From Web server security to Web components security

Abstract

Web servers are increasingly being adopted as a viable means to access Internet-based applications. Current solutions to secure Web servers are not comprehensive or robust enough to protect servers and applications from today's hackers. Protection profile gives us a systematic approach to examine the minimum-security requirements of a system. Therefore, we derive the Web security components that make a secure Web serve from the Web Server Protection Profile. A component-based framework as well as an open source solution is given subsequently. We believe that after the system is implemented and deployed, it functions reliably and effectively. We aim at establishing the provable reliability of construction and the feasibility of component-based solutions for the secure Web server.