Web application security vendor Teros unveiled new functionality for its network security gateway last week, enabling customers to extend the functionality of the Teros Secure Application Gateway to Web services and the Internet.
The new capabilities, dubbed the Teros Secure Application Gateway for XML and HTML Infrastructures, were available by download to channel partners and customers at no additional cost.
According to Bob Walters, president and CEO of Santa Clara, Calif.-based Teros, the new functionality combines advanced application learning, identity theft protection, and application layer attack defenses for a secure approach to Web services.
"By adding Web services security to our gateways, Teros is delivering the single most requested capability by our customers and resellers," Walters said. "Both of these groups have told us they want a single security infrastructure that can secure both their Web applications and Web services."
As Walters explained, the new functionalities include an adaptive learning engine that learns the XML messages and data types received by applications with Web Services Description Language (WSDL) interfaces. The Teros Gateway then recommends constraints on application inputs to prevent attackers from inserting unexpected or malicious data.
For Web services applications that handle sensitive data such as credit card numbers, the Gateway detects the presence of protected data types in application responses, and masks the information before it is ever disclosed.
Teros calls its XML scanning technology "Deep Stream Inspection." Walters said the company will add to this technology support for emerging standards including Web services security, SAML, XML encryption and XML signatures by June 30.
