| Purpose: Besides the huge success of web services throughout all major industries, web service security is not fully understood by developers and users alike. Web services are vulnerable not only to all known attacks of regular web applications, but also to new web service specific attacks. Up to now, no comprehensive database exists that describes all major web service specific attacks in a stringent fashion.
To close this gap all major web service attacks have been enumerated. Furthermore, a rigorous attack meta structure has been developed. Each attack is described in detail, categorized and explained with an example. At the end of each attack description a detailed list of countermeasures is given, for mitigating or even preventing the attack.