Page Comparison - XML Security Features in Netscaler 9.0 (v.6 vs v.7) » ocb

Back to Citrix.com

View Communities
- Citrix Developer Network
  The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
- Citrix Ready Community Verified
  Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
- Blogs
  Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
- Blogosphere
  The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
Sign In

Citrix Communities

The Citrix Blog

Knowledge Center Communities Support Forums Blogs

Personal Blog

Sridhar Guthula

Blogs

Profile

Related Tags

xenapp

nonspecific

The Citrix Blogs> XML Security Features in Netscaler 9.0

Version 6 by Sridhar Guthula
on Nov 17, 2008 22:55.

<< Changes from 5 to 6

compared with

Current by Sridhar Guthula
on Aug 10, 2009 18:47.

Key

These lines were removed. This word was removed.

These lines were added. This word was added.

View page history

There are 3 changes. View first change.

		h1.

		One of the long awaited new features in NetScaler 9.0 is [XML\|http://community.citrix.com/pages/viewpage.action?pageId=50364476\|What is XML?] security.  In 2007, Citrix acquired QuickTree, a small privately-held software technology provider on the forefront of addressing the key security and performance challenges of XML, web services and Web 2.0.  With Netscaler 9.0 the XML security capabilities acquired from QuickTree are fully integrated into the Netscaler web application delivery appliance.

		Some the [XML\|http://community.citrix.com/pages/viewpage.action?pageId=50364476\|What is XML?] Security Features available in the new NetScaler release:
		\\
		\| h1. Feature \| h1. Benefits \|
		\| Format Checks \| Prevents malformed or not well-formed messages from reaching the server. \|
		\| Denial of Service Prevention \| Thwart attacks (like large elements, deeply nested messages, etc.) that attempt to exhaust server resources or exploit weakness in the xml parsers and applications on the server. \|
		\| Recursive Expansion Attack Prevention \| Protects against messages containing recursive entity expansion attacks in their document type definition (DTD). \|
		\| External Entity Attack Prevention \| Prevents server from processing data from untrusted sources. \|
		\| XML Attachment Security \| Protects against attachments that contain malicious executables and viruses from reaching the server \|
		\| SQL Injection Check \| Protects back-end SQL-based database servers and prevents from hackers obtaining information that they were not entitled to obtain \|
		\| Cross-site Scripting Check \| Prevents Web 2.0 applications from cross-site scripting attacks \|
		\| Start URLs \| Prevent against forceful scanning for services on a server. \|
		\| Deny URLs \| Prevents attacks against various known security weaknesses that exist in different web server \|
		\| Deny URLs \| Prevents attacks against various known security weaknesses that exist in different web servers \|
		\| Cookie Consistency \| Protect sensitive data by preventing hackers from logging in under other user's credentials. \|
		\| Buffer Overflow \| Prevents attacks against insecure operating system or web server software that can crash or behave unpredictably when it receives a data string that is larger than it can handle. \|
		\| Service Obfuscation \| Protects against service scanning attacks by rewrites end-point locations to obfuscate the true location of the service. \|
		\| Service Obfuscation \| Protects against service scanning attacks by rewriteing end-point locations to obfuscate the true location of the service. \|
		\| SOAP Message Validation \| Ensures only messages that are compliant with the SOAP and WSDL standards reach the server and offloads this validation process from the server. \|
		\| XML Schema Validation \| Ensures only messages that are compliant with a given XML Schema reach the server and offloads this validation process from the server. \|
		\| Web Services Interoperability Checks \| Performs a wide variety of checks on SOAP messages to ensure that they are compliant with Web Services Interoperability Organization (WS-I) recommendations. \|
		\| Data Leak Prevention \| Prevents credit card and other sensitive business data from leaving the organization. \|
		\| Service Proxy \| Provides transport level security for all XML and Web Services messages by acting as the SSL proxy. \|
		\| Rate Limiting \| Prevents overwhelming the server by limiting the number of requests per second \|
		\| PCI DSS Report \| Provides a detailed Payment Card Industry (PCI) Data Security Standard (DSS) report which lists all the relevant PCI DSS criteria \|
		\| Alerts Via SNMP \| Alerts a designated person or server when a there is a security violation. \|
		\| Violation Counters \| Displays counters for monitoring all violations. \|
		\| Historic Charts \| Built-in and customizable charts for viewing historic traffic patterns and violations. \|
		\| Express Configuration \| Protects XML applications right out of the box with very little configuration and maintenance \|
		\| Secures All Flavors of XML Applications \| With the combination of XML, HTML, and HTTP security features, single appliance can protect Plain-old-XML (POX), SOAP, REST, Web 2.0, .Net and all other flavors of XML applications. \|
		\| Secures All Flavors of XML Applications \| With the combination of XML, HTML, and HTTP security features, a single appliance can protect Plain-old-XML (POX), SOAP, REST, Web 2.0, .Net and all other flavors of XML applications. \|
		\\