An investigation on integrating XML-based security into Web services

Web services provide many benefits for developing Web applications based on SOA (Service Oriented Architecture). However, there are some open issues such as security that need to be addressed by standard bodies and technology vendors in order for Web services to become a viable solution for building global service oriented architectures. As a result, much emphasis has been placed on the development of various high-level security standards and protocols, but in many cases the simplest application level attacks have been ignored by the developers. This article covers the dependency of Web services on XML, the various forms of XML-based attacks, famous standards about XML security and finally provides recommendation and countermeasures. This publication tends to provide an understanding of the challenges in integrating information security practices into Web services design and development.