I wrote a paper a while back for Forum Systems outlining the "Top Ten Web Services" attacks. This information came up again at Integration Developer News. I just want to clarify that these are theoretical attacks and not based on a "survey." The idea was to describe ways to manipulate the protocols and components associated with Web Services.

Download the paper here and let me know what you think.