This resource is no longer available
XML Threat Model for REST, SOA and Web 2.0
This technical document intended for Architects and Developers describes a comprehensive threat model for a new breed of threats based on XML content, including XML languages used in the Service Oriented Architecture (SOA) paradigm such as SOAP and the Web Services Description Language [WSDL].
This white paper also defines the concept of XML Intrusion Prevention (XIP) as an analog to traditional network-based intrusion prevention. A new type of threat called an XML Content Attack is described, and examples are provided for each layer in the threat model. This document is intended to help individuals and organizations discover and mitigate the rising number of threats in the Web 2.0 environment using a Service Gateway.