Designing and Developing Secure Web Services Training

Course #:WA1791

Designing and Developing Secure Web Services Training

This is a course designed for the developers and architects that focuses on the security aspects of Web Service development. Through lecture and hands on exercise this class will teach you the security problems faced by a Web Service consumer or provider and how to solve them through open standards. Topics like authentication, authorization, encryption and non-repudiation are covered. Advanced topics like single sign on and trust based authentication are also covered.

Topics

 
  • Authentication using WS-Security
  • Encryption and non-repudiation using WS-Security
  • WS-Trust
  • WS-Federation
  • SAML
  • Securing REST Web Services

What you will learn

 

After completing this course, students will be able to:

  • Understand the unique problems with security in Web Services
  • Explain how messages are encrypted using WS-Security
  • Explain how non-repudiation works with WS-Security
  • Explain how authentication works with WS-Security
  • Explain the need for WS-Trust and WS-Federation
  • Understand the key concepts in securing REST style web services.

Audience

 

Developers and architects.

Prerequisites

 

Students should be already familiar with the basics of Web Service development, such as SOAP and WSDL. Some knowledge of Java is required.

Duration

  2 days.

Outline of Designing and Developing Secure Web Services Training

Chapter 1. Web Services Security (WS-Security)

  • The Challenges
  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Certificates
  • Overview of Web Services Security
  • SOAP Message Security
  • Message Integrity
  • Message Confidentiality
  • Symmetric Encryption Example
  • Authentication Using Identity Token
  • Authentication
  • Transport Level Security
  • Audit Tracking
  • Identity Assertion Using SAML
  • SAML SOAP Example

Chapter 2. WS-Trust and WS-Federation

  • Review of WS-Security Authentication Model
  • How WS-Trust Works
  • WS-Federation
  • Federation Metadata Example
  • Requesting a Token
  • Dynamic Conversation
  • Summary

Chapter 3. Interoperability of WS-Security

  • Interoperability Challenges
  • Recall WS-Security
  • Platform Run-Time Issues
  • Hints
  • Recall: WS-I
  • Basic Security Profile v1.0
  • Using Basic Security Profile 1.0
  • BSP 1.0 Details
  • BSP 1.0 Highlights
  • Summary

Chapter 4. WS-Secure Conversation

  • Review of WS-Security and WS-Trust
  • Need for a Security Context
  • Basic Usage of WS-Secure Conversation
  • Establishing a Security Context
  • Building on WS-Trust
  • Using the Security Context Token
  • Alterations to the Security Context Token
  • Summary

Chapter 5. REST Services

  • Many Flavors of Services
  • Understanding REST
  • Principles of RESTful Services
  • REST Resource Examples
  • SOAP Equivalent Examples
  • REST vs SOAP Communication
  • More REST vs SOAP
  • REST vs SOAP Summary
  • Famous RESTful Services
  • Additional Resources
  • Summary

Chapter 6. Securing REST Services

  • RESTful Security - Ideal Approach
  • RESTful Security - Practical Approach
  • Protecting the QueryString
  • REST and Access IDs
  • AWS and HMAC
  • Securing Resources
  • REST Security Concerns
  • Comprehensive REST Security
  • Summary
We regularly offer classes in these and other cities. Atlanta, Austin, Baltimore, Calgary, Chicago, Cleveland, Dallas, Denver, Detroit, Houston, Jacksonville, Miami, Montreal, New York City, Orlando, Ottawa, Philadelphia, Phoenix, Pittsburgh, Seattle, Toronto, Vancouver, Washington DC.