DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY /    ( Table of Contents )

Breaking News - Security:

Parasoft Offers Solution For Web Services Security

Parasoft, a leading provider of Automated Error Prevention software solutions, announced that Parasoft SOAPtest offers businesses a solution for building security into their Web services.

A recent Gartner report argues that Web services security is immature and that complex, multi-party Web services will require newer, more versatile security patterns for electronic transactions. Gartner warns that the key security specification, WS-Security, which protects the confidentiality of a message and is backed by the Organization for the Advancement of Structured Information Standards, will not provide a complete security solution for complex Web services, where transactions cross organizational boundaries.

"Leading analysts are telling companies to use vendor-provided technology to build security into their Web services transactions while Web services security standards are maturing," said Adam Kolawa, Parasoft chairman and CEO. "Our Web services product, SOAPtest, already includes the pattern recognition technology to serve as a security filter. SOAPtest can act as a proxy server, allowing companies to view and verify messages between a client and a Web service."

With the SOAPtest RuleWizard feature, companies can establish and verify specific patterns contained in the SOAP message. As messages are sent from a client, SOAPtest will check for consistencies, and send the messages on to the appropriate service. If a message is inconsistent with the established pattern, a SOAP fault is returned to the client, thereby ensuring security across the service.

"Many security issues arise today because systems don't know how to deal with unexpected inputs, which can cause the system to crash or to perform in an unexpected way," said Kolawa. "Since such a large number of clients may access the server, it will inevitably receive unexpected requests. Companies must verify Web service security by confirming that unexpected inputs do not violate security safeguards, and SOAPtest can perform this testing automatically."