> Interestingly, even Axis2 itself is not immune. See [1] for an issue > that has been discovered yesterday. > > Is your project/thesis more focused on detecting security issues and > fixing them or on protecting existing Web services with potentially > known security issues? > > Andreas > > [1] https://issues.apache.org/jira/browse/AXIS2-4279
Hi, it is definitely more focused on protecting existing Web services against known attacks. Nevertheless one interesting part is how to handle new upcoming attacks and again the solution of securing the application layer outside the application (with Synapse in my case) comes up with some obvious advatages, like you do not have to change or know a single line of code of the service. Simon
