Securing JEE Web Services | Secure JEE Web Services Development (TT8500-J)

Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
Be able to test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
Prevent and defend the many potential vulnerabilities associated with untrusted data
Understand the concepts and terminology behind supporting, designing, and deploying secure services
Appreciate the magnitude of the problems associated with service security and the potential risks associated with those problems
Understand the currently accepted best practices for supporting the many security needs of services.
Understand the vulnerabilities associated with authentication and authorization within the context of web services
Be able to detect, attack, and implement defenses for authentication and authorization functionality
Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
Be able to detect, attack, and implement defenses against XSS and Injection attacks
Understand the concepts and terminology behind defensive, secure, coding
Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web services
Design and develop strong, robust authentication and authorization implementations within the context of JEE
Understand the fundamentals of XML Digital Signature as well as how it can be used as part of the defensive infrastructure for web services
Understand the fundamentals of XML Encryption as well as how it can be used as part of the defensive infrastructure for web services
Understand and defend vulnerabilities that are specific to XML and XML parsers