Abstract: In this paper, a framework is presented trying to make
the most secure web system out of the available generic and web
security technology which can be used as a guideline for
organizations building their web sites. The framework is designed to
provide necessary security services, to address the known security
threats, and to provide some cover to other security problems
especially unknown threats. The requirements for the design are
discussed which guided us to the design of secure web system. The
designed security framework is then simulated and various quality of
service (QoS) metrics are calculated to measure the performance of
this system.