One of the long awaited new features in NetScaler 9.0 is XML security.  In 2007, Citrix acquired QuickTree, a small privately-held software technology provider on the forefront of addressing the key security and performance challenges of XML, web services and Web 2.0.  With Netscaler 9.0 the XML security capabilities acquired from QuickTree are fully integrated into the Netscaler web application delivery appliance.

Some the XML Security Features available in the new NetScaler release:



Format Checks Prevents malformed or not well-formed messages from reaching the server.
Denial of Service Prevention Thwart attacks (like large elements, deeply nested messages, etc.) that attempt to exhaust server resources or exploit weakness in the xml parsers and applications on the server.
Recursive Expansion Attack Prevention Protects against messages containing recursive entity expansion attacks in their document type definition (DTD).
External Entity Attack Prevention Prevents server from processing data from untrusted sources.
XML Attachment Security Protects against attachments that contain malicious executables and viruses from reaching the server
SQL Injection Check Protects back-end SQL-based database servers and prevents from hackers obtaining information that they were not entitled to obtain
Cross-site Scripting Check Prevents Web 2.0 applications from cross-site scripting attacks
Start URLs Prevent against forceful scanning for services on a server.
Deny URLs Prevents attacks against various known security weaknesses that exist in different web servers
Cookie Consistency Protect sensitive data by preventing hackers from logging in under other user’s credentials.
Buffer Overflow Prevents attacks against insecure operating system or web server software that can crash or behave unpredictably when it receives a data string that is larger than it can handle.
Service Obfuscation Protects against service scanning attacks by rewriteing end-point locations to obfuscate the true location of the service.
SOAP Message Validation Ensures only messages that are compliant with the SOAP and WSDL standards reach the server and offloads this validation process from the server.
XML Schema Validation Ensures only messages that are compliant with a given XML Schema reach the server and offloads this validation process from the server.
Web Services Interoperability Checks Performs a wide variety of checks on SOAP messages to ensure that they are compliant with Web Services Interoperability Organization (WS-I) recommendations.
Data Leak Prevention Prevents credit card and other sensitive business data from leaving the organization.
Service Proxy Provides transport level security for all XML and Web Services messages by acting as the SSL proxy.
Rate Limiting Prevents overwhelming the server by limiting the number of requests per second
PCI DSS Report Provides a detailed Payment Card Industry (PCI) Data Security Standard (DSS) report which lists all the relevant PCI DSS criteria
Alerts Via SNMP Alerts a designated person or server when a there is a security violation.
Violation Counters Displays counters for monitoring all violations.
Historic Charts Built-in and customizable charts for viewing historic traffic patterns and violations.
Express Configuration Protects XML applications right out of the box with very little configuration and maintenance
Secures All Flavors of XML Applications With the combination of XML, HTML, and HTTP security features, a single appliance can protect Plain-old-XML (POX), SOAP, REST, Web 2.0, .Net and all other flavors of XML applications.