Web Services and Security

Web services provide many benefits for developing Web applications based on SOA (Service Oriented Architecture). But, there are still some open issues such as security that need to be addressed by standard bodies and technology vendors in order for Web services to become a viable solution for building global service oriented architectures. As a result, much emphasis has been placed on the development of various high-level security standards and protocols, but in many cases the simplest application level attacks have been neglected. In this paper we attempt to analyze the security standards associated with Web Services in general, and how they are related to each other in the rest of paper we cover the dependency of Web services on XML, the various forms of XML-based attacks, and finally provide recommendation and countermeasures. This paper tends to provide an understanding of the challenges in integrating information security practices into SOA design and development based on Web services