The World Wide Web (WWW) was initially intended as a means to share distributed information amongst individuals. Now the WWW has become the preferred environment for a multitude of e-services: e-commerce, e-banking, e-voting, e-government, etc. Security for these applications is an important enabler. This article gives a thorough overview of the different security issues regarding the WWW, and provides insight in the current state-of-the-art and evolution of the proposed and deployed solutions.. . .
The World Wide Web (WWW) was initially intended as a means to share distributed information amongst individuals. Now the WWW has become the preferred environment for a multitude of e-services: e-commerce, e-banking, e-voting, e-government, etc. Security for these applications is an important enabler. This article gives a thorough overview of the different security issues regarding the WWW, and provides insight in the current state-of-the-art and evolution of the proposed and deployed solutions.

This paper is certainly not the first survey on web security; see, for example, Rubin [84]. Since the WWW is evolving very quickly, this paper intends to provide an up-to-date and in-depth overview of the current state-of-the-art regarding Web security. Instead of addressing one or more particular issues, we try to identify and discuss a broad range of different security issues which are all relevant to the WWW. We start with the issue of secure communications, probably the issue that comes first into mind when thinking about "Web security". Secure communications can be provided at several layers of the network protocol stack. Secure communications requires - at least as it is currently provided on the WWW - a properly deployed public key infrastructure. Although client authentication can be provided by solutions for secure communications, this is mostly performed on top of these solutions. User Authentication is therefore devoted to the different authentication mechanisms that are currently used. The problem of mobile code and the different approaches to tackle this problem are then discussed in the section on Mobile Code. The privacy concerns and issues form the topic of the chapter on Anonymity and Privacy. The WWW is a common exchange medium for copyrighted, illegal and/or unwanted content. Content investigates the efforts being undertaken for this problem. Thereafter, Payment describes a central issue in e-commerce applications, payment. Finally, the sections entitled Implementation and 'Environmental' Issues and Legal discuss the implementation and environmental issues and the legal issues respectively.

The link for this article located at FirstMonday is no longer available.