XML Gateway Alchemy

Rizwan Mallal

Subscribe to Rizwan Mallal: eMailAlertsEmail Alerts
Get Rizwan Mallal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Evolving from Static HTML to Dynamic Portals: Security Implications

Companies that deploy websites with static HTML content typically use Web Application Firewalls (WAFs) to protect their static HTML content. With the proliferation of social media-type interaction via browsers and mobile devices, corporate portals are evolving from a "Refresh-mode" to "Widget-mode" portals that integrate disparate company systems into a unified customer portal. Each widget may be an independent unit with its own data feeds and update intervals. The rapid evolution of static HTML websites to dynamic web portals that function as composite applications could not be more evident in the banking applications that we are are now accustomed to. The security implication of dynamic portals is primarily driven by the following factors:
  1. Content Complexity:  HTML, XML, SOAP, JSON, MTOM, SwA, PDFs, GIFS, JPEGS are a few of the content types that are generated and consumed by web portals.
  2. Identity Diversity:  From simple cookies to signed SAML tokens, web portals have to handle a plethora of token types and provide Federated Identity capabilities for single sign on.
  3. Malware Matrixing:  A matrixed set of channels via different content types are now available for malware to make its way into the enterprise.  For example, in the static HTML days, SQL Injection could come over HTML data, but now can readily move over XML.
Forum Systems, the only patented XML Gateway in the industry, has now extended its technology leadership by addressing security for dynamic web portals with the announcement of Forum Sentry WAF at Infosec UK, 2011.  For details, see Forum Sentry WAF.

For product announcement, see: Forum Systems delivers Industry's First Unified Content Firewall.

Read the original blog entry...

More Stories By Rizwan Mallal

Rizwan Mallal serves as the Vice President of Operations at Crosscheck Networks, Inc. As a founding member and Chief Security Architect of Forum Systems, the wholly owned subsidiary of Crosscheck Networks, Rizwan was responsible for all security related aspects of Forum's technology.

Previously, Rizwan was the Chief Architect at Phobos where he was responsible for developing the industry's first embedded SSL offloader. This product triggered Phobos's acquisition by Sonicwall (NASD: SNWL). Before joining Phobos, he was member of the core engineering group at Raptor Systems which pioneered the Firewall/VPN space. Raptor after its successful IPO was later acquired by Axent/Symantec (NASD:SYMC).

Rizwan started his career at Cambridge Technology Partners (acquired by Novell) where he was the technical lead in the client/server group.

Rizwan holds two patents in the area of XML Security. Rizwan has a BSc. in Computer Science from Albright College and MSc. in Computer Science from University of Vermont.