Consulting Training Blog Careers About Us Contact Us

WebSphere Security Administration and Programming Training

Course ID: WAS1523
Duration: 3 Days

Upcoming Classes

Sorry, nothing scheduled right now. Click the Get Notified button below to be alerted when a class is scheduled.

Get Notified

On Site/Private

Can't find a class that fits right for you? Contact us to inquire about scheduling your own private class

Contact Us

Description

<p> This course delves deep into the security administration of WebSphere Application Server v6. It also teaches the security programming model of J2EE. Creating secure applications and web sites requires close cooperation between the developers and the administrators. Keeping that in mind, this course is targeted towards the developer and the administrator community.</p> <p>  </p>

Bring This Course To You

For groups of 5 or more, let Intertech bring this course to your location. Customized versions tailored towards your objectives are also available.

Learn More

Learning Objectives

<ul> <li> Configure global security in WebSphere Application Server</li> <li> Integrate WebSphere Application Server with LDAP</li> <li> Create and deploy a secure web application</li> <li> Configure role based security for EJBs</li> <li> Configure Data Source security and understand how Prepared Statements increases security</li> <li> Configure Single Sign-On</li> <li> Implement a custom user registry</li> <li> Understand what's involved in Web Services, messaging and J2C security</li> <li> Configure SSL in IBM HTTP Server<span style="display: none"> </span></li> </ul>

Prerequisites

<p> The participant should have a good understanding of Java and web technologies (Servlets, JSPs and EJBs), operational skills for Windows and basic administration skills for WebSphere application server.</p>

Course Outline

<div class="textBOLD12"> Common Security Threats</div> <ul style="margin-top: 0px"> <li class="text12"> Input Data Validation</li> <li class="text12"> Data Ownership Validation</li> <li class="text12"> SQL Injection Problem</li> <li class="text12"> SQL Injection Solution</li> <li class="text12"> Malicious File Execution Problem</li> <li class="text12"> Malicious File Execution Solution</li> <li class="text12"> Web Authentication Mechanism</li> <li class="text12"> Insecure Authentication Mechanism</li> <li class="text12"> Failure to Restrict URL Access Problem</li> <li class="text12"> Failure to Restrict URL Access Solution</li> <li class="text12"> Cross Site Scripting (XSS) Problem</li> <li class="text12"> Cross Site Scripting (XSS) Solution</li> <li class="text12"> Cross Site Request Forgery (CSRF) Problem</li> <li class="text12"> Cross Site Request Forgery (CSRF) Solution</li> <li class="text12"> Information Leakage and Improper Error Handling Problem</li> <li class="text12"> Information Leakage and Improper Error Handling Solution</li> <li class="text12"> Buffer Overflow</li> <li class="text12"> Buffer Overflow Solution</li> <li class="text12"> Insecure Communications</li> <li class="text12"> Insecure Cryptographic Storage Problem</li> <li class="text12"> Insecure Cryptographic Storage Solution</li> <li class="text12"> Insecure Direct Object Reference</li> <li class="text12"> Message Replay Attack Problem</li> <li class="text12"> Message Replay Attack Solution</li> </ul> <div class="textBOLD12"> WebSphere Security</div> <ul style="margin-top: 0px"> <li class="text12"> Architecture Components</li> <li class="text12"> Security Components</li> <li class="text12"> Digital Certificates</li> <li class="text12"> SSL (Secure Sockets Layer)</li> <li class="text12"> SSL in WebSphere</li> <li class="text12"> Java Security</li> <li class="text12"> JAAS</li> <li class="text12"> CSIv2</li> <li class="text12"> Java EE Security</li> <li class="text12"> Authentication and Authorization</li> <li class="text12"> User Registry</li> <li class="text12"> Authentication Mechanism</li> <li class="text12"> Global Security Configuration</li> <li class="text12"> LTPA</li> <li class="text12"> Single Signon (SSO)</li> <li class="text12"> Single Signon (SSO)</li> <li class="text12"> Admin Console Roles</li> <li class="text12"> Stopping Secure Servers</li> <li class="text12"> WebSphere Security Questions</li> <li class="text12"> WebSphere Security Answers</li> </ul> <div class="textBOLD12"> Configuring WebSphere Security</div> <ul style="margin-top: 0px"> <li class="text12"> WebSphere Security</li> <li class="text12"> Security Tasks</li> <li class="text12"> User Registries</li> <li class="text12"> WebSphere User Registries</li> <li class="text12"> LDAP</li> <li class="text12"> LDAP Security Basics</li> <li class="text12"> LDAP Data Structure</li> <li class="text12"> Distinguished Name (DN)</li> <li class="text12"> Loading Users in Tivoli Directory Server 6.0</li> <li class="text12"> Creating Users and Groups in Domino Server</li> <li class="text12"> Local OS</li> <li class="text12"> Custom Registry</li> <li class="text12"> Precaution</li> <li class="text12"> Selecting A Registry</li> <li class="text12"> Configure the LDAP User Registry</li> <li class="text12"> Configuring Domino Server</li> <li class="text12"> Configuring Domino Server with WAS</li> <li class="text12"> Configure Local OS Registry</li> <li class="text12"> Enable Global Security</li> <li class="text12"> Console Users</li> <li class="text12"> Console Roles</li> <li class="text12"> Console Role Mapping</li> <li class="text12"> Make It So!</li> <li class="text12"> Stopping Secure Servers</li> <li class="text12"> WebSphere Security Questions</li> <li class="text12"> WebSphere Security Answers</li> </ul> <div class="textBOLD12"> Securing The Installation</div> <ul style="margin-top: 0px"> <li class="text12"> The Operating System</li> <li class="text12"> Pre-Installation Tasks</li> <li class="text12"> Windows Security Policy</li> <li class="text12"> Unix - Umask Value</li> <li class="text12"> Linux / Solaris Shadow File</li> <li class="text12"> Post-Installation Tasks</li> <li class="text12"> Securing Windows Files</li> <li class="text12"> Securing UNIX Files</li> <li class="text12"> UNIX File System</li> <li class="text12"> Running Application Server as non-root User UNIX Platform</li> </ul> <div class="textBOLD12"> Web Application Security</div> <ul style="margin-top: 0px"> <li class="text12"> Servlet Security</li> <li class="text12"> Setting up Servlet Security</li> <li class="text12"> Defining Roles</li> <li class="text12"> Create a Security Constraint</li> <li class="text12"> Configuring Declarative Security Using RAD</li> <li class="text12"> Defining Roles Using RAD</li> <li class="text12"> Defining Security Constraint Using RAD</li> <li class="text12"> Configuring Declarative Security Using RAD</li> <li class="text12"> Defining Roles at Application Level</li> <li class="text12"> Defining Roles At Application Level Using RAD</li> <li class="text12"> Java EE Role Management</li> <li class="text12"> Mapping Roles to Users and Groups in WebSphere</li> <li class="text12"> Authentication Mechanism</li> <li class="text12"> Configuring Authentication Mechanism Using RAD</li> <li class="text12"> HTTP Basic Authentication</li> <li class="text12"> HTTP Digest Authentication</li> <li class="text12"> Form-based Authentication</li> <li class="text12"> HTTPS Client Authentication</li> <li class="text12"> User Context of a Servlet Execution</li> <li class="text12"> Accessing User Credentials</li> <li class="text12"> User Context Used by RequestDispatcher</li> <li class="text12"> User Context Used When Invoking an EJB</li> <li class="text12"> Specifying User Context</li> <li class="text12"> Configuring Run As Identity Using RAD</li> <li class="text12"> Mapping Run As Roles to Users Using WebSphere</li> <li class="text12"> The init method</li> <li class="text12"> Programmatic Role-based Security</li> <li class="text12"> Creating Role Sensitive Views</li> <li class="text12"> Security Role References</li> <li class="text12"> Configuring Security Role Reference Using RAD</li> <li class="text12"> Problems with Basic Authentication</li> <li class="text12"> Set Up Form-based Authentication</li> <li class="text12"> Create an HTML Form</li> <li class="text12"> Configure a login-config Element</li> <li class="text12"> Configure a login-config Element</li> <li class="text12"> Handling Login Failure</li> <li class="text12"> Protecting Session with WebSphere Security</li> <li class="text12"> Implementing a Logout Feature</li> <li class="text12"> User Data Constraint</li> <li class="text12"> Configuring a User Data Constraint in RAD</li> </ul> <div class="textBOLD12"> EJB Security</div> <ul style="margin-top: 0px"> <li class="text12"> Setting up EJB Security</li> <li class="text12"> Defining Roles</li> <li class="text12"> Setting Method Permission</li> <li class="text12"> Configuring Declarative Security Using RAD</li> <li class="text12"> Defining Roles Using RAD</li> <li class="text12"> Configuring Method Permissions Using RAD</li> <li class="text12"> Disable Security Check</li> <li class="text12"> Disabling Security Check Using RAD</li> <li class="text12"> Excludes List</li> <li class="text12"> Configuring Excludes List Using RAD</li> <li class="text12"> Configuring Unprotected Methods Using WebSphere</li> <li class="text12"> Programmatic Role-based Security</li> <li class="text12"> Security Role References</li> <li class="text12"> Configuring Security Role Reference Using RAD</li> <li class="text12"> User Context of a Method Execution</li> <li class="text12"> Accessing User Credentials</li> <li class="text12"> Specifying User Context</li> <li class="text12"> Use Caller Identity Scenario</li> <li class="text12"> Run As Scenario</li> <li class="text12"> Configuring Use Caller Identity Using RAD</li> <li class="text12"> Configuring Run As Identity Using RAD</li> <li class="text12"> Mapping Run As Roles to Users Using WebSphere</li> <li class="text12"> WebSphere EJB Delegation Policies</li> <li class="text12"> Configuring Use Identity of Caller Using RAD</li> <li class="text12"> Configuring Use System Identity Using RAD</li> <li class="text12"> Overriding System Identity Using WebSphere</li> <li class="text12"> Configuring Run As Specified Identity Using RAD</li> </ul> <div class="textBOLD12"> SSL Configuration</div> <ul style="margin-top: 0px"> <li class="text12"> The Need for Encryption</li> <li class="text12"> Public Key Infrastructure (PKI)</li> <li class="text12"> Certificates</li> <li class="text12"> SSL Basics</li> <li class="text12"> WebSphere and SSL</li> <li class="text12"> WebSphere SSL Configuration</li> <li class="text12"> SSL Configuration Repertoire</li> <li class="text12"> SSL Repertoires</li> <li class="text12"> Creating an SSL Repertoire</li> <li class="text12"> Dummy Certificates</li> <li class="text12"> Key Files</li> <li class="text12"> Trust File</li> <li class="text12"> Default Key Stores</li> <li class="text12"> Obtaining a Certificate</li> <li class="text12"> Key Management Tools</li> <li class="text12"> Using keytool</li> <li class="text12"> Generate a Self-Signed Certificate</li> <li class="text12"> Getting a CA Signed Certificate</li> <li class="text12"> Specify the Key Store</li> <li class="text12"> Different SSL Interactions</li> <li class="text12"> Web Client to Web Server</li> <li class="text12"> Enable SSL For IBM HTTP Server</li> <li class="text12"> Web Server to WebSphere</li> <li class="text12"> Java Client to WebSphere</li> </ul> <div class="textBOLD12"> Web Services Security</div> <ul style="margin-top: 0px"> <li class="text12"> The Challenges</li> <li class="text12"> WebSphere and Web Services Security</li> <li class="text12"> SOAP Message Security</li> <li class="text12"> Message Integrity</li> <li class="text12"> Message Confidentiality</li> <li class="text12"> Authentication</li> <li class="text12"> Transport Level Security</li> <li class="text12"> Configuring Security in WebSphere</li> <li class="text12"> Configuring a Server Module</li> <li class="text12"> Configuring a Client Module</li> </ul> <div class="textBOLD12"> Security</div> <ul style="margin-top: 0px"> <li class="text12"> Java Security</li> <li class="text12"> Attacks and Dangers</li> <li class="text12"> Overview of JDK Security Features</li> <li class="text12"> Basic Concepts of Computer Security</li> <li class="text12"> Encryption</li> <li class="text12"> Cryptography Algorithm</li> <li class="text12"> Message Digest</li> <li class="text12"> Symmetric Ciphers</li> <li class="text12"> Asymmetric Ciphers</li> <li class="text12"> Digital Signature</li> <li class="text12"> Authentication</li> <li class="text12"> Certificate Manipulation</li> <li class="text12"> Java Cryptography Architecture (JCA)</li> <li class="text12"> Java Cryptography Extension</li> <li class="text12"> Using the MessageDigest Class</li> <li class="text12"> Using the Signature Class</li> <li class="text12"> Java Security Architecture</li> <li class="text12"> JDK 1.0 Security Model Sandbox</li> <li class="text12"> JDK 1.1 Security Model Trusted Signed Code</li> <li class="text12"> JDK 1.2 Security Model Security Policy</li> <li class="text12"> JDK 1.4 Security Enhancement</li> <li class="text12"> Protection Domains and Security Policies</li> <li class="text12"> ProtectionDomain Class</li> <li class="text12"> Permission Classes</li> <li class="text12"> Policy Class</li> <li class="text12"> Policy Configuration File</li> <li class="text12"> AccessController Class</li> <li class="text12"> SecurityManager Class</li> <li class="text12"> Using the SecurityManager Class</li> <li class="text12"> Dynamic Class Loader</li> <li class="text12"> Loader Classes</li> <li class="text12"> Java Security Tools</li> <li class="text12"> Using Java Security Tools Code Signing</li> <li class="text12"> Enabling Java Security</li> <li class="text12"> WebSphere Policy</li> <li class="text12"> WebSphere Policy Files</li> <li class="text12"> Other WebSphere Policy Files</li> <li class="text12"> Application Security</li> <li class="text12"> was.policy</li> <li class="text12"> Using was.policy</li> <li class="text12"> Deployment</li> </ul>

Free Resources from Intertech

Complete Guide to Becoming a Full Stack Developer

Free Book Chapter: Spring Web

Free Guide: JUnit Best Practices

X