SOA Security Training Course by LearnQuest
SOA Security Training Course by LearnQuest
SOA Security Training
WSOA-345
Request more information
Course Description:
This course is designed to lay a solid groundwork for Analysts, Architects, and Developers that are working in Service-Oriented Architectures (SOA) and the infrastructures supporting them. Throughout the course, students learn the best practices for designing, implementing, and deploying services within a secure infrastructure.
Course Objectives:
Upon completion of the course, students will be able to:
- Summarize the concepts and terminology behind supporting, designing, and deploying secure services.
- Recognize the magnitude of the problems associated with service security and the potential risks associated with those problems
- Define the currently accepted best practices for supporting the many security needs of services
Prerequisites:
- Basic understanding of SOA and the associated technologies
- Minimum of two years working knowledge in the IT industry
- Basic understanding of software development and web-based applications
- Actual development working knowledge is helpful but not required
Audience:
- Analysts
- Architects
- Developers
Course Duration:
2 Days
Course Topics:
I. Foundation
- Terminology and players
- Assets, threats and attacks
- OWASP
- Basic principles
II. Top Ten Security Vulnerabilities
- #1 Unvalidated input
- #2 Broken access control
- #3 Broken authentication and session management
- #4 Cross Site Scripting (XSS) flaws
- #5 Buffer overflows
- #6 Injection flaws
- #7 Improper error handling, auditing and logging
- #8 Insecure storage
- #9 Insecure management of configuration
- #10 Dynamic loading
III. SOA Security Overview
- Challenges
- Identity and propagation
- Real-time transactions
- Diverse environments
- Information protection
- Standards compliance
- Services and security
- SOA components
- Service lifecycle
- Security policies
- Security services
- Identity
- Authentication
- Authorization
- Confidentiality/integrity
- Auditing
- Non-repudiation
IV. Applying Security to Services
- Direct service exposure
- Indirect service exposure
- Enterprise Service Bus (ESB)
- Mediating security services
- Transport-level security
- Message-level security
- Policy enforcement
- Policy management
- Protecting the ESB
- Composed Services
- Single-sign on
- Trust relationships
- Trust relationships and web services
V. WS-Security
- Defending XML processing and web services
- WS-security
- WS-security stack
- J2EE and WS-security
- Best practices
- XML digital signature
- Architecture
- Working with XML digital signature
- Integrating XML digital signature into web services
- Best practices
VI. Best Practices and Design Patterns
- Defensive coding principles
- Attack surface management
- Application states
- Defense in depth
- Not trusting the untrusted
- No Security through obscurity
- Security defect mitigation
- Leverage experience
- J2EE web application security design patterns
- Authentication enforcer
- Authorization enforcer
- Intercepting validator
- Secure base action
- Secure logger
- Secure pipe
- Secure service proxy
- Intercepting web agent
VII. Secure Design and Analysis
- Design and analysis processes
- Motivation
- Security Development Lifecycle (SDL)
- CLASP applied
- Application of design and analysis processes
- Threat risk modeling
- Testing and review best practices
For more information:WSOA-345
I. Foundation
- Terminology and players
- Assets, threats and attacks
- OWASP
- Basic principles
II. Top Ten Security Vulnerabilities
- #1 Unvalidated input
- #2 Broken access control
- #3 Broken authentication and session management
- #4 Cross Site Scripting (XSS) flaws
- #5 Buffer overflows
- #6 Injection flaws
- #7 Improper error handling, auditing and logging
- #8 Insecure storage
- #9 Insecure management of configuration
- #10 Dynamic loading
III. SOA Security Overview
- Challenges
- Identity and propagation
- Real-time transactions
- Diverse environments
- Information protection
- Standards compliance
- Services and security
- SOA components
- Service lifecycle
- Security policies
- Security services
- Identity
- Authentication
- Authorization
- Confidentiality/integrity
- Auditing
- Non-repudiation
IV. Applying Security to Services
- Direct service exposure
- Indirect service exposure
- Enterprise Service Bus (ESB)
- Mediating security services
- Transport-level security
- Message-level security
- Policy enforcement
- Policy management
- Protecting the ESB
- Composed Services
- Single-sign on
- Trust relationships
- Trust relationships and web services
V. WS-Security
- Defending XML processing and web services
- WS-security
- WS-security stack
- J2EE and WS-security
- Best practices
- XML digital signature
- Architecture
- Working with XML digital signature
- Integrating XML digital signature into web services
- Best practices
VI. Best Practices and Design Patterns
- Defensive coding principles
- Attack surface management
- Application states
- Defense in depth
- Not trusting the untrusted
- No Security through obscurity
- Security defect mitigation
- Leverage experience
- J2EE web application security design patterns
- Authentication enforcer
- Authorization enforcer
- Intercepting validator
- Secure base action
- Secure logger
- Secure pipe
- Secure service proxy
- Intercepting web agent
VII. Secure Design and Analysis
- Design and analysis processes
- Motivation
- Security Development Lifecycle (SDL)
- CLASP applied
- Application of design and analysis processes
- Threat risk modeling
- Testing and review best practices
http://www.learnquest.com/
________________________________________________________________________________
_________________________________________________________________________________________
Back to Main Page
Gary E. Smith
SOA Security Training
THE SOA NETWORK
SOA Governance Network SOA Networking SOA Security Network SOA Test Network
Comments