This course is an intensive, hands-on treatment of XML, XPath, and XSLT. The course is a balanced mixture of theory and practical labs designed to take students from a quick review of the basic fundamentals of XML through to the related advanced technologies. The students walk through the different standards in a structured manner to enable them to master the concepts and ideas, which are reinforced in the lab exercises. The course starts with a quick review of the fundamentals of XML before covering XML Schema in detail. It then moves on to the XPath and XSLT covering advanced topics in both. Finally, XML and Web Services security mechanisms and issues are addressed.
Course Outline
Session: XML Structure
Lesson: XML Schema Review
- XML Namespaces
- W3C XML Schemas
- Elements, Attributes, and Types
- Restricting Simple Types: Facets
Lesson: Advanced XML Schema
- Complex Types Can be Derived
- Derivation by Extension
- Elements vs. Attributes: When to use them?
- Using XML Schema with Namespaces
- Managing Large Schemas
Lesson: Processing XML
- Parsers and API’s
- Deciding When to Use SAX
- Deciding When to Use DOM
- Parsing With a DTD or Schema
Session: XML Formatting
Lesson: XPath and XSLT Review
- XPath Data Model
- XPath Operators and Functions
- Conflict Resolution for Templates
- Calling Templates
- Looping, Sorting and Conditional Processing Constructs
Lesson: Advanced XSL Topics
- ID Attributes Uniquely Identify Elements
- generate-id() is Used to Create Unique Strings
- <xsl:key> and key() Work to Select Groups
- xsl:copy and xsl:copy-of
- Managing Whitespace
- XInclude
- <xsl:message> Signals Conditions
- Extending XSLT Using Java
Lesson: XPath 2.0 and XSLT 2.0 Overview
- XPath 2.0 Improvements
- XPath 2.0 and XQuery 1.0
- XSLT 2.0 Improvements
Lesson: XSL FO (Formatting Objects)
- XSL Family Working Together
- Apache’s FOP: Rendering XML
- Page Types Can Be Conditional
- Content Flows Into Page Regions
Session: Advanced XML Topics
Lesson: XML Interoperability
- XML From a Data Perspective
- XML/Database Interfacing
- Challenges to Mapping XML
Lesson: Web Services Overview
- XML in Web Services
- WSDL: Description
- Many Web Services Challenges
Lesson: Defending XML
- XML Signature
- XML Encryption
- XML Attacks: Structure
- XML Attacks: Injection
- Safe XML Processing
Lesson: Defending Web Services
- Web Service Security Exposures
- When Transport-Level Alone is NOT Enough
- Message-Level Security
- WS-Security Roadmap
- XWSS Provides Many Functions
- Web Service Attacks
- Web Service Appliance/Gateways
Lesson: Defending Rich Interfaces and REST
- How Attackers See Rich Interfaces
- Attack Surface Changes When Moving to Rich Interfaces
- Bridging and its Potential Problems
- Three Basic Tenets for Safe Rich Interfaces
- OWASP REST Security Recommendations
This course is also available on our public schedule via Live Virtual Classroom:
Contact us here.