I will be teaching a one day course on Web Services and XML Security at the OWASP Europe conference. I enjoy the OWASP conferences, there is a good mix of security folks, developers, and architects, plus it is vendor neutral, many different industries are represented, and usually in a nice location.
The focus areas of my class are:
- Web Services attack patterns
- Common XML attack patterns
- Data and XML security using WS-Security, SAML, XML Encryption and XML Digital Signature
- Identity services and federation with SAML and Liberty
- Hardening Web Services servers
- Input validation for Web Services
- Integrating Web Services securely with backend resources and applications using WS-Trust
- Secure Exception handling in Web Services
The class explores standard secure coding and application security issues and looks at new risks and countermeasures that are present in Web Services, SOA, and XML paradigms.
Comments