Forum Systems Issues Alert for Ajax Related Security Threats and Performance Challenges

SALT LAKE CITY, Utah — January 30, 2006 — Forum Systems, the leader in Web services and SOA security for threat protection and trust management, today issued an alert for Asynchronous JavaScript and XML (Ajax) related security threats and performance issues. Ajax is being used by Web sites run by Google, Yahoo!, Amazon and others. By enabling the creation of interactive and highly responsive Web pages that are interoperable with Web Services, Ajax also dramatically increases the amount of XML, text or HTML network traffic being transmitted. The use of XML as the content type for requests and response payloads means that applications will be exposed to new security vulnerabilities and application performance degradation. Forum Systems recommends that organizations implement server-side content filtering, Web Services Security and XML Acceleration to ensure scalable and secure Ajax applications.

AJAX Driving Next Generation Web 2.0 Applications

Today’s applications that are built with HTML are typically stateless and as a result every time data or user interface (UI) components need to be changed, the entire page must be submitted back to the server for an update. Numerous round trips, especially when large quantities of data are passed between client and server, can result in users experiencing long waits. Ajax makes a leap forward in usability because it allows the client to communicate with the server without interrupting the user from their activities. This enables workflow and background processes to continue processing with increased response times for the user.

Application developers looking for standards based presentations with simplified data manipulation, exchange and interaction will likely choose XML as the payload format between client and server. This option also makes the application immediately interoperable with Web services and Service-Oriented Architectures (SOA’s). “Ajax overcomes a well-known limitation in traditional Web interfaces, where a user must wait to reload the page anytime they call up new data,” said Walid Negm, vice president of marketing for Forum Systems. “While Ajax affirms the viability of the Web as a standalone software development platform, it also brings with it performance and security considerations that both developers and companies implementing Ajax need to be aware of and prepared to handle. Forum’s XML filtering and Web Services Security is being deployed today to address Ajax scalability within business-to-consumer applications.”

Forum XWall Addresses Acceleration and Validations Needs of Ajax
Asynchronous server-side validation of data means the user does not have to wait for the screen to refresh to realize they entered an incorrectly formatted Social Security Number or email address. This poses a challenge for application servers that now have to deal with additional parsing and exception management associated with DOM (Document Object Model) processing and XSL (Extensible Style Sheet Language) Transformations. Forum is used to validate in-bound as well as out-bound data and enforce security policies at a lower total cost of ownership and with forward looking capacity handling. “Forum Systems is well positioned to anticipate XML related threats because of its extensive experience in service-oriented security,” said Jason Bloomberg, Senior Analyst at ZapThink. “By acknowledging the exposure of Ajax applications, developers and administrators will be well prepared to handle even accidental events that may disrupt business.”

About Forum XWall Web Services Firewall
Forum XWall is the first and only standalone Web Services Firewall with XIPâ„? (XML Intrusion Prevention), XML Acceleration, XSLT, XML Schema Validation, WS-I Profile conformance, WSDL Access Control and XML Antivirus. Forum XWall is built specifically for high speed parsing and content acceleration with performance rates greater than 10,000 XML messages per second. Pricing for Forum XWall starts at $2500 for software and $30,000 for hardware configuration, with additional subscription fees for antivirus and Forum VulCon updates. The product is available from Forum’s Website and direct sales including channel and OEM partners.

Forum XWall Web Services Firewall Features:

§ Data validation with request and response pre-processing

§ XML intrusion prevention for malicious activity prevention

§ Content filtering, transformation, aggregation and shredding

§ Comprehensive WS-Security processing

§ Content Acceleration (XSD streaming validation, XPATH queries and XSLT)

About Forum Systems

Trustworthy, ubiquitous and robust Web services can only be achieved by combining security controls that are proactive, always on and systematic. Forum Seamless Security Solutions Architecture (Forum S3Aâ„?) is an adaptive approach to building security minded service-oriented applications and data-level networks using life-cycle solutions including vulnerability management, testing systems, firewalls and gateways. Forum products are available as software, PCI-card and appliance options and comply with government requirements including CheckPoint OPSEC Certification, FIPS Certification, Common Criteria EAL 4+ (in process) and JITC DoD PKI Certification. Forum Systems is an active a member of OASIS and WS-I helping mature standards such as WS-I Basic Profiles, SAML and WS-Security. Customers can benefit from Forum technology that is bundled with market-leading products: Microsoft ISA Server 2004, NetContinuum NC-1000 WSE, Crossbeam Systems, Breach Security and Network Engines NS6300X. For more information on adaptive solutions for Web services security visit http://www.forumsys.com .

Forum Systems, Inc. is the Leader in Web Services and SOA Securityâ„? with a comprehensive suite of trust management, threat protection and information assurance solutions for the automated Web. Forum Systems’ flexible hardware, software and embedded products make vibrant business communications possible by actively protecting XML data and Web services across networks and business boundaries. Forum’s products have been chosen by over 150 Fortune 1000 industry leaders and are winners of Network Computing Magazine’s Well-Connected 2004 Award and Product of the Year 2004 Award, Network Computing Magazine’s Editor’s Choice 2003 Award, Network Magazine’s Product of the Year 2003 Award and DEMO 2004 Invitation. Forum XWall Web Services Firewall is the industry’s only XML Firewall selected by InfoWorld LEADERBOARD 2004. Visit Forum at http://www.forumsys.com/ .




Share this