Abstract: With the technology development and popularization of SOA applications, the security issues of Web services based on SOA have become increasingly prominent. The security of SOAP message is of great importance to Web service security. Currently SOAP message transport mainly depends on the WS Security standards. However, the WS-Security standards have some drawbacks. hhe SOAP messages in transport will be attacked by XML injection attacks and other Web attacks. Therefore, this paper designed a new SOAP message security transport mechanism which added the SOAP Validation node into the existing Web services security transport framework based on the WS standards. At last the experiments demonstrate that this security transport mechanism can truly detect some of XML attacks and improve the security of SOAP message.

Key words: SOA, SOAP, Security transport mechanism, XML inj ection attacks