This paper mainly focus on designing and implementing a web security model in order to protect the network from any potential threats and attacks. When the email and information exchange between two parties over insecure channels, a web security model with optimized zero knowledge protocol can be used to identify the authentication between two parties. The proposed security model can achieve the authentication property implemented by using Zero Knowledge Protocol (ZKP), the integrity property implemented by using HMAC, and the confidentiality property implemented by using AES. The web security model can demonstrate to handle the man-in-the-middle attack.