So check out http://Securing.WS!
You’ll find (together with the already mentioned TulaFale) the Web Services Enhancements Policy Advisor (WSEPA), another pioneer work from project Samoa. From the page:
“WSE Policy Advisor is a security plug-in for Web Services Enhancements 2.0 for Microsoft .NET (WSE). It can be invoked either from the WSE Configuration Editor or as a stand-alone tool. It examines the policy files that configure WSE, summarizes their security properties, highlights typical security risks, and provides some remedial advice. Ensure you have installed SP2 of WSE 2.0 before attempting to install WSE Policy Advisor. “
Run it on a policyCache.config of considerable size, and the value of such a tool will be immediatly clear to you. Great work!