Secure Web Applications and Web Services Architectures

Secure Web Applications and Web Services Architectures

Most applications are not designed with security in mind ... Get the concepts, architectures and vision at this seminar in cooperation with Ascure NV.

2 March 2005 (14-21)
Location: Sofitel Diegem (Diegem near Brussels (Belgium))
Presented in English
Price: 480 EUR (excl. 21% VAT)

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

Why this seminar?

Web Applications have become the point of entry to critical and confidential data, and have become the interface to internal resources, e-business and e-government platforms. Yet, we read time-and-time again that important data has been exposed and compromised via insecure Web applications.

Web Services may not be really visible, but there are more and more of them everyday. They are being set up both internally within organisations to facilitate internal communications and processes, and externally to facilitate the exchange of business-critical (e.g. financial) data. Most of these Web Services lack any solid security.

Everyone is using these technologies to unlock data and processes, even over the Internet. The advantages of being able to flexibly reach anyone, anywhere, anytime are clear. However, it is important to unlock wisely and in a controlled fashion.

This seminar will give a good insight in these topics. It will refrain from being highly technical and try to run you conceptually through the different topics which should be looked at when setting up any Web Application or Web Services Architecture.

First of all, we will set the scene using some simple examples of how Web resources can and are easily exploited. Then, we will give an overview of the scene, and list potential procedural and technical controls to mitigate these risks.

Secondly, we will get into Web application security specifics: how should Web applications be securely developed and what extra layer of security can be put in place to mitigate human/programmer's failure ?

Thirdly, we will add identity and access control management as an important component, and show how this best fits into Web environments. Finally, we will look at Web services, their specific security issues and how the lessons we already learned can be re-applied to these Web services.

Questions answered in this seminar

  • How can Web resources be exploited (= abused) ?
  • How do I assess risks ?
  • What are the generic (not application-specific) building blocks to secure my environment ?
  • What are the development guidelines and principles for secure Web applications, and how do I mitigate human/programmer's failure ?
  • How does Identity and Access control fit in Web environments ?
  • What are the security aspects of Web services and service-oriented architectures ?

Who should attend this seminar ?

  • "Business-side" people (responsible for e-Business, e-Government, e-Services and/or internal business processes/data) who want to understand how their valuable data is being unlocked and exposed, what the coinciding risks might be and what security controls and assurances they can and should demand.
  • "IT-side" people who want to get a clear view of those risks and the measures they should take to warrant the security of their IT-services/architectures.
  • Security people (of course) who have to guide and guard the process and to help both worlds to take the right decisions together.

Questions about this ? Interested but you can't attend ? Send us an email !