An example method for controlling access to services coupled to an application server includes receiving a set of method calls issued from originator services to target services and recording information about the set of method calls into a data structure. The method also includes modifying, based on user input, the data structure to exclude each unauthorized method call from the data structure. The method further includes receiving a first method call from a first originator service to a target service, and determining, based on searching the data structure, whether the first originator service is authorized to issue the first method call to the first target service. In response to a determination that the first originator service is not authorized to issue the first method call to the first target service, the application server may block the first originator service from issuing the first method call to the first target service.