Web Services Security Training Course

Course Description

Web services are the backbone of today’s integrated information technology (IT) systems for accessing web services, such as SOAP, REST, and XML. Web services-based applications represent a new approach and require new security strategies to deal with the risks introduced by these new architectures. This course takes a pragmatic approach towards identifying web services’ security risks and selecting and applying countermeasures to the application, code, web servers, and databases as well as identity servers and related software.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Recognize how web application risks (e.g., OWASP Top Ten) apply to web services including SOAP and REST authentication, authorization and auditing
  • Recognize specific web services and XML attack patterns
  • Provide data and XML security using WS-Security, Security Assertion Markup Language (SAML), XML Encryption, XML Digital Signature, and identity services and federation with SAML and WS-Federation
  • Recognize the need in web services for hardening servers, input validation, integrating securely with backend resources and applications, and secure exception handling
  • Apply XML Security Gateways in a decentralized web services security architecture
  • Recognize the key security issues in service-oriented architecture (SOA) and web services, and how to leverage standards and security protocols to proactively build security into SOA and web services systems


Delivery Format: Live traditional or virtual classroom

Duration: 8 hours

Intended Audience:

  • Developer
  • Architect
  • QA and Testing

Get more course information