Product Review: Applicure Technologies' dotDefender

Application security

This Content Component encountered an error

APPLICATION SECURITY


Applicure Technologies dotDefender
REVIEWED BY SANDRA KAY MILLER

dotDefender
Price: Starts at $3,995 per physical server installation

If you're looking for quick and inexpensive Web application security, dotDefender offers protection against common threats through a software plug-in for IIS, Microsoft ISA and Apache servers.


Installation/Configuration A-  

dotDefender installed rapidly and much more easily than hardware-based Web application firewalls (see comparative review, March 2008). Since it's a plug-in, configuration and management for IIS and ISA is handled through the Microsoft Management Console. The Apache version installs as an inline module.

By default, dotDefender deployed in a protective operating mode, leaving us covered against the majority of common attacks we threw at it right out of the box. But, take the time to perform extensive testing on protected websites to ferret out any security settings that interfere with functionality.

Although the documentation to quickly get the product running was excellent, we would have liked to see a more in-depth user guide for advanced features.


Policy A  

Tweaking the policies to return our test websites to complete functionality took about an hour per site. Although the default policies and rules were ample to protect against all of our attacks, dotDefender required minor tuning to maintain the usability of the applications on our Web server, such as those that utilized advanced Javascript or built with older Web tools.

Policies center on patterns and signatures. Patterns define what dotDefender looks for in terms of exploits, such as buffer overflows, SQL injection, cross-site scripting, cookie manipulation, etc. Each pattern includes two sub-menus: user defined, where custom rules can be created, and best practices, which includes a check box list of standard defenses/mitigations against known exploits.

Signatures are regularly updated by dotDefender and include a blacklist of compromised/hacked servers, anti-proxy protection, worms, bad user agents, spammer crawlers and MPack protection against infected websites.

Security profiles with unique policy settings can be assigned to different websites hosted on the same server.


Logging and Reporting C  

Reporting is dotDefender's weakest aspect. There was very little documentation about the reporting features. Logging provided information that would be useful to an IT administrator, but the reports wouldn't be very valuable to a business unit in regard to its PCI compliance or how its security posture is affecting its business.

Event reports offered basic statistics for individual websites, event categories and client IP addresses.

The logging capabilities are adequate, but lacked the advanced features we have seen in Web app firewall appliances. Log data can be exported to third party monitoring and reporting tools.


Effectiveness B  

Using a combination of signatures, session evaluation and pattern recognition, dotDefender examines HTTP requests, either allowing or denying them or in passive mode, logging only according to policy.

dotDefender effectively protected all our websites from a variety of common ills found online, including Internet and browser worms, malicious websites with automated downloads, external vulnerability scans, cross-site scripting, SQL injection and DoS attacks.

Additionally, we were able to customize how suspect HTTP requests were handled. They could be denied, redirected or only logged. There is the option to return either default or customized error pages for denied requests.


Verdict

dotDefender is an inexpensive and no-frills way to protect HTTP sessions on a Web server.

Testing methodology: We tested dotDefender on Microsoft IIS on Windows Server 2003 hosting a variety of websites.

This was first published in July 2008

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close