This paper details the need for more focused middleware security auditing and testing that goes beyond traditional perimeter testing methodologies. It provides an overview of the historical result of implementing middleware products such as WebSphere MQ (WMQ) in an "out-of-the-box" manner without security measures, and without knowledge of today's more stringent regulatory environment which has lead to the increased risk of failed audits on a variety of recently enacted regulatory measures. These measures, which were all passed well after the initial growth of messaging middleware, include the Healthcare Insurance Portability & Accountability Act (HIPAA) enacted in 1996, the Sarbanes Oxley Act (SOX), passed in 2002, and the Payment Card Industry Data Security Standard (PCI DDS) enacted in 2006.
oops! It appears you have an ad blocker enabled. To register, please disable your ad blocker.