology vectors are emerging such as REST and XML-RPC. With Web 2.0, new threats loom on the horizon and consequently new protection methods are required to defend the application layer consuming and serving XML streams. Ajax- and RIA-based applications (Flash and Silverlight) are redefining the usage of XML streams and bringing about a shift in the threat model.

In addition, this document attempts to define the concept of XML Intrusion Prevention (XIP) as an analog to traditional network-based intrusion prevention. A new type of threat called an XML Content Attack is defined, and examples are provided for each layer in the threat model. Also, this document attempts to use the problem of lost context between XML processing layers to characterize many of the security problems that arise during XML processing. Finally, a specifc type of content-aware application-level proxy or firewall countermeasure is illustrated with Intel SOA Expressway.