On the OnLAMP.com today, there's this new article for all of those Apache-using, safety-minded folks out there - Securing Web Services with mod_security.

Web services are increasingly becoming an integral part of next-generation web applications. They're also vulnerable to attacks. [...] These attacks can lead to information leakage; further, they aid in remote command execution. By using WSDL, an attacker can determine an access point and available interfaces for web services. These interfaces or methods take inputs using SOAP over HTTP/HTTPS.

Without good defense at the source code level, your application is in danger of compromise and exploitation. mod_security operates as an Apache web server module, ideal for defending web services against attacks that also include malicious POST data containing SOAP envelopes.

They give some sample Apache directives on how to get things started up for your web application, and how to secure it quickly. Through the use of mod_security's content filtering, they show how to catch invalid input on a web services and log/kick out the request from the malicious user. They give four main "attack vestor types" to watch out for (as well as examples of each): "variable-length buffer injection", "metacharacter injection", "SQL injection", and "SOAP fault code disclosure".