Web services (WS) have become a significant part of the Web because of such attractive features as simple to use, platform independence, and XML/SOAP support. However, these features make WS vulnerable to many new and inherited old security threats. Semantic WS, which are capable of publishing semantic data about their functional and nonfunctional properties, add even more security issues. Now, it becomes easier to attack WS because their semantic data is publicly available. To register and prevent these attacks, especially distributed attacks, new distributed firewalls and intrusion detection systems (F/IDS) have to be applied. However, these F/IDS can be developed by different vendors and they do not have the way to cooperate with each other. This problem can be solved if various F/IDS share a common vocabulary, which can be based on ontologies, to allow them to interact with each other. In this paper, we describe WS security threats and state that they have to be analysed and classified systematically in order to allow the development of better distributed defensive mechanisms for WS using F/IDS. We choose ontologies and OWL/OWL-S over taxonomies because ontologies allow different parties to evolve and share a common understanding of information which can be reasoned and analysed automatically. We develop the security attack ontology for WS and illustrate the benefits of using it with an example.