Services

Web Services/SOA Security Training Event

Fall, 2008 (New York City)

REGULAR FEE: $1,400

DISCOUNTED FEE: $1,250

Seeking to integrate existing systems in order to implement IT support for present and future business processes?

If your company or client is looking to employ new services or upgrade existing services to address new business requirements, a SOA (Services Oriented Architecture) can better support the integration of disparate applications and the sharing of data. Yet, building a SOA solution requires different security measures that address the new risks introduced by web services integration. For instance, traditional security protocols, such as SSL, do not provide sufficient security for SOA/Web Services.

Course objective

This two-day course will prepare students to identify, define, diagnose, and implement a comprehensive security strategy. Attendees will be exposed to a broad range of SOA security subjects, providing a solid foundational understanding of sound approaches to designing and implementing SOA security. This includes an understanding of:

The real risks in SOA, Web Services, and XML
SOA standards and how to use them
How to architect security services in Web Services and SOA
How an attacker looks at Web Services
Best practices

Target audience

Developers, architects, security engineers, CIOs, CISOs
IT professionals of all levels whose organization is looking to implement a SOA or whose clients may be interested in securing their web servicesbased applications

Prerequisites

Basic understanding of SOA/Web Services

Topics covered

Topics covered include understanding how web application risks (such as those in OWASP Guide and OWASP Top Ten) apply in a Web Services world, and Web Services security topics such as:

Web Services attack patterns
Common XML attack patterns
Data and XML security using WS-Security, SAML, XML Encryption and XML Digital Signature
Identity services and federation with SAML and Liberty
Hardening Web Services servers
Input validation for Web Services
Integrating Web Services securely with backend resources and applications using WS-Trust
Secure Exception handling in Web Services
Understand the impact of Web 2.0 technologies like Ajax, and REST on distributed systems security

View complete course syllabus

Printed guides, Power Point slides, and a certificate of completion (for petition of academic credit) will be made available for participants

About the instructor

Gunnar Peterson (blog) is a Managing Principal at Arctec Group. He focuses on distributed systems security for large, mission-critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start-ups. Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, an Associate Editor for Information Security Bulletin, a contributor to the SEI and DHS Build Security In portal on software security, and an in-demand speaker at security conferences.

Testimonials

"The class was distinctly focused on Security requirements and the strength and weaknesses of the various solution approaches we could consider. The result of the course was actionable approaches to providing security in our SOA environment."
-Brad Sillman, Director IT Security, Deluxe Corp.

"High quality detailed overview of SOA security standards and approaches. Well thought-out and structured presentation."
-Sr. IT Architect, Fortune 10 enterprise

"This class was a thorough and well-organized trek through the current Web Services Security landscape. Going beyond just describing the standards and the options available in the Web Services Security world, this class discusses real-world use cases and offers implementable solutions, best practices, even vendor choices in several key areas. This class provided me with actionable tasks that I took back to my project teams the very next day!"
-Jesse Aalberg, Sr. Enterprise Application Architect, United Healthcare

TechSmart