Alle CursussenbalkjeAlgemeen » Introductie HW & SW » Soft skills » TrajectenOperating Systems » MVS - z/OS » Linux - UNIX » Mac OS X » iPad en iPhone iOSDatabases en middleware » Relationele databases & SQL » Db2 for z/OS » Db2 for LUW » Oracle » SQL Server » MySQL & MariaDB » IMS » CICS » IBM MQ » WebSphere » Data Science, Big Data en AnalyticsApplicatieontwikkeling » Methoden en technieken » TOGAF » PRINCE2 » Agile en Scrum » Programmeertalen » Internet development » Object Oriented systems » Java » Development tools » SAS » XML » SOA & web servicesSysteembeheer » ITIL » SecuritybalkjePraktischInschrijven 
Deze pagina is niet beschikbaar in het Nederlands.
Securing your WebSphere applications

This is the definitive course for all those who will be dealing with the security aspects that are critical for web applications running in a WebSphere Application Server V7 (WAS) environment.

On successful completion of this course, attendees will be able to:


Momenteel zijn er voor deze cursus geen publieke sessies gepland. Graag organiseren we een bedrijfssessie voor u of een extra publieke sessie (bij voldoende belangstelling). Geïnteresseerd? Gelieve dan ABIS te contacteren.

Intended for

Webmasters, application administrators and system administrators who are going to install, configure and secure web-oriented applications on a WebSphere Application Server runtime.

This course is also suitable for developers who want to test thoroughly for a WebSphere Application Server roll-out. System architects and developer/deployers will get to know the runtime context for the enterprise applications that they build.


Attendees should have experience in WebSphere Application Server (see WebSphere Application Server V8.5 administration) and now want to engage in all aspects of security within WAS.

Main topics

Objectives & topics; WAS security implementation; Administrative security; Secure System Administration; Federated repositories feature; Simplified certificate and key management; Tips for configuring default security; Secure processes; Extensible, layered security infra-architecture; J2EE security features compared; Java2 security; JAAS (Java Authentication and Authorization Service; J2EE security roles; J2EE security the full picture explained; SSL - Secure Sockets Layer; Authentication; External WAS security components; JACC - Java Authorization Contract for Containers; J2EE Application Security (focus on); Security roles; Taken from EJB specification; EJB specification translated; J2EE container based security; Configuring application security; handling security role mappings from Admin console; Securing J2EE components in practice; Web components; Web module; Securing EJBs; Security Cache, Multiple Security Domains; Different application security realms.

Objectives & topics; How does it work; different types of VMM; configuring the VMM using default adapters; configuring VMM with Property Extension Repository (PER) and Entry Mapping Repository (EMR); configuring database repository in VMM.

Objectives and Topics; Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; CA and self signed certificates; Auto replacement of certificates; autosecurity and privacy; firewalls and encryption; Secure Sockets Layer; Secure communications using SSL; SSL administration.

Objectives and Topics; Overview of CSIv2; the protocol; three layers of authentication; identity assertion and mapping; security attribute propagation; configuration on the client and the server,

Objectives & topics; Resources for problem determination; Console messages; Log Files; WAS logs overview; Basic format for log/trace entry; If logs are not enough; To trace or not to trace; Trace strings; Web Server - Web container: mind the gap!; HTTP Server logs; Dump Name Space; Thread analyzer; Collector tool; First Failure Data Capture logs; HTTP session monitoring; Product installation information; Log and Trace analyzer for Autonomic Computing.

Objectives & topics; Performance enhancing technologies; Performance data; Transaction oriented; Built-in performance booster; Performance data and tools; PMI overview; PMI data; Performance data hierarchy; PMI data organization; Tivoli Performance Viewer; Performance Advisors; Performance (PMI) Servlet; JVMPI facility; PMI request metrics; Request Metrics functionality; What's the point?; Current architecture; Configuring Request Metrics; Limit the monitoring; Request Metrics output; Application Response Measurement (ARM); Dynamic Cache (optional section); Dynamic Cache functionality; What can be cached?; How it works; Dynamic Cache setup; Dynamic Cache monitoring; Security Cache and Auditing.

Training method

The course combines formal classroom teaching with numerous practical, hands-on sessions.


3 days.

Course leader

RSM Technology.