Introduction

An increasing penetration of Web Services has enticed attackers which has made
Web Services prone to various attacks. The basic principles of information security
apply to provide a reliable and secure Web Service, which are

Confidentiality - Implemented by using encryption of traffic at Transport and

Application layers
Maintaining integrity of data
Availability of the service at all times is very important as more and more
activities are utilising the World Wide Web

Most organisations rely on an ongoing, iterative process of Risk Management to

assess threats, vulnerabilities to manage risk while striking a balance between cost
and effectiveness of countermeasures to protect the organisations information
resources.
Penetration Testing is an important element of the Risk Management process. A
Penetration Test is an attempt to evaluate the security of an IT infrastructure by
safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating
systems, service and application flaws, improper configurations, or risky end-user
behavior. Such assessments are also useful in validating the efficacy of defensive
mechanisms, as well as, end-user adherence to security policies.