Summer-Ready Savings: Find the Training Course You Need at a Price You'll Love

closeClose

Oracle API Gateway 11g R2: Manage and Control Security (Training On Demand)

  • Tuition USD $2,445 Save $122
  • Reviews star_rate star_rate star_rate star_rate star_half 329 Ratings
  • Course Code D99815GC10
  • Duration 3 days
  • Available Formats Self Paced
This course is available in other formats
Instructor-Led Classroom & Virtual
Oracle API Gateway 11gR2: Manage and Control Security (D88513GC10)

Oracle API Gateway 11g R2 (11.1.2.3.0) is a security gateway product in Oracle Fusion Middleware product family. The product primarily provides first line of defense for SOA and Cloud environments.

The course is ideal if you have a basic understanding of web application security vulnerabilities. The course will help you brush up your XML and Web Services security knowledge, teach you how to use Oracle API Gateway tools to configure policies and filter to secure, accelerate and integrate XML and Web Services.

Learn To:

  • Describe the XML-based threats to an enterprise environment.
  • Describe web service security concepts.
  • Describe Oracle API Gateway capabilities, architecture and components.
  • Illustrate Oracle API Gateway deployment topology.
  • Use Oracle API Gateway to block XML attacks and secure XML messages.
  • Use Oracle API Gateway to accelerate XML processing.
  • Provide an end-to-end security for SOA composites using OAG and OWSM.
  • Secure web services.

An end-to-end security solution

The course will teach you how Oracle API Gateway is used together with Oracle Service Bus and Oracle Web Services Manager to provide an end-to-end security solution for SOA composite applications and web services, and how it leverages Oracle Identity and Access Management products to provide authentication and authorization.

Skills Gained

  • Describe the XML-based threats to an enterprise environment
  • Describe web service security concepts
  • Describe OAG capabilities
  • Describe OAG architecture and components
  • Use OAG to block XML attacks
  • Use OAG to accelerate XML processing and manage traffic
  • Use OAG to secure XML messages and web services
  • Use OAG and OWSM to provide end-to-end security for SOA composites
  • Integrate OAG with Oracle Identity Management products to provide authentication and fine-grained authorization
  • Secure web services

Who Can Benefit

  • Administrator
  • Architect
  • Cloud Administrator
  • Implementer
  • System Integrator
  • Systems Administrator
  • Systems Adminis

Prerequisites

Required Prerequisite

  • Good XML concepts
  • Knowledge of WSDL, SOAP, and UDDI or equivalent

Course Details

Topics

  • Course Introduction
    • Course goal
    • Lesson objectives
    • Agenda for each day of lessons
    • Describing the practice environment and business scenario
  • Web Services Security Overview
    • Security challenges for Web Services
    • Web Services
    • Web Services security concepts
    • Transport versus message security
    • Security standards overview
    • Best practices for applying security for web services
  • Getting Started with Oracle API Gateway (OAG) 11g
    • Need for XML gateways
    • Oracle API Gateway as multi-layered security deployment for web services
    • Oracle API Gateway Basics
    • Oracle API Gateway Features
    • Oracle API Gateway architecture and components
    • Oracle API Gateway User Interface
  • Registering Web Services in OAG
    • Introduction to Policy Studio interface
    • Capabilities of registered/virtualized web services
    • Registering and testing web services in Policy Studio
    • Policies
    • Assigning policies to web services in Policy Studio
  • Monitoring, Logging and Tracing
    • Monitoring traffic in API Gateway Manager
    • Troubleshooting Tools
  • Managing Configurations
    • Describe OAG configuration structure
    • Manage a deployed configuration
    • Compare and merge API Gateway configurations
    • Import and export configuration data
  • Fault Handling
    • What is Fault Handling?
    • SOAP Faults
    • Default Fault Handler
    • Overriding the Default Fault Handler
    • Custom Fault Handling by using a policy
    • Example of Custom Fault Handling: Global Handler
  • Blocking XML Threats
    • XML Concepts
    • XML Firewalling
    • XML content & schema attacks and the filters to use
    • What is throttling
    • Define rules for throttling
    • Protect REST
  • Accelerating XML Processing and Managing Traffic
    • Caching
    • Configuring cache settings
    • Managing Traffic
  • Configuring SSL
    • Encryption concepts
    • SSL basics
    • SSL support in the OAG Gateway
    • Configuring SSL settings
    • Configuring mutual SSL settings
    • Terminating an SSL connection
  • Securing XML Messages
    • XML signature
    • XML encryption
    • XML transformation
  • Securing SOA Composites with OAG and Oracle Web Services Manager (OWSM)
    • SOA and Web Services
    • SOA Composite Applications
    • Oracle Service Bus
    • Oracle Web Services Manager
  • Integrating OAG with Identity and Access Management and OAuth
    • Oracle Access Management Suite
    • OAM Architecture
    • OAG-OAM Integration
    • OAG-OES Integration
    • OAuth 2.0
  • Cloud Security with OAG
    • Cloud Computing
    • API keys
    • Protecting and Managing API Keys
  • Course goal
  • Lesson objectives
  • Agenda for each day of lessons
  • Describing the practice environment and business scenario

Web Services Security Overview

  • Security challenges for Web Services
  • Web Services
  • Web Services security concepts
  • Transport versus message security
  • Security standards overview
  • Best practices for applying security for web services

Getting Started with Oracle API Gateway (OAG) 11g

  • Need for XML gateways
  • Oracle API Gateway as multi-layered security deployment for web services
  • Oracle API Gateway Basics
  • Oracle API Gateway Features
  • Oracle API Gateway architecture and components
  • Oracle API Gateway User Interface

Registering Web Services in OAG

  • Introduction to Policy Studio interface
  • Capabilities of registered/virtualized web services
  • Registering and testing web services in Policy Studio
  • Policies
  • Assigning policies to web services in Policy Studio

Monitoring, Logging and Tracing

  • Monitoring traffic in API Gateway Manager
  • Troubleshooting Tools

Managing Configurations

  • Describe OAG configuration structure
  • Manage a deployed configuration
  • Compare and merge API Gateway configurations
  • Import and export configuration data

Fault Handling

  • What is Fault Handling
  • SOAP Faults
  • Default Fault Handler
  • Overriding the Default Fault Handler
  • Custom Fault Handling by using a policy
  • Example of Custom Fault Handling: Global Handler

Blocking XML Threats

  • XML Concepts
  • XML Firewalling
  • XML content schema attacks and the filters to use
  • What is throttling
  • Define rules for throttling
  • Protect REST

Accelerating XML Processing and Managing Traffic

  • Caching
  • Configuring cache settings
  • Managing Traffic

Configuring SSL

  • Encryption concepts
  • SSL basics
  • SSL support in the OAG Gateway
  • Configuring SSL settings
  • Configuring mutual SSL settings
  • Terminating an SSL connection

Securing XML Messages

  • XML signature
  • XML encryption
  • XML transformation

Securing SOA Composites with OAG and Oracle Web Services Manager (OWSM)

  • SOA and Web Services
  • SOA Composite Applications
  • Oracle Service Bus
  • Oracle Web Services Manager

Integrating OAG with Identity and Access Management and OAuth

  • Oracle Access Management Suite
  • OAM Architecture
  • OAG-OAM Integration
  • OAG-OES Integration
  • OAuth 2.0

Cloud Security with OAG

  • Cloud Computing
  • API keys
  • Protecting and Managing API Keys

How do I enroll?

A comprehensive listing of ExitCertified courses can be found here. You can register directly for the required course/location when you select "register". If you have any questions or prefer to speak with an ExitCertified education consultant directly, please submit your query here. A representative will contact you shortly.

How do I pay for a class?

You can pay at the time of registration using credit card (Mastercard/Visa/American Express) cheque or PO.

What if I have training credits?

ExitCertified honors all savings programs from the partners we work with. ExitCertified also offers training credits across multiple partners through our FLEX Account.

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Lunchtime?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

The presenter was knowledgeable and professional. The duration of the course, the pace and venue was suitable also

Informative class with great instructure who was able to walk through the course material, answer all questions, and give great examples.

I received a link for automated set up. I do not like automated set up links since there's always a chance of compromise.

The course is well organized, and I would recommend it. The cadence can be faster.

The class is a good review of the services available in AWS.

In my mind. Myles Brown is an excellent instructor. His teaching approach agrees with me. No discernible stress about public speaking. Very engaging.

Enroll in the course offerings? Will enroll at the drop of a hat if approved. To ask mgmt to approve enrolment is another matter for me. Nothing to do with your company. Just a statement of fact.

Maybe a course on Google and MS Azure like this will be nice. If you have alternative options to mgmt, it is more likely that they shall have to choose one. Allow us to enroll.

Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward