SWEPT security solution will incorporate preventive and detecting security mechanisms and tools for automatically preventing and mitigating web site attacks, maximizing the security posture of websites with a minimum intervention of web site owners and administrators The project also proposes a certification model that will certificate the security level of a web application based on SWEPT security mechanisms.
Beyond this triplet (prevention, detection and certification) there will be an integration methodology based on:
1- Normalisation of different outcomes from different tools.
2- Extension of an XML format file oriented to vulnerabilities and threats concepts
3- Log based integration in a common DB
4- Definition of correlation techniques
5- Certification of SWEPT Integration platform
This will generate the SWEPT platform ready to offer preventive and reactive services toward web developers and hosters.
- Website security
- web applications