Clear text messages used in transferring applications via Web services can potentially slip through existing security hardware allowing malformed code to run rampant within organizations.
Typically malicious code such as Trojans and worms are detected at the gateway; however, current XML and SOAP attachments (Simple Object Access Protocol) can potentially allow threats to enter the network, as well as information leakage.
Dean Dierickx, Asia-Pacific director of Forum Systems, said existing firewalls are blind to XML- and SOAP-based messages.
"Adding to the problem is security controls built into Web services applications, which offer a compromise in performance and as a result are systematically being turned off," Dierickx said.
