The Securing Web Services course is intended for developers, engineers, and architects who work with backend web services APIs which may not necessarily have a User Interface (UI) or a UI component. This course examines web services concepts and then takes a deep dive into several web services technologies such as WS-Security, Security Assertion Markup Language (SAML), and OAuth. This course also covers risks inherent to web services and how to properly threat model web services. Web service security is examined from the perspective of the message, the channel, and the service itself.
The lab component of this course allows students to gain an understanding of and practice with some of the real-world security issues inherent to web services. The lab is intentionally written with a programming language and framework that are popular, but with which most developers are not familiar: Python and Flask. This allows students to focus on secure design and secure coding concepts without being too concerned with the implementation details of a particular language.
This is a comprehensive and stand-alone course on web services. Many concepts taught in this course are covered in depth in other courses, such as Threat Modeling and OAuth. If you are building a multi-day curriculum for web service developers, please reach out to the Synopsys training team for advice on course selection.