Free Tools Speed Web-Services Security

Vordel Ltd.'s SOAPbox lets users of Web services test security without coding. It joins a recent wave of offerings from Reactivity and Mindreef as well as Westbridge technology.

Free tools, including Vordel Ltd.s SOAPbox, are making it easy for Web-services users to get started with security.

Vordel, of Dublin, Ireland, on Wednesday introduced the Vordel SOAPbox, a free tool for testing Web-services security. The tool is used to create XML messages containing security tokens, without requiring the writing of any code, the company said.

And developers and others will be able to use Vordel SOAPbox to make XML messages that support the WS-Security and Security Assertion Markup Language (SAML) to test the Web service for compliance with security policies.

The product enables the inclusion of SAML assertions and X.509 certificates in SOAP messages using a graphical user interface rather than writing code.

Vordel SOAPbox is available for download.

"Vordel does appear to be first to market with a Web-services security testing tool," said Jason Bloomberg, an analyst with ZapThink LLC, Cambridge, Mass.

"There are a range of Web-services testing and monitoring tools on the market from such companies as Parasoft [Corp.], Westbridge Technology [Inc.], Service Integrity [Inc.], and Mindreef [Inc.], and IBM and Microsoft offer Web-services security development tools, but none of these offer Web-services security testing. So Vordel is definitely filling a need with this tool.

"Vordel is a company currently at a transition point, moving to a new, broader version of their software and finally looking to enter the U.S. market," Bloomberg said. "This tool should definitely get them some international attention at just the right time."


On Nov. 3, Reactivity Inc., of Belmont, Calif., and Mindreef Inc., of Hollis, NH, announced a partnership to provide a free, co-branded version of Mindreefs SOAPscope Lite, which enables users to find unchecked Web services on their network and showing the content of XML and SOAP messages, the companies said.

The co-branded version of SOAPscope Lite is available on the Reactivity Web site.

Westbridge Technology Inc., of Mountain View, Calif., at the end of last year started shipping the Westbridge XML SOAP Monitor, a free tool to monitor Web-services traffic on enterprise networks.

The Westbridge XML SOAP Monitor can be used in a stand-alone situation in conjunction with Westbridges XML Message Server "to produce not only detection of unauthorized traffic, but also enforcement of security policies," said Andrew Yang, senior director of product management at Westbridge.

Yang said a tool like the Westbridge XML SOAP Monitor is useful to enterprises because—like early projects using HTML—several developers within a business who are creating Web-services pilots may be exposing sensitive corporate information. The Westbridge monitoring tool, like Mindreef/Reactivity offering, would identify unauthorized traffic.