InterDo Protects SOAP-Based Web Services

Software monitors application traffic at the business logic level and compares it against known policies for violations.

Kavado Inc. on Monday unveiled a new module for its flagship product, which now is capable of protecting Web services that rely on the SOAP protocol.

The companys InterDo software is designed to monitor application traffic at the business logic level and compare it against known policies for violations. In the Web services environment, it will provide an additional layer of security on top of user authentication and message encryption.

InterDo will compare SOAP (Simple Object Access Protocol) messages to the standard SOAP definitions and look for discrepancies that could damage Web applications. In addition, the software will protect against a variety of known application security issues, including SQL injection, buffer overruns and application-language mismatches.

SOAP, developed by Microsoft Corp., is an XML-based protocol that is used extensively in Web services and is designed to enable applications to access services and objects across multiple platforms.

Currently, most of the talk of security as it applies to Web services has centered on the need for a strong identity management system available to anyone who wants it.

There has been little attention given to the security of the data and services themselves. A growing number of vendors, including Kavado and Sanctum Inc., are starting to fill this void with application-level security offerings.

"Web services is a tremendously exciting concept, but organizations looking to deploy it must not rush into rollouts without fully understanding where the easily exploited weak points are and how to protect them," said Yuval Ben-Itzhak, chief technology officer and co-founder of Kavado, based in New York. "They will need to implement a range of security measures and technologies, the most important of which is protection at the Web application layer."