SOA Security Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

This SOA Security training course is designed to lay a solid groundwork for Analysts, Architects, and Developers who are working in Service-Oriented Architectures (SOA) and the infrastructures supporting them. Throughout the course, you will learn the best practices for designing, implementing, and deploying services within a secure infrastructure.

By attending SOA Security workshop, delegates will learn to:

Summarize the concepts and terminology behind supporting, designing, and deploying secure services
Recognize the magnitude of the problems associated with service security and the potential risks associated with those problems
Define the currently accepted best practices for supporting the many security needs of services

Basic understanding of SOA and the associated technologies
Minimum of two years working knowledge in the IT industry
Basic understanding of software development and web-based applications
Actual development working knowledge is helpful but not required

This SOA Security class is suitable for:

Analysts
Architects
Developers

Foundation

Terminology and players
- Assets, threats and attacks
- OWASP
- Basic principles

Top Ten Security Vulnerabilities

Unvalidated input
Broken access control
Broken authentication and session management
Cross Site Scripting (XSS) flaws
Buffer overflows
Injection flaws
Improper error handling, auditing and logging
Insecure storage
Insecure management of configuration
Dynamic loading

SOA Security Overview

Challenges
- Identity and propagation
- Real-time transactions
- Diverse environments
- Information protection
- Standards compliance
Services and security
- SOA components
- Service lifecycle
- Security policies
Security services
- Identity
- Authentication
- Authorization
- Confidentiality/integrity
- Auditing
- Non-repudiation

Applying Security to Services

Direct service exposur
Indirect service exposure
Enterprise Service Bus (ESB)
- Mediating security services
- Transport-level security
- Message-level security
- Policy enforcement
- Policy management
- Protecting the ESB
Composed Services
- Single-sign on
- Trust relationships
- Trust relationships and web services

WS-Security

Defending XML processing and web services
WS-security
- WS-security stack
- J2EE and WS-security
- Best practices
XML digital signature
- Architecture
- Working with XML digital signature
- Integrating XML digital signature into web services
- Best practices

Best Practices and Design Patterns

Defensive coding principles
- Attack surface management
- Application states
- Defense in depth
- Not trusting the untrusted
- No Security through obscurity
- Security defect mitigation
- Leverage experience
J2EE web application security design patterns
- Authentication enforcer
- Authorization enforcer
- Intercepting validator
- Secure base action
- Secure logger
- Secure pipe
- Secure service proxy
- Intercepting web agent

Secure Design and Analysis

Design and analysis processes
- Motivation
- Security Development Lifecycle (SDL)
- CLASP applied
Application of design and analysis processes
- Threat risk modeling
- Testing and review best practices

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

SOA Security

COURSE AGENDA