Practical UNIX security
UNIX system security: a guide for users and system administrators
UNIX system security: a guide for users and system administrators
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Web security sourcebook
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
Anonymous Connections and Onion Routing
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Communications of the ACM
Design and implementation of IBIDS—an Internet based integrated design system
ACM-SE 37 Proceedings of the 37th annual Southeast regional conference (CD-ROM)
Privacy-preserving data mining
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Five dimensions of information security awareness
ACM SIGCAS Computers and Society
Behavior-based intrusion detection in mobile phone systems
Journal of Parallel and Distributed Computing - Problems in parallel and distributed computing: Solutions based on evolutionary paradigms
A Virtual Private Network for Virtual Enterprise Information Systems
WAIM '00 Proceedings of the First International Conference on Web-Age Information Management
Security Properties of Software Components
ISW '99 Proceedings of the Second International Workshop on Information Security
Teaching a web security course to practice information assurance
Proceedings of the 37th SIGCSE technical symposium on Computer science education
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
A review of information security issues and respective research contributions
ACM SIGMIS Database
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
Watermarking essential data structures for copyright protection
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
A survey of client-side Web threats and counter-threat measures
Security and Communication Networks
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
| Hi-index | 4.12 |
With no insult intended to the early Web designers, security was an afterthought. At the outset, the Web's highest goal was seamless availability. Vendors engaged in retrofitting security must contend with the Web environment's peculiarities, which include statelessness, location irrelevance, code and user mobility, and stranger-to-stranger communication. This article presents a survey of Web-specific security issues. The focus is on security in the server and host environments, mobile code, data transport, and anonymity and privacy. The server is the central system and the repository of information resources. The server is thus the locus of threats, whereas the client is largely out of sight. The authors conclude that, although the state of Web security is abysmal, the use of the Web for business will result in a more serious approach to security. They suggest that public-key technology will be the skeleton on which Web security will hang. A trust management paradigm for securing Web commerce will give way to a risk management paradigm, in proportion to the value of the transactions moving on the Web.