dotDefender is a software based Web Application Firewall. dotDefender complements the network firewall, IPS and other network-based Internet security products by intercepting seemingly legitimate users attempting to use the web applications to commit fraud or gain unauthorized access to valuable and confidential information. dotDefender inspects the HTTP/HTTPS traffic for suspicious behavior.
The following methods are used by dotDefender to provide enterprise-class security for web applications:
The Pattern Recognition web application security engine effectively protects against malicious behavior such as SQL injection and Cross Site Scripting. The patterns are designed efficiently and accurately to identify application-level attacks. As a consequence, dotDefender is characterized by an extremely low false positive rate.
The Session Protection web application security engine focuses on the user session. Session Protection prevents session cookie tampering and blocks attempts to crash the server or reduce server performance by flooding the application with multiple requests on the same session.
This web application security engine uses signatures to detect requests from known malicious sources such as bots, zombies and spammers. It identifies bad user agents and prevents hacking tools from gathering information about vulnerabilities in Webapplications.
Prevent sensitive information disclosure using built-in and extensible outgoing traffic inspection rules. Mitigate proliferation of credit card, personal information, application error messages into the wrong hands.
Upload content inspection enforces file extension and MIME-Type filtering. Prevent web shells, backdoors and rootkits from being uploaded via web content management systems. Scan contents of uploaded files to ensure malicious payloads are not smuggled in posing as benign pictures and content.
Contact our sales staff for further information on dotDefender tailored to your business needs, for detailed case studies, white papers, downloads, and our professional support staff.