This paper is certainly not the first survey on web security; see, for example, Rubin [84]. Since the WWW is evolving very quickly, this paper intends to provide an up-to-date and in-depth overview of the current state-of-the-art regarding Web security. Instead of addressing one or more particular issues, we try to identify and discuss a broad range of different security issues which are all relevant to the WWW. We start with the issue of secure communications, probably the issue that comes first into mind when thinking about "Web security". Secure communications can be provided at several layers of the network protocol stack. Secure communications requires - at least as it is currently provided on the WWW - a properly deployed public key infrastructure. Although client authentication can be provided by solutions for secure communications, this is mostly performed on top of these solutions. User Authentication is therefore devoted to the different authentication mechanisms that are currently used. The problem of mobile code and the different approaches to tackle this problem are then discussed in the section on Mobile Code. The privacy concerns and issues form the topic of the chapter on Anonymity and Privacy. The WWW is a common exchange medium for copyrighted, illegal and/or unwanted content. Content investigates the efforts being undertaken for this problem. Thereafter, Payment describes a central issue in e-commerce applications, payment. Finally, the sections entitled Implementation and 'Environmental' Issues and Legal discuss the implementation and environmental issues and the legal issues respectively.
The link for this article located at FirstMonday is no longer available.
