There is growing concern about current web security development. This project looks at common web system designs, the security threats to such designs and the security requirements for a networked system, thus understanding the problems of web system security.
The project then analyzes how available security technologies answer the web security problems. The current security technologies can be classified as core security technologies, which provide required security service, and web system specific security technologies, which are the technologies that fit directly into web system security scenario.
The analysis shows that current protocol design of the web – HTTP protocol and underlying infrastructure provide almost no security services. Fortunately, add-in security technologies are available with their advantages and disadvantages. The framework is then presented trying to make the most secure web system out of available technologies. Further researches show unsolved security problems and possible direction.
Author: Bhavya Daya