dotDefender™ protects websites and internet applications against hacking and web application attacks
dotDefender provides dedicated application security that complements the network protection (firewall, IPS/ IDS). dotDefender is deployed as a server plug-in in IIS, Apache or Microsoft ISA server. This innovative website security software provides strong protection against SQL Injection, Cross-site scripting, Path Traversal, and many other application attacks.
With dotDefender you can:
Protect websites against application attacks
Protect intranet applications against application attacks
Secure a variety of platforms using the same product
Enjoy best practices security right out of the box.
Customize security settings for each Web site or application
Receive automatic security updates against new threats
Monitor traffic and view detailed reports about attackers and attack attempts
Easily integrate application security with monitoring and management systems
dotDefender™ is a software based web application firewall. dotDefender complements the network firewall and other network-based internet security products by intercepting seemingly legitimate users attempting to use the web application to commit fraud, or gain access to valuable and confidential information.
dotDefender™ is a website security software product that delivers excellent ROI through reasonable cost and simple deployment and maintenance, combined with effective web security. Red Herring predicts that in five years a web application firewall will be a must-have for website security, and dotDefender is uniquely positioned to become the gold standard in this category.
Web server security is achieved by rapid deployment of dotDefender™ as a software plug-in. This website security software provides HTTP security against application attacks, session attacks, and requests originating from known attack sources.
Residing on the web server, dotDefender can be installed and implemented in minutes without influence on traffic or network architecture. The dotDefender™ website protector comes with a predefined set of internet security rules for out of the box best practices website protection. Automatic live update ensures website security that is ready to counter the latest malicious attacks.
dotDefender™ checks every incoming requests for signs of malicious use, by comparing against signatures, attack patterns and session attacks. The dotDefender™ http security engine examines requests taking into consideration encoding and byte range that are used by hackers to camouflage harmful code. After dotDefender™ stops a suspicious request it will respond according to customer choice: log the incident, send a default or customized error page, or redirect the request. A white list is further consulted for authorized operations. For tighter protection of sensitive assets, dotDefender™ further incorporates elements of positive security.
A live update mechanism automatically updates the web security rules with new rules and signatures. Once installed, dotDefender™ can counter all modes of attack, current and future, for unbreachable web server security.
dotDefender™ is preconfigured with best practices sets of website security rules that require no learning period to provide excellent protection, using a combination of three technologies: pattern recognition, session protection and signature recognition.
dotDefender™ checks incoming traffic for patterns that may indicate attack attempts, based on an extensive knowledge of hacking techniques. dotDefender™ engine can identify attack patterns in any part of the request for granular and accurate http security. A white list mechanism ensures the system only stops attacks, and approves all other requests.
dotDefender™ uses digital signatures to protect against malicious attempt to tamper with cookies for session hijacking and other modes of attack. dotDefender™ also intercepts denial of service attacks at the application level that cannot be detected by network security solutions.
Applicure collects and confirms a listing of known attack sources, that dotDefender™ downloads automatically for cutting edge web server security. It also identifies user agents associated with penetration attempts