This paper provides directions for web and e-commerce applications security. In particular, access control
policies, workflow security, XML security and federated database security issues pertaining to the web and ecommerce
applications are discussed