Web Services open a new battlefield across which application security professionals will wage a new war against a familiar list of network security enemies. Attacks that have been successful at lower levels of the network stack reemerge in Web Services. Attacks such as denial of service (DOS) and buffer overflows are just as much a problem in Web Services as they have been in other network contexts. Three real examples of attacks at the XML and Web Services level that have been encountered will be presented. The session will focus on how traditional threats map to the new Web Services paradigm. Countermeasures for each threat will be proposed and participants will learn how they can incorporate them into their applications and networks.