• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Blogs for tag 'web services'

Permalink | Twitter Post to Twitter | Comments (1) | Views (7207) |

20 Nov 2008 01:30 PM EST
What is new in the Application firewall in 9.0?
[ Tags:  appfirewall ,   xml ,   soa ,   security ,   firewall ,   soap ,   woa ,   rest ,   validation ,   xdos ,   xss ,   web services ,   sql injection ,   web 2 ,   threat protection ,   denial of service ,   nonspecific ]
posted by vamsi Korrapati

XML firewall

In 9.0, the Application Firewall can be used to protect applications that use XML payloads. These applications include SOAP-based Web services, AJAX applications and REST-based applications that use XML. XML specific security features include

  •     XML Denial of Service protection,
  •     XML Well-formedness check,
  •     XML attachment detection,
  •     Message validation (Schema)
  •     Cross Site scripting and SQL Injection protection
  •     Web services Interoperability (WSI) check

 XML protection is integrated into the Application Firewall. So all applicable firewall features including Start and Deny URLs, Buffer overflow, Cookie protection and Safe Object checks are available. More details on the XML firewall functionality can be found at XML Security Features in Netscaler 9.0

Application Firewall - Integrated Caching interoperability

The 9.0 release has full interoperability between the Application firewall and the Integrated Caching (IC) module on the Netscaler. In the 8.1 release, the Application firewall supports IC for features that do not require parsing the response body.  In 9.0, this restriction is removed. This results in better performance if the application html pages are cacheable. Features like Form field consistency and URL closure benefit from this new functionality.

URL Transform module

URL transform module provides an easy regular expression based approach to rewrite requests and response URLs. This feature is available separate from the application firewall license. It builds on the application firewall parsing technology to rewrite only valid html links.

Custom error pages

When the Application Firewall detects and blocks an invalid request, it can serve out a custom HTML response that has been uploaded or do a 302 redirect to a configured URL. Previous releases could only do the 302 redirect.

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (7925) |

17 Nov 2008 11:13 PM EST
Advantages of an integrated security solution for HTML and XML
[ Tags:  xml ,   web ,   woa ,   soa ,   rest ,   silverlight ,   flex ,   netscaler ,   security ,   firewall ,   web services ]
posted by Sridhar Guthula

NetScaler's Application Firewall offers great protection for Web Applications via a positive security model that lets the user decide what is allowed to reach their web server. Web site vulnerability and compliance requirements can be met by deploying this integrated firewall.

But the concept of the web is changing. Expanding beyond the traditional web pages, many sites now include programmable interfaces accessible via XML based APIs. While web sites are mainly for consumers, the programmable APIs are used by business partners and customers to automate and integrate systems. The APIs are also getting used by emerging Web 2.0 enabled Rich Internet Applications (such as Adobe Flex and Microsoft Silverlight) that get deployed inside a consumer's browser. Once deployed, these RIAs will make active and passive calls to the exposed APIs of a web site. Often exchanging information in the background using an XML based protocol like REST or Web Services.

As the Web and programmatic APIs continue to become more of an integrated offering, it is important to provide security for the APIs as well as for the Web site. NetScaler 9.0 introduces a major new module inside the Application Firewall centered on XML Security. With these new capabilities, users will be able to simultaneously secure HTML based web sites as well as XML based REST and Web Services APIs.      

Useful Links

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (8830) |

14 Nov 2008 01:06 PM EST
XML Security Features in Netscaler 9.0
[ Tags:  xml ,   soa ,   woa ,   rest ,   security ,   firewall ,   validation ,   soap ,   xdos ,   netscaler ,   web 2 ,   web services ,   threat protection ,   sql injection ,   denial of service ]
posted by Sridhar Guthula

One of the long awaited new features in NetScaler 9.0 is XML security.  In 2007, Citrix acquired QuickTree, a small privately-held software technology provider on the forefront of addressing the key security and performance challenges of XML, web services and Web 2.0.  With Netscaler 9.0 the XML security capabilities acquired from QuickTree are fully integrated into the Netscaler web application delivery appliance.

Some the XML Security Features available in the new NetScaler release:

Feature

Benefits

Format Checks Prevents malformed or not well-formed messages from reaching the server.
Denial of Service Prevention Thwart attacks (like large elements, deeply nested messages, etc.) that attempt to exhaust server resources or exploit weakness in the xml parsers and applications on the server.
Recursive Expansion Attack Prevention Protects against messages containing recursive entity expansion attacks in their document type definition (DTD).
External Entity Attack Prevention Prevents server from processing data from untrusted sources.
XML Attachment Security Protects against attachments that contain malicious executables and viruses from reaching the server
SQL Injection Check Protects back-end SQL-based database servers and prevents from hackers obtaining information that they were not entitled to obtain
Cross-site Scripting Check Prevents Web 2.0 applications from cross-site scripting attacks
Start URLs Prevent against forceful scanning for services on a server.
Deny URLs Prevents attacks against various known security weaknesses that exist in different web servers
Cookie Consistency Protect sensitive data by preventing hackers from logging in under other user's credentials.
Buffer Overflow Prevents attacks against insecure operating system or web server software that can crash or behave unpredictably when it receives a data string that is larger than it can handle.
Service Obfuscation Protects against service scanning attacks by rewriteing end-point locations to obfuscate the true location of the service.
SOAP Message Validation Ensures only messages that are compliant with the SOAP and WSDL standards reach the server and offloads this validation process from the server.
XML Schema Validation Ensures only messages that are compliant with a given XML Schema reach the server and offloads this validation process from the server.
Web Services Interoperability Checks Performs a wide variety of checks on SOAP messages to ensure that they are compliant with Web Services Interoperability Organization (WS-I) recommendations.
Data Leak Prevention Prevents credit card and other sensitive business data from leaving the organization.
Service Proxy Provides transport level security for all XML and Web Services messages by acting as the SSL proxy.
Rate Limiting Prevents overwhelming the server by limiting the number of requests per second
PCI DSS Report Provides a detailed Payment Card Industry (PCI) Data Security Standard (DSS) report which lists all the relevant PCI DSS criteria
Alerts Via SNMP Alerts a designated person or server when a there is a security violation.
Violation Counters Displays counters for monitoring all violations.
Historic Charts Built-in and customizable charts for viewing historic traffic patterns and violations.
Express Configuration Protects XML applications right out of the box with very little configuration and maintenance
Secures All Flavors of XML Applications With the combination of XML, HTML, and HTTP security features, a single appliance can protect Plain-old-XML (POX), SOAP, REST, Web 2.0, .Net and all other flavors of XML applications.


Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (10) | Views (33765) |

28 Feb 2008 09:09 PM EST
Is that a Silverlight at the end of the Web Interface tunnel?
[ Tags:  architecture ,   silverlight ,   web interface ,   web services ,   nonspecific ]
posted by Andrew Innes

Like most techie geeks, our developers like to play with the latest technology and explore what's possible.  Sometimes they even get the chance to do it as part of their job...

Folks who have seen Thomas Koetzing's peek at the upcoming version of the XenApp Web Interface component will be aware that we've made some fairly major changes to the look and feel.  Certainly this is the most significant design uplift since WI (originally known as NFuse) was first released in 1999.  As you can imagine we're really excited by this, and we hope you'll not only like the new sleek look, but find the usability improvements we've made genuinely useful.  It's been in the works for a good long time (getting on for 2 years).

However that isn't what I wanted to highlight just yet (I'm hoping to get the people who were deeply involved in doing the usability work and defining and refining the design to talk about it).  Instead I'd like to show you something else we prototyped late last year, as part of some work to explore new user interface concepts and technologies.  If you follow developments in the web development world at all, you will have heard about Silverlight, the new cross platform browser-base rich internet application framework Microsoft is creating.  Derek Thorslund linked to the blog announcement this week from the Microsoft team busy working on Silverlight 2.0.

From our perspective, this is pretty neat stuff.  Citrix is already a very heavy user of Microsoft technologies, and our UI and Visual design teams have been eagerly following what Microsoft has been doing in building a strong design/code separation into WPF and now Silverlight.  For them, the ability to easily and safely update our product UIs without disrupting the code (oh I don't know, because someone wanted to change the look and names of a few products let's say...) - THAT would be the holy grail for them.

But WPF and Silverlight also offer a great chance to start being more expressive and trying out fresh approaches to UI tasks.  As it happens, WI is the most commonly used interface for people to get access to Citrix delivered apps, so it is a natural one to focus on.  So we let a couple of developers loose with some simple instructions: learn about Silverlight and come up with something that looks cool.  Well, they didn't give us cool: they gave us bling - lots of bling!  Have a look...



If you like that, have a look at this short video clip to get a better sense for what else it can do.  (You'll need the Techsmith codec.)  By the way, something cool that you can't tell from just looking is that it's powered by a new set of web service interfaces we're prototyping, designed to allow custom UIs to be built by all sorts of people (including us).  Actually, they aren't totally new; the first generation shipped inside the Web Interface integration for Microsoft Office SharePoint Server - give that a try if you're using SharePoint, it works with the Windows SharePoint Services component of Windows Server 2003 as well.

Interestingly, our techie guys, along with a lot of other early adopter developers, gave Microsoft some pretty detailed feedback on what was good and what was missing from the early alpha.  With the 1.1 alpha lots of standard UI controls were missing, leaving fairly low-level drawing primitives as the main tool to use, which ironically forced us to be more creative and come up with something that looks really new.  However it's great to see Microsoft is addressing the many gaps in a very major way!  (See Scott Guthrie's post for a lot more detail on what is now going to be the 2.0 version.)

Now, is this really a good user interface?  I don't know - it was a learning exercise, and a nice way to test whether our service interfaces are good ones.  But will we really ever do a Silverlight front-end to XenApp though?  Now that's a very good question....

Would you like us to?

Cheers,
AndrewI

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (6741) |

14 Feb 2008 02:17 PM EST
Collaboration and Networking
[ Tags:  microsoft ,   linkedin ,   networking ,   collaboration ,   gotomeeting ,   web services ,   nonspecific ]
posted by Michelle M Webb

I bet you think I'm going to talk about GoToMeeting or our old friend, Conferencing Manager. I could, but I won't. I'll leave that to others more experienced in that tech talk.

No, I'm talking about good old-fashioned people. People, people who need people,... OK, I digress (probably due to my need for lunch right now.). I think sometimes in our focus on getting our projects or software out the door, we forget how beneficial our networks can be. Yes, LinkedIn and other sites are great (Hey, I'm on LinkedIn myself), but face-to-face often wins out.

For example, I attended an industry conference in Q3 2006. When I transferred to Web Services in April 2007, I reached out to other attendees I had spoken to at that conference for help with one of my projects. Although the people I contacted hadn't heard from me in almost six months and didn't have the knowledge to help me, they took the time to ask their coworkers to help. Eventually I spoke to a peer I'd never met before who had a wealth of knowledge to share. She offered to present her team's approach to the issue and so I was able to share their perspectives and processes with my team (using GoToMeeting , of course). By the way, I have to say that team was from Microsoft , - so you won't catch me badmouthing them, even without our other "strategic partnerships".

Today I got the chance to do something similar. A past Citrite contacted me about a project she is working on. Since the technical details were outside my range of experience, I asked a member of the Web Services team if he could help. Lo and behold, we met today (again with GoToMeeting) - my coworker, myself, the past Citrite, and her manager. We greeted, we chatted, we outlined, we discussed, and when we were done, they thanked us very much for our help and offered to return the favor if needed. Now, our meeting today may not lead to earthshattering changes in technologies or wow anyone (although I have great hopes for their gift that's "in the mail"), but the time saved in a one-hour meeting vs. trying to figure it out on your own over weeks (or even months) can never be denied. And yes, I feel better. And I know my ex-Citrite friend feels a whole lot better.

So, in our world of technology, blogs and wikis nonwithstanding, we need to remember that networking and collaboration sometimes mean something different. And I hope all Citrites, past, present, and future are examples of that.

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (2) | Views (10753) |

07 Feb 2008 04:19 PM EST
What do you want from Citrix on the Web?
[ Tags:  improvements ,   documentation ,   feedback ,   web-services ,   web services ,   citrix web site ,   technical publications ,   knowledge center ,   nonspecific ]
posted by Michelle M Webb

So, if you're reading this blog, you've discovered the wonderful new blog site from Citrix. There's loads of posts about current and future products and projects, so I thought I'd try something a little different. As I note in my profile (sorry, no photo there, not ready to expose my mug just yet), I've been with Citrix since the heady days of 1999. I started in Tech Pubs as a tech writer assigned to the (in?)famous SDKs. Back then, that's where all newbie tech writers started at Citrix. My first "real" doc assignment was the SecureICA product - yes, I said "product", back then it wasn't part of MetaFrame - no, MetaFrameXP - no, MetaFrame Presentation Server - no, Presentation Server, right? After a few years on almost every product line, I joined the ranks of Pubs Management but then decided to transfer to the Web Services team and leverage my skills (I hope) with the team responsible (then) for the Knowledge Center, a.k.a. http://support.citrix.com.

Anyway, let's get back from my stunningly interesting trip down memory lane and on to the relevance of my blog title. We've done some pretty cool things to the Knowledge Center recently as noted in my director's post. So if you've got feedback about the Knowledge Center then use the Site Feedback link at the bottom of each page. Not to leave my old Tech Pubs buddies in the dust, (not that I ever would - you know that, right?), for feedback on your current product docs (like an Admin Guide, readme, or good old F1 help), please use the Product Documentation feedback form. You should also check out Andy McAleer's blog for the latest from the Tech Pubs team.

As for me, I'd like to know what else you would like to see Citrix do in our Web space. What have you seen or experienced at other corporate site that you think is cool or helpful to you? Yes, I know I should probably ask what would help you use our products better or help you install or troubleshoot, but honestly, I think the other sites I've pointed you to cover those areas pretty well. We've got forums, we've got blogs, we've got plans for more up-to-date browsable online docs (oops, was I supposed to say that? ), so what else would be helpful? Oh darn, I used that "helpful" word again, didn't I? But you know what I mean, the whole Web 2.0 stuff. At a recent conference I attended, it seemed like the latest buzzword for the ideal user's experience was now "delightful"; not usable, or navigable, but  "delightful" - Wow! So, what would delight you on our Citrix sites? I can't make any promises, and no-one should expect too much, but let's hear it and see what happens, shall we?

Expand Blog Post