With this second round of SQL injections hitting CF sits hard, I thought it was time to try some application level filtering.  So one of my co-workers suggested dotDefender.  I have to say, even though I’m only using the 30-day trial edition, that it is indeed a nice application.  They have version that sit between either IIS or Apache and allow you to configure rules to prevent myriad of vunerabilites.  Here’s a quick list of the categories they have for rules:

  • Paranoid
  • Encoding
  • Buffer Overflow
  • SQL Injection
  • Cross-Site Scripting
  • Cookie Manipulation
  • Path Traversal
  • Probing
  • Remote Command Execution
  • Windows Directories and Files
  • XML Schema
  • XPath Injection
  • XPath Cross Site Scripting.

While I don’t have all that much traffic, in the few hours I’ve had it installed I’ve seen 14 blocks based on my rules setup.  I’m not sure on the pricing as you must request a quote, but its working so far.

One thought on “dotDefender”

  1. 2 months ago we installed dotDefender on our 2 web servers after getting hundreds of attacks on our servers.
    dotDefender amazingly stopped all the attacks. Thats what I called automation – lets the machine protect your assets. After we tried free trial we purchased the software for 2 servers.
    The price they offer is certainly a fair price comparing to all the other expensive solution out there. not to mentioned the great support we received from their support team. Send me an email to dani dot alovitz at gmail dot com and I would be happy to give more details about the software and pricing.

Leave a Reply

Your email address will not be published. Required fields are marked *