I will be teaching a public one day class in NYC on SOA, Web Services, and XML security. The training date is April 19. The training is focused on identity, message, service, deployment, and transaction security in SOA & Web Services systems. The class is designed for people who are building SOA & Web Services and want to build security into the system from the design and development stages; collaborating with software architects and developers.
As Warren Buffet says "risk comes from not knowing what you are doing", risks in information security frequently result from security not knowing enough about the decisions the software developers take, and from the software developers lacking knowledge about security mechanisms. This class aims to address this issue with practical guidance for SOA, Web services security.
The focus is on the real risks in SOA and Web Services, what security standards and protocols are there to help, how to use them, and finally where you still need to code and configure to address security issues. I also gave versions of this class at OWASP conferences and on-site for a variety of clients across the globe. The content is primarily aimed at security and software practitioners, developers, and architects. Security services are mapped to real risks with actionable patterns you can take to build more secure web services.