Hackmanit IT security training courses offer you a high-quality mix of scientifically based content and practical, proven know-how. Our IT security training courses are appreciated by participants and companies from various industries, be it in the automotive industry, finance, critical infrastructures, public institutions, software development and many more.

 ➤ Web Security
WEB 1 – Secure Web Development
WEB 2 – Web Service Security
 
Back to Overview – IT Security Training >>
 

Web Service Security

In this IT security training course, web service technologies are first introduced and the numerous different attack techniques used to attack SOAP-based web services are presented using examples. Participants will then have the opportunity to carry out various attacks themselves in a virtual machine prepared by us. The attacks are first carried out “by hand” (e.g. with SoapUI) in order to get a feel for the underlying vulnerabilities.

In the following, we will present our penetration testing tool WS-Attacker, which can be used to cover many of these attacks automatically. The virtual machine can be used offline and is still available to participants for internal training after the course.

The training will address the following questions, among others:

  • How do I use an XML parser correctly?
  • How do I check an XML document‘s signature correctly?
  • Which risks need to be considered when using WS-* extensions?
  • Is encrypting my messages with TLS sufficient?
  • How can I protect my systems against attackers?

 

Training Contents

  • DAY 1
    • XML and SOAP-based Web Services
    • XML Schema and WS-Policy
    • WS-Addressing and WS-Addressing Spoofing
    • XML Parsing (DOM vs. SAX)
    • XML-specific Denial-of-Service Attacks
    • XML Security and WS-Security
      • Differences to SSL/TLS
    • XML Signature
      • ID-based Signatures and XPath

  • DAY 2
    • XML Signature Wrapping Attacks
    • XML Encryption
      • Attacks on Symmetric Encryption
      • Attacks on Asymmetric Encryption
    • Penetration Testing with WS-Attacker
    • Outlook: SAML-based Single Sign-On
    • REST-based Web Services
      • Attacks and Best Practices

 

Target Audience

This training is aimed at two groups:
On the one hand, developers who use XML and web services in practice; on the other hand, penetration testers and security researchers who want to familiarize themselves with the topic of XML security and evaluate web services.

To participate, you will need a computer and a remote desktop client (RDP) to complete the interactive exercises.

Training Days

The training is designed for 2 days, from 9:00 - 17:00, 8 hours each (including breaks).

 

Hands-On

Learn important approaches with our practical component that will give you a deep understanding of the methods used by hackers and defenders.

 

Certificate of Attendance

After completing the training, you will receive a personalized digital certificate from us.

 

Your Investment

1.390€ excl. VAT per person.

 


Booking Options

Customized training options for you or your team.

Whether team online training or classroom training, we adapt to your wishes.
Contact us for the training you require to receive an individual and non-binding offer.

Send the registration form or your individual booking request directly to Prof Dr. Juraj Somorovsky:

 

IT Security Consulting - Implementierung - Hackmanit

Team Online Training

Book an online IT security training course on an individual date.
(at least 5 participants)

 

IT Security Consulting - Implementierung - Hackmanit

On-Site Training at Your Company

We will come to you on request and find an individual appointment for you and your team.

 

IT Security Consulting - Implementierung - Hackmanit

On-Site Training at Hackmanit

We take care of the training facilities on site in Bochum with individual desired dates.

 

 

Prof. Dr. Juraj Somorovsky

Your Contact for This IT Security Training

Prof. Dr. Juraj Somorovsky | Department Cryptography
juraj.somorovsky@hackmanit.de

* All prices excl. VAT