Remember when we thought HTML was 'harmless text'? And then scripting got added, and the "surprises" that came with that as hackers thought up ingenious ways to hack and compromise Web sites? Well, now systems built using newer technologies such as SOA, Web Services, SOAP, and XML are the new frontier for hackers and there are whole new classes of threats built around these "harmless" and 'firewall-friendly' technologies. Newer technologies such as SOA, ESB, and even Web Services often present fertile ground for hackers, as hardening techniques and staff expertise have not yet been established and new products/technologies will have bugs that can be exploited. This session will show several classes and many types of XML attacks, how they can be used to affect service availability in software-based web services hosts, and how DataPower can be used to prevent such attacks.
Bill Hines is a Consulting I/T Specialist with IBM's Software Services for WebSphere organization in the Software Division, working as a mobile consultant out of Hershey, PA (Chocolatetown, USA). He has several years of DataPower experience in both customer engagements and developing and delivering internal DataPower training to IBM's consulting, engineering, support, QA, and technical sales teams. He also has WebSphere Application Server experience dating back to 1998 and across all versions from 2.x to 6.x in areas of specialty including installation, configuration, tuning, dynacache, security, troubleshooting, and design/architecture of enterprise J2EE applications using WebSphere family development tools. He is a co-author of the highly acclaimed IBM Press books IBM WebSphere DataPower SOA Appliance Handbook and IBM WebSphere: Deployment and Advanced Configuration,as well as several articles published in WebSphere Technical Journal and developerWorks(rm), and his background includes more than twenty years of information technology experience in many platforms and languages.
