Web services and service-oriented architecture security software provider Forum Systems issued an alert on Jan. 30 for AJAX-related security threats and performance issues.
The use of Asynchronous JavaScript and XML enables responsive and interactive Web services; however, the reliance on XML as the content type for requests and response payloads means that applications are exposed to Web services vulnerabilities, Forum officials said. Thus, officials recommend that organizations implement XML content filtering, Web Services-Security and XML acceleration capabilities to ensure scalable and secure AJAX applications.
AJAX dramatically increases the amount of XML network traffic being transmitted, exposing applications to Web services vulnerabilities; AJAX extends Web services from business-to-business to business-to-consumer and transforms a users Web browser into a Web services portal, thus exposing it to potentially corrupted data that can cause the browser to crash or perform poorly; malformed messages can disrupt server performance due to excessive parsing and exception handling; and XML messages can consume more than double the bandwidth of traditional binary data formats, leading to systemwide performance degradation, company officials said.
Walid Negm, vice president of marketing at Forum Systems, in Salt Lake City, said Forum XWall Web Services Firewall features XML filtering and Web services security and serves as an AJAX scalability solution.
“By acknowledging the exposure of AJAX applications, developers and administrators will be well-prepared to handle even accidental events that may disrupt business,” said Jason Bloomberg, an analyst with ZapThink, in Waltham, Mass., in a statement.
Forum XWall Web Services Firewall features data validation, XML intrusion prevention, content filtering, WS-Security processing and content acceleration.
Pricing for Forum XWall starts at $2,500 for software and $30,000 for hardware configuration.