The following are some examples of useful Web Services security tools that are publicly available. These are not exhaustive, but they are fairly handy for understanding the new technology, evaluation, and Proof of Concept.
Titan (Security Hardening Tool). Titan is a fairly comprehensive platform-security assessment and hardening tool. You can download it from http://www.fish.com/titan/. To install it, uncompress the tar files, and run the installation script. The script "Titan" will scan the target host, and the script "TitanReport" will render the scanning analysis and recommendation.
VeriSign's Trust Services Integration Kit (XKMS). You can download TSIK version 1.1 from http://www.xmltrustcenter.org/developer/verisign/tsik/download.htm. There is a concise installation document. You need to add a few jar files (tsik.jar, xml_pilot_key.jar, xml_prod_key.jar, and xerces. jar) into the CLASSPATH in order to execute the sample programs or any home-grown programs.
IBM's XML Security Suite (XML-ENC, XML-DSIG, XACML). You can download the XML Security Suite (XSS4J) from http://alphaworks.ibm.com/tech/xmlsecuritysuite. You'll need to add some new jar files (xercesImpl.jar and xmlParserAPIs.jar from Xerces2 and xalan.jar and xml-apis.jar from Xalan2) to the CLASSPATH. The user interface for managing access rights control can be invoked by java com.ibm.xml.policy. tool.VisualTool.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment