SOAP (Simple Object Access Protocol) is the foundational, XML-based application protocol used to implement Web services within a SOA (Service Oriented Architecture). SOAP is transported primarily via HTTP and middleware messaging systems (JMS, MQ Series, MSMQ, Tuxedo, TIBCO RV) but can also be transported via other protocols such as SMTP (Simple Mail Transfer Protocol) and FTP (File Transfer Protocol).
SOAP messages generally comprise the following elements:
SOAP messages are often large as they must contain the information that applications and clients need to parse the data contained within them and to execute the appropriate logic. As messages increase in size, the processing required on the server increases as well, causing the consumption of resources on the server to increase while decreasing overall capacity. The increase in size can also have an adverse effect on the performance of applications built upon SOAP, as more network resources are required to transfer the messages.
Because SOAP is XML-based, it is vulnerable to a bevy of XML-focused attacks and vulnerabilities, and it is further vulnerable to the attacks associated with its transport layer protocol, most often HTTP.
F5 products that can address the security and performance issues associated with SOAP: BIG-IP Application Security Manager