I've been blogging on importance of input validatoin some time ago App Architecture with Security in mind - Video, Part I Web Services is not different from ASPX - accept parameters and process it. So the strategy for input validation should be the same as with ASPX - each and every input parameter MUST be checked for goodness (no black list allowed!). The only difference with ASPX is that there is no validation controls for ASMX, so the simplest way would be as follows: from http://msdn2.microsoft...