Website Security - How It Works

dotDefender is a software based Web Application Firewall. dotDefender complements the network firewall, IPS and other network-based Internet security products by intercepting seemingly legitimate users attempting to use the web applications to commit fraud or gain unauthorized access to valuable and confidential information. dotDefender inspects the HTTP/HTTPS traffic for suspicious behavior.


Got questions about dotDefender? Please visit our knowledgebase for answers or contact Support at

Featured Blog Posts

Google Codelab

It may seem counterproductive for Google to teach people to think like a cyber criminal ... read more ...

WordPress Security

With over 9.7 million active installations of WordPress and 32 of the Technorati Top 100 ... read more ...

The Big Website Guide to a Hacking Attack

Working in IT, one of the most dreaded calls you can receive is the one ... read more ...

The following methods are used by dotDefender to provide enterprise-class security for web applications:

Pattern Recognition

The Pattern Recognition web application security engine effectively protects against malicious behavior such as SQL injection and Cross Site Scripting. The patterns are designed efficiently and accurately to identify application-level attacks. As a consequence, dotDefender is characterized by an extremely low false positive rate.

Session Protection

The Session Protection web application security engine focuses on the user session. Session Protection prevents session cookie tampering and blocks attempts to crash the server or reduce server performance by flooding the application with multiple requests on the same session.

Signature Knowlegdebase

This web application security engine uses signatures to detect requests from known malicious sources such as bots, zombies and spammers. It identifies bad user agents and prevents hacking tools from gathering information about vulnerabilities in Webapplications.

Data Leakage Protection

Prevent sensitive information disclosure using built-in and extensible outgoing traffic inspection rules. Mitigate proliferation of credit card, personal information, application error messages into the wrong hands.

Upload Inspection

Upload content inspection enforces file extension and MIME-Type filtering. Prevent web shells, backdoors and rootkits from being uploaded via web content management systems. Scan contents of uploaded files to ensure malicious payloads are not smuggled in posing as benign pictures and content.

Still have questions?

Contact our sales staff for further information on dotDefender tailored to your business needs, for detailed case studies, white papers, downloads, and our professional support staff.

Please Wait...