Register For
Upcoming Events
August
- SANS Virginia Beach 2008
- Register Now!
- Virginia Beach, VA
- August 21 - August 29, 2008
September
- SANS Network Security 2008
- Register Now!
- Las Vegas, NV
- September 28 - October 6, 2008
Management 431 ::
Secure Web Services for Managers
Overview
The National Institute of Standards and Technology special publication 800-95 Secure Web Services is one of the best publications they have ever produced. It helps us understand the growth in both numbers and importance of web applications and how vulnerable they are. As they say themselves, "The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and ad hoc connections. Web services technology can be implemented in a wide variety of architectures, can co-exist with other technologies and software design approaches, and can be adopted in an evolutionary manner without requiring major transformations to legacy applications and databases."
SP 800-95 gives solid architectural guidance, it is a break through document, but the content is beyond the reach of most managers. When we read terms like SOA, SOAP, TLS, XML, XACML, UDDI, WSDL our eyes glaze over even though we know this is really important material. SANS wants to help. One of SANS top instructors will break it down for you step by step. By the end of the class you will understand secure web services and will be ready to ask your web team the right questions and give the right guidance. There are no prerequisites, some basic IT and IT Security previous knowledge is assumed. However, there is read ahead material for students that do not have an IT background and we highly recommend that look that material over before attending.
Sampling of Topics
- Who Should Attend
- Auditors with web application responsibility
- Federal Government managers and leaders
- Industry managers with IT, web application development or IT Security responsibility
- IT architects with a network security background that are less familiar with software services
- Sampling of Topics
- Web Services Orchestration and Choreography
- Secure messaging: HTTP over SSL/TLS (HTTPS), XML Encryption and XML Signature, WS-Security
- Negotiating contracts with ebXML
- Security Standards
- Identify management, trust, federating trust
- SOA, a computing paradigm emphasizing dynamic service
- UDDI allows Web services to search for one another dynamically
- UDDI with WSDL, Web services can easily discover and use new services at run-time without human intervention
- SOAP supports many message exchange patterns (MEPs) in addition to request/response