An advisor for web services security policies.

ABSTRACTWe identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities automatically and to offer redial advice. We report on its implentation as a plugin for Microsoft Web Services Enhancents (WSE).