Abstract: “Vulnerabilities in Web based applications will always be present. Several measures were taken to extenuate the effects of this reality but with limited success. In fact, we are bombarded by new technologies to harden systems and monitor and respond to threats, like firewalls, IDS (intrusion detection system) and IPS (Intrusion Prevention System). However, the flow of attacks and threats is so important to the point that the configuration and reconfiguration of these tools becomes difficult to insure in time. In this paper we introduce “a framework for dynamic security Policy for Web services” called SmartWSSec. The main goal of our architecture is to guarantee better security for web services based on adaptive security models. It aims to identify the appropriate actions that must be taken when a zero day attack occurred resulting on a smart protection for web service in a self-adaptive manner. The proposed architecture uses a knowledge based mechanism to learn and adjust the system whe”

Keywords: Adaptive and dynamic security, Knowledge database, prevention, reaction, Security policy, Smart engine, Web service, WS-SecurityPolicy