Currently, website security is one of the main concerns in the cyber security field. It is difficult to fight against this threat because the foundational software currently used to develop or create web applications (such as web frameworks and content management systems - CMSs) do not provide adequate and easy-to-implement security mechanisms, and therefore the development of a secure web application depends, to a great extent, on the developer. For this reason, the majority of developed applications are not secure by design and have to be secured afterwards via custom, complex and error-prone security measures. Besides, the web security solutions offered by traditional cyber security providers (e.g. application firewalls or other means) usually are not completely effective due to the complex solution implantation issues and due to the hardware resources consumption overheads and delayed response times. In all the cases, a great deal of effort and investment from web site owners and administrators is required. This is feasible for organizations with the necessary resources, but is a problem for individual website owners and administrators, or small organizations with limited resources. In order to overcome the current situation, SWEPT proposes a security solution that incorporates different cost effective security mechanisms and tools for automatically mitigating web site attacks, maximizing the security posture of websites with a minimum intervention from web site owners and administrators. It includes: - A set of preventive security solutions based on the “security by design” concept to be applied at the web application level for website protection (prevention of infections and avoidance of attacks). - A set of complementary detection security solutions to be applied externally to the web application level. - A new security certification scheme based on the different technologies being proposed by the project.