A lot has been said about the need for a good understanding of the security issues around web services and how to deal with them. The following new technology was just posted on the IBM alphaWorks site and can help you fix some things before they become security problems:
Web Services Interface Definition for Intrusion Defense (WSID4ID) is an Eclipse plug-in that validates the Web Service Description Language (WSDL) interface specification of a Web service, flagging any interface feature that could open a door to hacker attacks against that service. The technology is designed as an extension to the open-source WSDL validation plug-in, which is provided as part of Web Services Validation Tools (WSVT).
Using the WSVT WSDL validator, an Eclipse user may right-click on a WSDL file to validate its syntactic correctness. If this syntactic validation succeeds, the WSVT WSDL validator in turn invokes the WSID4ID plug-in. This new validator walks through the file and any nested WSDL or XML Schemas Definition (XSD) files it imports, checking for interface features that could open attack paths that hackers could use against the Web service defined by the WSDL file(s) being validated.