Website Security - How It Works

The following methods are used by dotDefender to provide enterprise-class security for web applications:

Pattern Recognition

The Pattern Recognition web application security engine effectively protects against malicious behavior such as SQL injection and Cross Site Scripting. The patterns are designed efficiently and accurately to identify application-level attacks. As a consequence, dotDefender is characterized by an extremely low false positive rate.

Session Protection

The Session Protection web application security engine focuses on the user session. Session Protection prevents session cookie tampering and blocks attempts to crash the server or reduce server performance by flooding the application with multiple requests on the same session.

Signature Knowlegdebase

This web application security engine uses signatures to detect requests from known malicious sources such as bots, zombies and spammers. It identifies bad user agents and prevents hacking tools from gathering information about vulnerabilities in Webapplications.

Data Leakage Protection

Prevent sensitive information disclosure using built-in and extensible outgoing traffic inspection rules. Mitigate proliferation of credit card, personal information, application error messages into the wrong hands.

Upload Inspection

Upload content inspection enforces file extension and MIME-Type filtering. Prevent web shells, backdoors and rootkits from being uploaded via web content management systems. Scan contents of uploaded files to ensure malicious payloads are not smuggled in posing as benign pictures and content.