Security checks for WebMethods EDI

We have plans on integrating a limited amount of security checks into the webMethods EDI. As of now, there are not many inbuilt security checks in the webMethods EDI, please correct me if I am wrong.

My plan is to check for the following basic checks before they are designed/pushed to integration server.

  1. check for any no auth or BASIC auth web services, and if they do, alert the user to use other more secure authentication operations.
  2. check for hardcoded username/passwords for any authentication. Either to downstream databases or upstream web services etc, or to authenticate users to the web services created for self.
  3. check if there area any external IP/URL references. External meaning - any IP subsets which are not part of what I have included, or any URL with domain not included in the list.
  4. check if encryption/decryption features developed internally are using secure crypto algorithms.
  5. check if all inputs in the design go under a validation module, which confirms no malicious characters are accepted.

Could you please let me know if they are already available, or if I need to build them on my own. If you can provide me any details of how you have implemented security at the level I am mentioning, it would be good information for me.