For static Web Service invocations, this attack obviously
is not so promising for the adversary, as the
task of deriving service invocation code from the
WSDL description usually is done just once, at the
time of client code generation. Thus, the attack here
can only be successful if the adversary manages to
interfere at the one single moment when the service
client’s developer leeches for the service’s WSDL file.
Additionally, the risk of the attack being discovered
assumably is rather high, especially in the presence of
sound testing methods.