TT4320: Advanced XML / XSLT
About this Course
Advanced XML / XSLT is a two-day hands-on course that provides indoctrination in the practical use of W3C standards (including XSL and XML Schema) and of implementing tools and technologies. This course is programming language independent, making it useful for Java, .NET, C++, and any other programming orientation. Graduates will hit the ground running, applying XML to projects at both an architectural as well as a line by line coding level. We can easily adapt this course to industry and client specific needs.
Audience Profile
This is an intermediate and beyond level XML training course, designed for those needing in-depth knowledge and a working knowledge of XML, XML Schema, XSLT, and XML-related security.
At Course Completion
Throughout the course students will be led through a series of progressively advanced topics, where each topic consists of lecture, group discussion, comprehensive hands-on lab exercises, and lab review. This class is “technology-centric”, designed to train attendees in essential XML development skills coupling the most current, effective techniques with the soundest coding practices.
Working in a hands-on learning environment student will learn to:
· Design and implement changes to XML Schemas
· Apply advanced XSLT constructs such as calling named templates with parameters
· Use XSLT constructs such as messages, keys, and copy
· Generate linked, dynamic table of contents using XSLT
· Use XML Digital Signature and XML Encryption
· Defend XML-based services and functions from malicious attacks
Outline
Session: XML Structure
Lesson: XML Schema Review
- XML Namespaces
- W3C XML Schemas
- Elements, Attributes, and Types
- Restricting Simple Types: Facets
Lesson: Advanced XML Schema
- Complex Types Can be Derived
- Derivation by Extension
- Elements vs. Attributes: When to use them?
- Using XML Schema with Namespaces
- Managing Large Schemas
Lesson: Processing XML
- Parsers and API’s
- Deciding When to Use SAX
- Deciding When to Use DOM
- Parsing With a DTD or Schema
Session: XML Formatting
Lesson: XPath and XSLT Review
- XPath Data Model
- XPath Operators and Functions
- Conflict Resolution for Templates
- Calling Templates
- Looping, Sorting and Conditional Processing Constructs
Lesson: Advanced XSL Topics
- ID Attributes Uniquely Identify Elements
- generate-id() is Used to Create Unique Strings
- <xsl:key> and key() Work to Select Groups
- xsl:copy and xsl:copy-of
- Managing Whitespace
- XInclude
- <xsl:message> Signals Conditions
- Extending XSLT Using Java
Lesson: XPath 2.0 and XSLT 2.0 Overview
- XPath 2.0 Improvements
- XPath 2.0 and XQuery 1.0
- XSLT 2.0 Improvements
Lesson: XSL FO (Formatting Objects)
- XSL Family Working Together
- Apache’s FOP: Rendering XML
- Page Types Can Be Conditional
- Content Flows Into Page Regions
Session: Advanced XML Topics
Lesson: XML Interoperability
- XML From a Data Perspective
- XML/Database Interfacing
- Challenges to Mapping XML
Lesson: Web Services Overview
- XML in Web Services
- WSDL: Description
- Many Web Services Challenges
Lesson: Defending XML
- XML Signature
- XML Encryption
- XML Attacks: Structure
- XML Attacks: Injection
- Safe XML Processing
Lesson: Defending Web Services
- Web Service Security Exposures
- When Transport-Level Alone is NOT Enough
- Message-Level Security
- WS-Security Roadmap
- XWSS Provides Many Functions
- Web Service Attacks
- Web Service Appliance/Gateways
Lesson: Defending Rich Interfaces and REST
- How Attackers See Rich Interfaces
- Attack Surface Changes When Moving to Rich Interfaces
- Bridging and its Potential Problems
- Three Basic Tenets for Safe Rich Interfaces
- OWASP REST Security Recommendations
Prerequisites
· TT4300 Introduction to XML