Web Services Security Training Course

Course Description

Web services are the backbone of today’s integrated information technology (IT) systems. Web services have become increasingly exposed via emerging architecture patterns such as enterprise service buses, the mobile ecosystem, and microservices. New architectures thus require new security strategies to deal with newly-introduced risks. This course takes a pragmatic approach towards identifying web services’ security risks and selecting and applying countermeasures to the application code and configuration files, messages, the channels over which messages are sent, as well as identity servers and related software.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Recognize the most common architecture patterns for web services.
  • Apply threat modeling techniques to anticipate risks to web services and apply appropriate countermeasures.
  • Understand the cryptographic building blocks upon which network channels and messages are secured.
  • Recognize and remediate common issues in TLS configurations and understand channel-level controls such as mutual TLS and certificate pinning.
  • Implement SOAP/XML-based message security using WS-Security and implement REST/JSON-based message security using JOSE.
  • Write secure web services code which performs proper data validation and access control.
  • Utilize SAML and OAuth to provide secure access control services throughout a web services ecosystem.


Delivery Format: Live traditional or virtual classroom

Duration: 8 hours

Intended Audience:

  • Developer
  • Architect
  • QA and Testing

Get more course information

250 / 250