Home > Information Security Magazine > Hot Pick & Product Reviews > Product Review: Applicure Technologies' dotDefender
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Product Review: Applicure Technologies' dotDefender
Issue: Jul 2008
printer-friendly
< PREV PAGE   |   1  |   2  |   NEXT PAGE  >

APPLICATION SECURITY


Applicure Technologies dotDefender
REVIEWED BY SANDRA KAY MILLER

dotDefender
Price: Starts at $3,995 per physical server installation

[IMAGE]

If you're looking for quick and inexpensive Web application security, dotDefender offers protection against common threats through a software plug-in for IIS, Microsoft ISA and Apache servers.


Installation/ConfigurationA-  

dotDefender installed rapidly and much more easily than hardware-based Web application firewalls (see comparative review, March 2008). Since it's a plug-in, configuration and management for IIS and ISA is handled through the Microsoft Management Console. The Apache version installs as an inline module.

By default, dotDefender deployed in a protective operating mode, leaving us covered against the majority of common attacks we threw at it right out of the box. But, take the time to perform extensive testing on protected websites to ferret out any security settings that interfere with functionality.

Although the documentation to quickly get the product running was excellent, we w...



ould have liked to see a more in-depth user guide for advanced features.


PolicyA  

Tweaking the policies to return our test websites to complete functionality took about an hour per site. Although the default policies and rules were ample to protect against all of our attacks, dotDefender required minor tuning to maintain the usability of the applications on our Web server, such as those that utilized advanced Javascript or built with older Web tools.

Policies center on patterns and signatures. Patterns define what dotDefender looks for in terms of exploits, such as buffer overflows, SQL injection, cross-site scripting, cookie manipulation, etc. Each pattern includes two sub-menus: user defined, where custom rules can be created, and best practices, which includes a check box list of standard defenses/mitigations against known exploits.

Signatures are regularly updated by dotDefender and include a blacklist of compromised/hacked servers, anti-proxy protection, worms, bad user agents, spammer crawlers and MPack protection against infected websites.

Security profiles with unique policy settings can be assigned to different websites hosted on the same server.


< PREV PAGE   |   1  |   2  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts