The Securing JEE Web Services training course is designed to provide the best practices for defensively coding J2EE services, including XML processing. You will repeatedly attack and then defend various assets associated with fully-functional web services. This hands-on approach drives home the mechanics of how to secure J2EE web services in the most practical of terms.
By attending Securing JEE Web Services workshop, delegates will learn:
- Consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
- Test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
- Prevent and defend the many potential vulnerabilities associated with untrusted data
- Concepts and terminology behind supporting, designing, and deploying secure services
- Problems associated with service security and the potential risks associated with those problems
- Best practices for supporting the many security needs of services.
- Vulnerabilities associated with authentication and authorization within the context of web services
- Detect, attack, and implement defenses for authentication and authorization functionality
- Dangers and mechanisms behind Cross-Site
- Scripting (XSS) and Injection attacks
- Detect, attack, and implement defenses against XSS and Injection attacks
- Concepts and terminology behind defensive, secure, coding
- Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against assets
- Static code reviews and dynamic application testing for uncovering vulnerabilities in Java-based web services
- Design and develop strong, robust authentication and authorization implementations within the context of JEE
- Fundamentals of XML Digital Signature as well as how it can be used as part of the defensive infrastructure for web services
- Fundamentals of XML Encryption as well as how it can be used as part of the defensive infrastructure for web services
- Vulnerabilities that are specific to XML and XML parsers
Familiarity with Java and J2EE is required and real world programming experience is highly recommended. Ideally, attendees should have atleast 6 months to a year of Java and J2EE working experience.
- This Securing JEE Web Services class is intended for Developers
