• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Added by Sridhar Guthula, last edited by Sridhar Guthula on Nov 17, 2008  (view change)
14 Nov 2008 01:06 PM EST Permalink | Twitter Post to Twitter | Comments (0) | Views (6859) |
XML Security Features in Netscaler 9.0
[ Tags: xml ,   soa ,   woa ,   rest ,   security ,   firewall ,   validation ,   soap ,   xdos ,   web 2 ,   web services ,   threat protection ,   sql injection ,   denial of service ]
posted in AppExpert - Netscaler by Sridhar Guthula

One of the long awaited new features in NetScaler 9.0 is XML security.  In 2007, Citrix acquired QuickTree, a small privately-held software technology provider on the forefront of addressing the key security and performance challenges of XML, web services and Web 2.0.  With Netscaler 9.0 the XML security capabilities acquired from QuickTree are fully integrated into the Netscaler web application delivery appliance.

Some the XML Security Features available in the new NetScaler release:

Feature

Benefits

Format Checks Prevents malformed or not well-formed messages from reaching the server.
Denial of Service Prevention Thwart attacks (like large elements, deeply nested messages, etc.) that attempt to exhaust server resources or exploit weakness in the xml parsers and applications on the server.
Recursive Expansion Attack Prevention Protects against messages containing recursive entity expansion attacks in their document type definition (DTD).
External Entity Attack Prevention Prevents server from processing data from untrusted sources.
XML Attachment Security Protects against attachments that contain malicious executables and viruses from reaching the server
SQL Injection Check Protects back-end SQL-based database servers and prevents from hackers obtaining information that they were not entitled to obtain
Cross-site Scripting Check Prevents Web 2.0 applications from cross-site scripting attacks
Start URLs Prevent against forceful scanning for services on a server.
Deny URLs Prevents attacks against various known security weaknesses that exist in different web server
Cookie Consistency Protect sensitive data by preventing hackers from logging in under other user's credentials.
Buffer Overflow Prevents attacks against insecure operating system or web server software that can crash or behave unpredictably when it receives a data string that is larger than it can handle.
Service Obfuscation Protects against service scanning attacks by rewrites end-point locations to obfuscate the true location of the service.
SOAP Message Validation Ensures only messages that are compliant with the SOAP and WSDL standards reach the server and offloads this validation process from the server.
XML Schema Validation Ensures only messages that are compliant with a given XML Schema reach the server and offloads this validation process from the server.
Web Services Interoperability Checks Performs a wide variety of checks on SOAP messages to ensure that they are compliant with Web Services Interoperability Organization (WS-I) recommendations.
Data Leak Prevention Prevents credit card and other sensitive business data from leaving the organization.
Service Proxy Provides transport level security for all XML and Web Services messages by acting as the SSL proxy.
Rate Limiting Prevents overwhelming the server by limiting the number of requests per second
PCI DSS Report Provides a detailed Payment Card Industry (PCI) Data Security Standard (DSS) report which lists all the relevant PCI DSS criteria
Alerts Via SNMP Alerts a designated person or server when a there is a security violation.
Violation Counters Displays counters for monitoring all violations.
Historic Charts Built-in and customizable charts for viewing historic traffic patterns and violations.
Express Configuration Protects XML applications right out of the box with very little configuration and maintenance
Secures All Flavors of XML Applications With the combination of XML, HTML, and HTTP security features, single appliance can protect Plain-old-XML (POX), SOAP, REST, Web 2.0, .Net and all other flavors of XML applications.


Labels

xml xml Delete
soa soa Delete
woa woa Delete
rest rest Delete
security security Delete
firewall firewall Delete
validation validation Delete
soap soap Delete
xdos xdos Delete
grp-ape grp-ape Delete
web 2 web_2 Delete
web services web_services Delete
threat protection threat_protection Delete
sql injection sql_injection Delete
denial of service denial_of_service Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Personal Blog
Sridhar Guthula