WSO2 is an open source application development software company focused on providing service-oriented architecture solutions for professional developers. Coming quickly after an investment in Collax, an open source Linux server provider, Intel Capital has invested $4 million into WSO2, a global corporation with offices located in USA , UK and Sri Lanka . WSO2 was founded by Dr. Sanjiva Weerawarana in August, 2005.WSO2 is a key contributor to Apache web services projects including Apache Axis2, Apache Rampart, Apache Synapse, Apache Axiom and more. WSO2 projects are free and open source released under Apache License Version 2. It follows open development principles and the architecture and development discussions are carried out through WSO2's public mailing lists. WSO2's annual conferences, named "WSO2Con", are held in Europe, USA, and Asia, to discuss about SOA, Cloud Computing, IT strategies, and applications, apart from the series of free webinars on the related topics. Wikipedia.
News Article | May 13, 2015
A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially expose subsequent internal servers to further attacks. The open source server software helps developers manage identities and keep track of web apps, services and APIs. Researchers at SEC Consult, a vulnerability lab headquartered in Austria, discovered the critical bugs in version 5.0.0 of the software in February and disclosed them on Wednesday. A reflected cross-site scripting (XSS) vulnerability in the server could result in the takeover of a victim’s session, while a cross-site request forgery (CSRF) vulnerability, at least on one web page in the servers’ admin web interface, could grant the attacker the ability to add arbitrary users to the server. The XSS issue could be triggered if an attacker lured a victim who was logged into Identity Server to either click through a link or in the instance of the CSRF vulnerability, navigate to a page that contains a manipulated tag. A third issue, technically referred to as a XML external entity injection vulnerability, involves the server’s SAML authentication interface, and could be exploited to inject arbitrary external XML entities. “Since the XML entity resolver allows remote URLs, this vulnerability may allow to bypass firewall rules and conduct further attacks on internal hosts,” reads SEC’s vulnerability advisory. According to proof of concept code published by SEC, an attacker can send a request to a vulnerable Windows server and have it return the contents of the C: drive, allowing the attacker to read arbitrary local files. SEC points out that while its researchers only conducted a “very quick and narrow check” on the Identity Server platform, it’s possible there could be similar vulnerabilities in other products, in addition to more critical vulnerabilities in Identity Server itself. According to Prabath Siriwardena, WSO2’s Director of Security Architecture however, all of the issues SEC brought to its attention were fixed and all WSO2 customers were patched in advance of the public disclosure. Siriwardena insists that no WSO2 customers were affected by the vulnerabilities. The software development company deployed two patches, WSO2-CARBON-PATCH-4.2.0-1194, and WSO2-CARBON-PATCH-4.2.0-1095, for Identity Server in tandem with SEC Consult’s disclosure on Wednesday. As there’s no known workaround, both parties are encouraging users to apply the patches to bring the software fully up to date.
News Article | April 17, 2015
Bitcoin has captured the imagination as a new way to buy goods and services online. However, data is emerging as a compelling and potentially more powerful currency as consumers and companies alike seek to make sense of the mountains of data available across the Internet. WSO2 Solutions Architect Senaka Fernando will discuss how developers can capitalize on this opportunity at JAX Mainz 2015. The conference is being held April 20-24, 2015 at the Mainz Rheingoldhalle in Mainz, Germany. Senaka’s presentation, “Data: The New International Currency,” will run 9:45 a.m. – 11:00 a.m. on Tuesday, April 21, 2015 in Gold Room B at the Mainz Rheingoldhalle. In this session, he will examine how data is revolutionizing commerce as well as the economic value of data as an international currency. Senaka then will focus the majority of his discussion on explaining how Java developers can buy and sell the data they have in order to create new revenue streams. Senaka Fernando is a solutions architect at WSO2. In addition to his product development efforts, Senaka has provided technology consulting on customer engagements, helping to successfully implement governance, enterprise application integration, SAP integration, and on-premise portal solutions. He is an elected member of the Apache Software Foundation (ASF) and also a Project Management Committee (PMC) member and committer for a number of projects, which currently include Apache Web Services, Axis2, and several Apache incubator projects. Additionally, Senaka is a member of the OASIS S-RAMP, WEMI, and TOSCA technical committees. JAX Mainz comes together with W-JAX, Europe's leading conference series to discuss enterprise technologies, agile methods and software architectures. Together with the accompanying events Business Technology Days and BigDataCon, this large event will provide a steady flow of impulses for the IT industry and generate a unique exchange of knowledge, ideas and information between professionals of all sectors and levels. For more information, visit https://jax.de/2015. WSO2 uniquely delivers on the promise of the connected business. It offers the only completely integrated enterprise platform that enables businesses to build, integrate, manage, secure and analyze their APIs, applications, and Web services—on-premises, in the cloud, on mobile devices, and across the Internet of Things. Leading enterprise customers worldwide rely on WSO2’s award-winning 100% open source platform and its robust performance and governance for their mission-critical applications. Today, these businesses represent nearly every sector: health, financial, retail, logistics, manufacturing, travel, technology, telecom and more. Visit http://wso2.com to learn more, or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn, and Facebook. Trademarks and registered trademarks are the properties of their respective owners.
News Article | June 22, 2015
At the 9TH ACM International Conference on Distributed Event-Based Systems (DEBS) 2015, WSO2 Vice President of Research Dr. Srinath Perera and WSO2 Technical Lead Sriskandarajah Suhothayan will jointly present: WSO2 is a Gold Sponsor of DEBS 2015, which will run June 29 – July 3, 2015 at the Campus for Information Technology at the University of Oslo in Oslo, Norway. The tutorial, “Patterns for Real-time Streaming Analytics,” will run 9:00 a.m. – 12:20 p.m. on Monday, June 29, 2015 in Room 2452 (Pascal). Srinath and Sriskandarajah will begin by demonstrating how to implement different streaming analytics patterns. They then will discuss counting use cases and progress into complex patterns, such as using time windows, tracking objects, and detecting trends. Srinath and Sriskandarajah will support the discussion with examples of Apache Storm and complex event processing (CEP) based technologies. Srinath and Sriskandarajah will present the paper, “Continuous Analytics on Geospatial Data Streams with WSO2 Complex Event Processor,” at 1:40 – 3:40 p.m. on Tuesday, June 30, 2015 in the Simula Auditorium. The session is part of the DEBS Grand Challenge category, which showcases real-life, data-based event processing problems and solutions. Together, Srinath and Sriskandarajah will review how the WSO2 Complex Event Processor (WSO2 CEP) engine was used to collect 173 million events from a New York taxi trip data set. They will first discuss how the WSO2 CEP engine identified the most meaningful events within the event cloud and analyzed their impact. Additionally, they will review how it acted in real-time—processing approximately 350,000 events per second with a mean latency of less than one millisecond for both queries. They then will present the results of the solution and discuss how it was optimized for maximum performance. Dr. Srinath Perera, WSO2 vice president of research, oversees the overall WSO2 platform architecture, where he specializes in Web services and distributed systems, specifically working with aspects of data, scale and performance. He is a co-founder of Apache Axis2, a member of the Apache Software Foundation (ASF) and the Apache Web Service Project Management Committee (PMC). In addition to numerous research papers, Srinath has published many peer-reviewed technical articles in Jax Magazine, IBM developerWorks, Developer.com, and O'REILLY OnJava. Sriskandarajah Suhothayan is a technical lead at WSO2 and focuses on WSO2 Complex Event Processor. In addition to his product development efforts he has provided technology consulting on customer engagements, including customer QuickStart programs mainly focusing on SAP integration. He is a committer of the Apache software foundation where he has contributed to Apache PhotArk project and has also successfully finished two Google Summer of Code programs in 2010 and 2011 on Apache PhotArk and OpenMRS projects. The WSO2 booth at DEBS 2015 will have experts available to discuss the synergistic, integrated approach of WSO2’s 100% open source platforms in addressing the technology demands of competing in a connected world, including the cloud, API management, the management and security of mobile and Internet of Things devices, big data analytics, and DevOps. Among the WSO2 solutions are products from the comprehensive WSO2 Carbon enterprise middleware platform, including support for real-time and batch analytics; WSO2 Private PaaS; WSO2 Cloud; and the WSO2 App Factory cloud-enabled DevOps platform. Significantly, all WSO2 solutions are built on the same fully componentized, OSGI-compliant code base. As a result, developers can easily deploy and customize any of these WSO2 products and the 175-plus components on which they are comprised, providing greater flexibility and agility to meet changing enterprise demands. In addition to WSO2 cloud platforms, all WSO2 Carbon enterprise middleware products also are fully multitenant and cloud-ready. This means IT professionals can write an application once and deploy it on the same middleware on-premises, in the cloud, or in a hybrid environment. The ACM International Conference on Distributed Event-Based Systems (DEBS) aims to provide a forum dedicated to the dissemination of original research, discussion of practical insights, and reporting of experiences relevant to event-based computing. The conference also provides a forum for academia and industry to exchange ideas, for example, through industry papers and demo papers. For more information, visit http://www.debs2015.org. WSO2 uniquely delivers on the promise of the connected business. It offers the only completely integrated enterprise platform that enables businesses to build, integrate, manage, secure and analyze their APIs, applications, and Web services—on-premises, in the cloud, on mobile devices, and across the Internet of Things. Leading enterprise customers worldwide rely on WSO2’s award-winning 100% open source platform and its robust performance and governance for their mission-critical applications. Today, these businesses represent nearly every sector: health, financial, retail, logistics, manufacturing, travel, technology, telecom and more. Visit http://wso2.com to learn more, or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn, and Facebook. Trademarks and registered trademarks are the properties of their respective owners.
News Article | January 14, 2015
With an eye toward making blockchain technology easy to integrate into any application, BlockCypher has raised $3.1 million in its first round of financing. The financing comes amid a steep slide in Bitcoin pricing over the past year, which has stymied some of the enthusiasm in the market. Bitcoin’s collapse will have little impact on BlockCypher, since, according to co-founder Catheryne Nicholson, the company’s technology works for any cryptocurrency. “We basically do web services for blockchains,” says Nicholson. “Were software infrastructure and we enable developers to easily build, monitor, and secure blockchain applications. Using BlockCypher developers don’t have to start from ground zero says Nicholson. The genesis for the San Mateo, Calif.-based company came from work that Nicholson and her co-founder Matthieu Riou, “We installed one of the first wallets… and we kept thinking someone is going to do something. The usability was just horrible and then came the realization that we should do something about it,” says Nicholson. “That’s how we got into the infrastructure side.” Using the technology, developers can build a cryptocurrency wallet in less than a day. “We offer a multi-sig API, and a payment API… Developers don’t have to rebuild all of that from scratch. they can just build the application layer.” In its first applications the company focused on a way to reduce the transaction time for processing a bitcoin with a predictive tool to determine whether the blockchain would approve a transaction. “There are lots of innovative ways that the future of monetization is going to hold for us when you can do micropayments of actual data throughput,” says Nicholson. “We have the whole swath of applications which we enable.” Companies like Coinalytics, which is building analytics and insight into what’s happening on the bitcoin blockchain, or the Singaporean exchange CoinHako (one of the fastest in transaction processors in Asia) — or Palarin, a remittance company from the Philippines. “We truly truly believe that payments and finance, this is just the tip of the iceberg,” says Nicholson. “Developers that are using us are building registries for records like healthcare records… where they’re putting a placement of a hash on the blockchain. We see a startup that’s building distributed hosting so you can fire up a server in the middle of Argentina… We are seeing legal documents that are being put on the block chain that are being developed out of Sri Lanka.” Nicholson’s obvious excitement is catching. Her company has attracted three generations of venture capital dollars through investments from the entire Draper family. Other investors in the round include Foundation Capital, New Enterprise Associates, Jerry Yang (through AME Cloud Ventures), Upside Partnership, Streamlined Ventures and Fenox Venture. Jesse Draper (better known as Valley Girl — and Tim Draper’s daughter) and Shawn Byers (also known as Mrs. Brook Byers), are both investing in the round as well. “Investing in women entrepreneurs is the best way to increase the number of women in technology. When girls have women founders as role models, they become founders themselves,” said Jesse Draper, CEO, Valley Girl Ventures. “What BlockCypher is doing with block chain technology will change the world: women must be involved.” Indeed, block chain technology is at the vanguard for what cryptocurrencies can eventually achieve, according to investors like Charles Moldow, a general partner at Foundation Capital. “We think one of the most promising areas in Bitcoin is in the block chain technology layer: it’s where the greatest innovation is happening and it’s at the core of BlockCypher’s expertise,” said Moldow in a statement. Additional BlockCypher investors include Ben Narasin and TriplePoint Capital, Ken Goldman (CFO Yahoo), Sanjiva Weerawarana (CEO WSO2), VoyLét Capital, Granite Ventures, Boost VC, 500 Startups, Crypto Currency Partners, Michael Liou, and hip hop artist, Nas (I guess he’s looking for more than dead presidents to represent him these days).
News Article | October 22, 2015
MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--WSO2 today announced that WSO2 partner AlmavivA Group has implemented a master data management (MDM) system for the Italian Ministry of Economy and Finances (MEF), using the WSO2 Carbon middleware platform. The custom MDM system, Anagrafica Unica (Central Registry), handles self-service applications containing the salaries and personal information of employees with the Italian public sector and MEF operators. Some 1.6 million users across Italy now use Anagrafica Unica for secure access to accurate information. The implementation is discussed in a new case study from WSO2, which can be downloaded at http://wso2.com/casestudies/almaviv-a-and-wso2-help-italian-ministry-of-economy-and-finances-to-manage-central-data-repository-for-1-6-million-employees. For years, MEF maintained an internal architecture consisting of heterogeneous services. However, each application worked independently of one another and stored data separately, creating issues around system coordination, data management and consistency. Realizing the need of MEF to centralize its master data, AlmavivA Group, Italy's top information and communication technology (ICT) provider, has designed an innovative solution, centered on WSO2 platform. The case study examines how AlmavivA has implemented an agile MDM system architecture that takes advantage of best practices outlined in the WSO2 technology article, "A Lean Approach to MDM using WSO2 Middleware Platform." The architecture includes a frontend portal that provides a user interface, a backend repository layer using an Oracle database, and integration services delivered through six WSO2 middleware products. “The componentized WSO2 platform means that all the products are designed to work together seamlessly. This has helped to speed our implementation process and will allow us to easily add new WSO2 products in the future as needed,” said Nunzio Calì, deputy general manager, operations – Infrastructure and Application Services Division, AlmavivA Group. “We are thrilled by the impact that Anagrafica Unica has made so far in helping to streamline the processes of data management and by the effectiveness of WSO2’s middleware in supporting these operations. We now look forward to working with WSO2 to develop the next steps for this system.” “The Italian Ministry of Economy and Finances plays a central role in the operations of the Italian government, making it critical to deliver timely data consistently and securely,” said Dr. Sanjiva Weerawarana, WSO2 founder, CEO and chief architect. “We are thrilled by the agility AlmavivA has achieved in implementing a state-of-the-art master data management system based on our highly flexible, scalable and robust middleware platform that supports more than 2 million public sector employees across Italy.” AlmavivA Group is Italy's number one information and communication technology (ICT) provider, with a longstanding experience and in-depth knowledge and understanding of the public and private sector markets it specializes in. Operating as a global organization, AlmavivA Group has 38 offices in Italy and 19 abroad and employs 40.000 people. It has a significant presence in Brazil, and is also operational in the United States, China, Colombia, Tunisia, South Africa and Brussels, the nerve center of the EU. The Group offering includes ICT services and solutions based on cloud computing, the outsourcing of customer relationship management (CRM) services, using cutting-edge technologies capable of ensuring excellence in CRM 3.0, and big data and advanced analytics solutions for the management and enhancement of information. To learn more, visit http://www.almaviva.it/EN/Pagine/default.aspx. WSO2 uniquely delivers on the promise of the connected business. It offers the only completely integrated enterprise platform that enables businesses to build, integrate, manage, secure and analyze their APIs, applications, and Web services—on-premises, in the cloud, on mobile devices, and across the Internet of Things. Leading enterprise customers worldwide rely on WSO2’s award-winning 100% open source platform and its robust performance and governance for their mission-critical applications. Today, these businesses represent nearly every sector: health, financial, retail, logistics, manufacturing, travel, technology, telecom and more. Visit http://wso2.com to learn more, or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn, and Facebook. Trademarks and registered trademarks are the properties of their respective owners.