Network and web security modeling and analysis