In addition to valuable knowledge and working examples, students receive a copy of the "Xtensil" product.   This unique software was developed to assist in implementing, testing, and fielding XML applications.  Xtensil is used as both a teaching aid and a straightforward, basic, fully functional XML toolkit that students can use on Windows and Linux platforms.

Throughout the course students will be led through a series of progressively advanced topics, where each topic consists of lecture, group discussion, comprehensive hands-on lab exercises, and lab review.

What you will Learn

This class is “technology-centric”, designed to train attendees in essential XML development skills coupling the most current, effective techniques with the soundest coding practices.  Working in a hands-on learning environment student will learn to:

  • Design and implement changes to XML Schemas
  • Apply advanced XSLT constructs such as calling named templates with parameters
  • Use XSLT constructs such as messages, keys, and copy
  • Generate linked, dynamic table of contents using XSLT
  • Use XML Digital Signature and XML Encryption
  • Defend XML-based services and functions from malicious attacks

Audience

This is an intermediate and beyond-level level XML training course, designed for those needing in-depth knowledge and a working knowledge of XML, XML Schema, XSLT, and XML-related security. A working knowledge of XML is required.

Prerequisites

Attending students should have recently attended the following course(s) or have practical experience in this area:

  • WA1035 Fundamentals of XML

Duration

2 Days

Outline for Advanced XML Programming

Session: XML Structure

Lesson: XML Schema Review

  • XML Namespaces
  • W3C XML Schemas
  • Elements, Attributes, and Types
  • Restricting Simple Types: Facets

Lesson: Advanced XML Schema

  • Complex Types Can be Derived
  • Derivation by Extension
  • Elements vs. Attributes: When to use them?
  • Using XML Schema with Namespaces
  • Managing Large Schemas

Lesson: Processing XML

  • Parsers and API’s
  • Deciding When to Use SAX
  • Deciding When to Use DOM
  • Parsing With a DTD or Schema

Session: XML Formatting

Lesson: XPath and XSLT Review

  • XPath Data Model
  • XPath Operators and Functions
  • Conflict Resolution for Templates
  • Calling Templates
  • Looping, Sorting and Conditional Processing Constructs

Lesson: Advanced XSL Topics

  • ID Attributes Uniquely Identify Elements
  • generate-id() is Used to Create Unique Strings
  • <xsl:key> and key() Work to Select Groups
  • xsl:copy and xsl:copy-of
  • Managing Whitespace
  • XInclude
  • <xsl:message> Signals Conditions
  • Extending XSLT Using Java

Lesson: XPath 2.0 and XSLT 2.0 Overview

  • XPath 2.0 Improvements
  • XPath 2.0 and XQuery 1.0
  • XSLT 2.0 Improvements

Lesson: XSL FO (Formatting Objects)

  • XSL Family Working Together
  • Apache’s FOP: Rendering XML
  • Page Types Can Be Conditional
  • Content Flows Into Page Regions

Session: Advanced XML Topics

Lesson: XML Interoperability

  • XML From a Data Perspective
  • XML/Database Interfacing
  • Challenges to Mapping XML

Lesson: Web Services Overview

  • XML in Web Services
  • WSDL: Description
  • Many Web Services Challenges

Lesson: Defending XML

  • XML Signature
  • XML Encryption
  • XML Attacks: Structure
  • XML Attacks: Injection
  • Safe XML Processing

Lesson: Defending Web Services

  • Web Service Security Exposures
  • When Transport-Level Alone is NOT Enough
  • Message-Level Security
  • WS-Security Roadmap
  • XWSS Provides Many Functions
  • Web Service Attacks
  • Web Service Appliance/Gateways

Lesson: Defending Rich Interfaces and REST

  • How Attackers See Rich Interfaces
  • Attack Surface Changes When Moving to Rich Interfaces
  • Bridging and its Potential Problems
  • Three Basic Tenets for Safe Rich Interfaces
  • OWASP REST Security Recommendations