Course Introduction
Course goal
Lesson objectives
Agenda for each day of lessons
Describing the practice environment and business scenario
Web Services Security Overview
Security challenges for Web Services
Web Services
Web Services security concepts
Transport versus message security
Security standards overview
Best practices for applying security for web services
Getting Started with Oracle API Gateway (OAG) 11g
Need for XML gateways
Oracle API Gateway as multi-layered security deployment for web services
Oracle API Gateway Basics
Oracle API Gateway Features
Oracle API Gateway architecture and components
Oracle API Gateway User Interface
Registering Web Services in OAG
Introduction to Policy Studio interface
Capabilities of registered/virtualized web services
Registering and testing web services in Policy Studio
Policies
Assigning policies to web services in Policy Studio
Monitoring, Logging and Tracing
Monitoring traffic in API Gateway Manager
Troubleshooting Tools
Managing Configurations
Describe OAG configuration structure
Manage a deployed configuration
Compare and merge API Gateway configurations
Import and export configuration data
Fault Handling
What is Fault Handling?
SOAP Faults
Default Fault Handler
Overriding the Default Fault Handler
Custom Fault Handling by using a policy
Example of Custom Fault Handling: Global Handler
Blocking XML Threats
XML Concepts
XML Firewalling
XML content & schema attacks and the filters to use
What is throttling
Define rules for throttling
Protect REST
Accelerating XML Processing and Managing Traffic
Caching
Configuring cache settings
Managing Traffic
Configuring SSL
Encryption concepts
SSL basics
SSL support in the OAG Gateway
Configuring SSL settings
Configuring mutual SSL settings
Terminating an SSL connection
Securing XML Messages
XML signature
XML encryption
XML transformation
Securing SOA Composites with OAG and Oracle Web Services Manager (OWSM)
SOA and Web Services
SOA Composite Applications
Oracle Service Bus
Oracle Web Services Manager
Integrating OAG with Identity and Access Management and OAuth
Oracle Access Management Suite
OAM Architecture
OAG-OAM Integration
OAG-OES Integration
OAuth 2.0
Cloud Security with OAG
Cloud Computing
API keys
Protecting and Managing API Keys
Description:
Oracle API Gateway 11g R2 (11.1.2.3.0) is a security gateway product in Oracle Fusion Middleware product family. The
product primarily provides first line of defense for SOA and Cloud environments. The course is ideal if you have a basic
understanding of web application security vulnerabilities. The course will help you brush up your XML and Web Services
security knowledge, teach you how to use Oracle API Gateway tools to configure policies and filter to secure, accelerate
and integrate XML and Web Services. Learn To: Describe the XML-based threats to an enterprise environment.
Describe web service security concepts. Describe Oracle API Gateway capabilities, architecture and components.
Illustrate Oracle API Gateway deployment topology. Use Oracle API Gateway to block XML attacks and secure XML
messages. Use Oracle API Gateway to accelerate XML processing. Provide an end-to-end security for SOA composites
using OAG and OWSM. Secure web services. An end-to-end security solution The course will teach you how Oracle
API Gateway is used together with Oracle Service Bus and Oracle Web Services Manager to provide an end-to-end
security solution for SOA composite applications and web services, and how it leverages Oracle Identity and Access
Management products to provide authentication and authorization.