SOA Security Training | SOA TRAINING NETWORK | THE SOA NETWORK

SOA Security Training Course by LearnQuest

Gary E Smith — Thu, 31 Jul 2008 22:06:44 GMT

SOA Security Training Course by LearnQuest

SOA Security Training
WSOA-345

Course Description:

This course is designed to lay a solid groundwork for Analysts, Architects, and Developers that are working in Service-Oriented Architectures (SOA) and the infrastructures supporting them. Throughout the course, students learn the best practices for designing, implementing, and deploying services within a secure infrastructure.

Course Objectives:

Upon completion of the course, students will be able to:

Summarize the concepts and terminology behind supporting, designing, and deploying secure services.
Recognize the magnitude of the problems associated with service security and the potential risks associated with those problems
Define the currently accepted best practices for supporting the many security needs of services

Prerequisites:

Basic understanding of SOA and the associated technologies
Minimum of two years working knowledge in the IT industry
Basic understanding of software development and web-based applications
Actual development working knowledge is helpful but not required

Audience:

Analysts
Architects
Developers

Course Duration:

2 Days

Course Topics:

I. Foundation

Terminology and players

Assets, threats and attacks
OWASP
Basic principles

II. Top Ten Security Vulnerabilities

#1 Unvalidated input
#2 Broken access control
#3 Broken authentication and session management
#4 Cross Site Scripting (XSS) flaws
#5 Buffer overflows
#6 Injection flaws
#7 Improper error handling, auditing and logging
#8 Insecure storage
#9 Insecure management of configuration
#10 Dynamic loading

III. SOA Security Overview

Challenges

Identity and propagation
Real-time transactions
Diverse environments
Information protection
Standards compliance

Services and security

SOA components
Service lifecycle
Security policies

Security services

Identity
Authentication
Authorization
Confidentiality/integrity
Auditing
Non-repudiation

IV. Applying Security to Services

Direct service exposure
Indirect service exposure
Enterprise Service Bus (ESB)

Mediating security services
Transport-level security
Message-level security
Policy enforcement
Policy management
Protecting the ESB

Composed Services

Single-sign on
Trust relationships
Trust relationships and web services

V. WS-Security

Defending XML processing and web services
WS-security

WS-security stack
J2EE and WS-security
Best practices

XML digital signature

Architecture
Working with XML digital signature
Integrating XML digital signature into web services
Best practices

VI. Best Practices and Design Patterns

Defensive coding principles

Attack surface management
Application states
Defense in depth
Not trusting the untrusted
No Security through obscurity
Security defect mitigation
Leverage experience

J2EE web application security design patterns

Authentication enforcer
Authorization enforcer
Intercepting validator
Secure base action
Secure logger
Secure pipe
Secure service proxy
Intercepting web agent

VII. Secure Design and Analysis

Design and analysis processes

Motivation
Security Development Lifecycle (SDL)
CLASP applied

Application of design and analysis processes

Threat risk modeling
Testing and review best practices

Request more information

For more information:

http://www.learnquest.com/

________________________________________________________________________________

_________________________________________________________________________________________

Back to Main Page

Gary E. Smith
SOA Security Training

THE SOA NETWORK

SOA Governance Network SOA Networking SOA Security Network SOA Test Network

Web Services/SOA Security Training Event - Coming Fall 2008

Gary E Smith — Sat, 12 Apr 2008 09:04:26 GMT

Web Services/SOA Security Training Event - Coming Fall 2008

Fall, 2008 (New York City)

Seeking to integrate existing systems in order to implement IT support for present and future business processes?

If your company or client is looking to employ new services or upgrade existing services to address new business requirements, a SOA (Services Oriented Architecture) can better support the integration of disparate applications and the sharing of data. Yet, building a SOA solution requires different security measures that address the new risks introduced by web services integration. For instance, traditional security protocols, such as SSL, do not provide sufficient security for SOA/Web Services.

Course objective

This two-day course will prepare students to identify, define, diagnose, and implement a comprehensive security strategy. Attendees will be exposed to a broad range of SOA security subjects, providing a solid foundational understanding of sound approaches to designing and implementing SOA security. This includes an understanding of:

The real risks in SOA, Web Services, and XML
SOA standards and how to use them
How to architect security services in Web Services and SOA
How an attacker looks at Web Services
Best practices

Target audience

Developers, architects, security engineers, CIOs, CISOs
IT professionals of all levels whose organization is looking to implement a SOA or whose clients may be interested in securing their web services based applications

Prerequisites

Basic understanding of SOA/Web Services

Topics covered

Topics covered include understanding how web application risks (such as those in OWASP Guide and OWASP Top Ten) apply in a Web Services world, and Web Services security topics such as:

Web Services attack patterns
Common XML attack patterns
Data and XML security using WS-Security, SAML, XML Encryption and XML Digital Signature
Identity services and federation with SAML and Liberty
Hardening Web Services servers
Input validation for Web Services
Integrating Web Services securely with backend resources and applications using WS-Trust
Secure Exception handling in Web Services
Understand the impact of Web 2.0 technologies like Ajax, and REST on distributed systems security

View complete course syllabus

Printed guides, Power Point slides, and a certificate of completion (for petition of academic credit) will be made available for participants

About the instructor

Gunnar Peterson (blog) is a Managing Principal at Arctec Group. He focuses on distributed systems security for large, mission-critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start-ups. Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, an Associate Editor for Information Security Bulletin, a contributor to the SEI and DHS Build Security In portal on software security, and an in-demand speaker at security conferences.

For more information:

http://techsmartgroup.com/webservices_security_training.html

To Register Now:

http://techsmartgroup.com/services_reg_form.htm

_________________________________________________________________________________________

_________________________________________________________________________________________

Back to Main Page

Gary E. Smith
SOA Security Training

THE SOA NETWORK

SOA Governance Network SOA Networking SOA Security Network SOA Test Network

SOA SECURITY TRAINING: Web Services/SOA Security Training Event

Gary E Smith — Sun, 16 Mar 2008 21:08:24 GMT

Web Services/SOA Security Training Event

March 10-11, 2008 (New York City)

Seeking to integrate existing systems in order to implement IT support for present and future business processes?

Course objective

The real risks in SOA, Web Services, and XML
SOA standards and how to use them
How to architect security services in Web Services and SOA
How an attacker looks at Web Services
Best practices

Target audience

Developers, architects, security engineers, CIOs, CISOs
IT professionals of all levels whose organization is looking to implement a SOA or whose clients may be interested in securing their web services�based applications

Prerequisites

Basic understanding of SOA/Web Services

Topics covered

Topics covered include understanding how web application risks (such as those in OWASP Guide and OWASP Top Ten) apply in a Web Services world, and Web Services security topics such as:

Web Services attack patterns
Common XML attack patterns
Data and XML security using WS-Security, SAML, XML Encryption and XML Digital Signature
Identity services and federation with SAML and Liberty
Hardening Web Services servers
Input validation for Web Services
Integrating Web Services securely with backend resources and applications using WS-Trust
Secure Exception handling in Web Services
Understand the impact of Web 2.0 technologies like Ajax, and REST on distributed systems security

View complete course syllabus

Printed guides and Power Point presentation will be made available for both days of the course

About the instructor

For more information:

http://techsmartgroup.com/webservices_security_training.html

To Register Now:

http://techsmartgroup.com/services_reg_form.htm

_________________________________________________________________________________________

_________________________________________________________________________________________

Back to Main Page

Gary E. Smith
SOA Security Training

THE SOA NETWORK

SOA Governance Network SOA Networking SOA Security Network SOA Test Network

SOA Security Training | SOA TRAINING NETWORK | THE SOA NETWORK

SOA Security Training Course by LearnQuest

SOA Security Training Course by LearnQuest

SOA Security Training Course by LearnQuest

SOA Security TrainingWSOA-345

Course Description:

Course Objectives:

Prerequisites:

Audience:

Course Duration:

Course Topics:

I. Foundation

II. Top Ten Security Vulnerabilities

III. SOA Security Overview

IV. Applying Security to Services

V. WS-Security

VI. Best Practices and Design Patterns

VII. Secure Design and Analysis

Web Services/SOA Security Training Event - Coming Fall 2008

Web Services/SOA Security Training Event - Coming Fall 2008

Web Services/SOA Security Training Event - Coming Fall 2008

Fall, 2008 (New York City)

Course objective

Target audience

Prerequisites

Topics covered

About the instructor

SOA SECURITY TRAINING: Web Services/SOA Security Training Event

Web Services/SOA Security Training Event

Web Services/SOA Security Training Event

March 10-11, 2008 (New York City)

Course objective

Target audience

Prerequisites

Topics covered

About the instructor

SOA Security Training
WSOA-345