This course covers a series of technical and complex security topics pertaining to contemporary service-oriented solution design, infrastructure, microservices, API gateways and modern service technologies.
The following primary topics are covered:
– Understanding SOA Security Threats
– STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service, Elevation of Privilege)
– SOA Security Patterns for Internal Service Architecture (Exception Shielding, Message Screening, Trusted Subsystem, Service Perimeter Guard)
– Security Token Structures and Issuance (JWT, Username, X.509, SAML)
– Authentication Sessions and Secure Conversations
– Federation and Trust Brokering Security
– Policy Design and Governance
– REST Security Controls and Designs
– Open API Specification (OAS v 3.0), Open ID Connect
– Web service Security Controls and Designs
– WS-Policy, WS-SecurityPolicy, WS-Trust and WS-Secure Conversation with SAML
– Microservices and Containerization Security Considerations
– Security Extensions and Controls for API Gateways and ESBs
– Security Risks and Considerations for Cloud-based Services and Service Compositions
– Preparing for Common SOA Security Threats
Duration: 1 Day
Taking the Course at a Workshop
This course can be taken as part of instructor-led workshops taught by Arcitura Certified Trainers. These workshops can be open for public registration or delivered privately for a specific organization. Certified Trainers can teach workshops in-person at a specific location or virtually using a video-enabled remote system, such as WebEx. Visit the Workshop Calendar page to view the current calendar of public workshops or visit the Private Training page to learn more about Arcitura’s worldwide private workshop delivery options.
Below are the base materials provided to public and private workshop participants.
Note that as a workshop participant, you may be eligible for discounts on the purchase of the Study Kit and Pearson VUE exam voucher for this course.
Taking the Course using a Study Kit
This course can be completed via self-study by purchasing a Study Kit, which includes the base course materials as well as additional supplements and resources designed for self-paced study and exam preparation.
Visit the SOACP Module 19 Study Kit page for pricing information and details. Also, visit the Study Kits Overview page for information regarding discounted Certification Study Kit Bundles for individual certification tracks.
The following materials are provided in the Study Kit for this course:
Study Kits and Study Bundles can be purchased using the online store. By purchasing and registering this Study Kit, you may be eligible for discounts on the registration of this course as part of a public workshop.
This course is part of the following certification tracks:
– Certified Service Security Specialist
Vendor-Neutral Topic Overview
Note that all SOACP course modules are focused on vendor-neutral topics and therefore do not provide detailed coverage of any vendor-specific platforms or technologies. SOACP courses are intentionally authored this way so as to provide an unambiguous and objective and industry-level understanding of practices and technology that can be further complemented with vendor-specific training.