Students who can benefit from this course are business component and client developers who are creating web services and are interested in implementing standard security mechanisms in their web service applications.

• Implement and deploy a J2EE platform application containing web and Enterprise JavaBeans (EJB)-tier components
• Assemble, deploy, and test a distributed Java platform technology application
• Use the Ant build environment (or other tool sets required by the labs)
• Describe the steps required to design and architect an enterprise application
• Create a Java web service that exposes web-tier or EJB-component tier functionality using the tools and technologies provided by the Java Web Services Developer Pack version 1.6 (Java WSDP 1.6)

1. Describe the issues and concerns relating to securing web service interactions
2. Describe the tools and techniques available for securing a Java web service
3. Design and implement a secure Java web service using the tools and technologies provided in the Java Web Services Development Pack version 1.6

Module 1 - Basics of Security

• Describe the characteristics of application security
• Describe how encryption is used to provide security for a web service application
• Describe how digital signatures are used to provide security for a web service application
• Select the proper security mechanism for securing a suite of application functions
• Deploy and test the J2EE application used as the basis for the lab exercises in this course

Module 2 - Implementing Secure Web Services

• List and describe the characteristics of the common mechanisms that can be used to secure a web service application
• Describe the security features provided by the J2SE 1.5 and J2EE 1.4 APIs
• List and describe the function of the various organizations and initiatives that address web services security
• Evaluate the security requirements of a J2EE application

Module 3 - Web Services Security Threats and Countermeasures

• Identify the security challenges and threats in a web service application
• Identify appropriate candidate technologies to address the security challenges in a web service application
• Identify the security challenges presented by the auction system functionality and choose appropriate candidate technologies to address the application's security needs

Module 4 - Implementing Secure Java Web Services

• Using J2EE Application-Layer and Transport-Layer Security
• Describe how to secure Java web services using J2EE application security
• Describe how to secure web services using transport-layer security
• Use basic authentication in a J2EE web service application
• Use transport-layer security to secure a J2EE web service application

Module 5 - Implementing Secure Java Web Services using Message-Layer Security

• Describe the functionality provided in XWS-Security for securing web service applications
• Describe how to use the XWS-Security command line tools to generate a security solution for a J2EE web service
• Implement an XWS-Security solution for a J2EE web service that uses Digital Signatures and XML Encryption