Send More Info
Apply Now
Classroom Login
Call Now
Call Now 855-300-1469

CYB 5665 Secure Web Services


Course Description

Explores Web technologies including Web services, Service-Oriented Architectures (SOA) and the Semantic Web. Includes approaches for securing new web technologies. 

Course Objectives

By the end of this course, students will be able to:

  • Evaluate Web services, particularly with regard to their security
  • Apply and compare the underlying technologies of web services
  • Analyze threats and vulnerabilities facing web services and apply countermeasures
  • Compare standards for web services security
  • Explore the semantic web and related security considerations
  • Compare and apply methods of access control to web services
  • Identify new research opportunities in web services security

Week 1


Lecture: Introduction
Lecture: Web Services Technologies

Outcomes

By the end of this module, you should be able to:

  • Discuss the course outline and objectives
  • Examine the nature of web services
  • Apply the model of communications
  • Identify security objectives
  • Discuss with privacy objectives
  • Examine web services principles
  • Compare common SOA principles
  • Analyze SOA design principles
  • Discuss the publish-discovery paradigm
  • Compare and understand technologies such as XML, SOAP, and WSDL
  • Analyze systems in the context of the Web services protocol stack
  • Create SOA system designs

Week 2


Lecture: Threats, Vulnerabilities, and Countermeasures
Lecture: Project Overview

Outcomes

By the end of this module, you should be able to:

  • Identify an engineered security process
  • Apply security within the software lifecycle
  • Describe web services security concepts
  • Evaluate sources of vulnerabilities
  • Create a threat model
  • Compare vulnerability catalogs
  • Analyze vulnerability catalog entries
  • Apply and compare vulnerability metrics
  • Review the objectives and requirements of the course project

Week 3


Lecture: Standards for Web Services Security

Outcomes

By the end of this module, you should be able to:

  • Examine the nature and purpose of standards
  • Explore web services standards including XML encryption, XML signature, WS-Security, and SAML
  • Compare web services standards
  • Analyze the hierarchy of web services security standards frameworks
  • Evaluate the need for a web services reliability protocol
  • Identify TCP and UDP for web services
  • Compare issues facing web services security standards

Week 4


Lecture: Semantic Web
Lecture: Standards for Web Services Security
Lecture: Resource Description Framework (RDF)
Lecture: Web Ontology Language (OWL)

Outcomes

By the end of this module, you should be able to:

  • Discuss the nature of the semantic web
  • Examine the technologies of the semantic web
  • Evaluate challenges to collecting information on the Internet
  • Explore challenges facing the semantic web
  • Identify the long-term vision and potential of the semantic web
  • Define RDF
  • Apply methods to convert information between triples, statements, database entries, and graphs
  • Create methods of enhancing web content with RDF
  • Compare RDF and relational databases
  • Identify examples of ontology
  • Discuss the nature of ontology
  • Create ontologies
  • Analyze the creation of OWL and alternatives

Week 5


Lecture: Semantic Web Security
Lecture: Semantic Web Example

Outcomes

By the end of this module, you should be able to:

  • Compare methods of applying security to the semantic web
  • Identify security requirements of the semantic web
  • Apply the semantic web through an example

Week 6


Lecture: Access Control

Outcomes

By the end of this module, you should be able to:

  • Explore the nature of access control
  • Apply a general access control architecture
  • Apply a protection matrix model
  • Compare methods of access control
  • Define RBAC
  • Compare top-down, bottom-up, and hybrid methods of specifying roles
  • Analyze RBAC in OWL

Week 7


Lecture: Digital Identity Management
Lecture: Access Control for Web Services
Lecture: Access Control for Business Processes

Outcomes

By the end of this module, you should be able to:

  • Compare methods for recognition
  • Identify the purpose and methods of identity management
  • Compare approaches to identity frameworks
  • Examine security requirements for identity management
  • Apply access control to web services
  • Compare approaches to enforcement
  • Discuss BPEL and its purpose
  • Compare web service orchestration to choreography

Week 8


Lecture: Emerging Research Trends

Outcomes

By the end of this module, you should be able to:

  • Analyze new topics in Web services security
  • Discuss security-as-a-service

The course description, objectives and learning outcomes are subject to change without notice based on enhancements made to the course. November 2013