DragonWAF is a host-based web application firewall, targeted to filter and prevent malicious coding attacks at personal and small-to-medium business web sites hosted on Microsoft IIS Web Server.
DragonSoft makes web security an affordable, intuitive, convenient and effective tool for Personal/SMB web sites, it is the Best Entrepreneurial Web Server Protection. You can sleep soundly at night, let DragonWAF do the job 24/7/365.
DragonWAF effectively prevents against 18 common web application attack methods:
1. SQL Injection
2. Server-Side Include
3. Directory Indexing
4. Path Traversal
5. Cross-Site Scripting
6. Buffer Overflow
7. LDAP Injection
9. HTTP Response Splitting
10. Content Spoofing
11. Predictable Resource Location
12. Denial of Service
13. Application Fingerprinting
14. Insufficient Session Expiration
15. Session Fixation
16. Web Server Fingerprinting
17. Abuse of Functionality (emails, spiders, data theft)
18. Command Injection
1.SQL Injection Prevention
Remote attackers send requests to gain access on IIS web server, causing data leakage or deletion of important data. DragonWAF is able to identify the attacks and analyze, filter them. Through DragonWAF configuration, it filters SQL commands targeted on database that may cause data leakage or other damages.
2.Buffer Overflow Protection
A Buffer Overflow is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and program flow control data. This may result in erratic program behavior, including memory access errors, incorrect results, program termination (a crash), or a breach of system security. DragonWAF users are able to control the request length by filtering those existing IIS web server vulnerability or any other web-related vulnerability attacks.
3.HTTP Methods Protection
Illegal commands that will cause data loss or tamper on web server, DragonWAF administrators are able to analyze, classify, filter and protect web servers from any incoming requests. A few HTTP commands are rarely in use or harmful to the system, administrators are able to control and forbid the use of these commands on web servers.
4.Shell Code Exploits Prevention
In multi-language Web Server environment, the high-bit and encoding commands could cause damage to server data. DragonWAF is able to filter those commands in easy and fast fashion. The standard English website environment is free of high-bit commands communication, whereas in other language there will be complicated coding or high-bit requests targeting on IIS Web Servers. It is necessary to filter those potential command attacks in the multi-language internet environment.
5.Encoding Attack Prevention
The variety of encoding attacks are sent to IIS Web Server are deceitful, trying to beat default policy. DragonWAF is able to identify such attacks, analyze risk level and filter them.
6. Keyword Strings Filtering
Whenever a harmful code is sent to Web Server, such as cmd.exe from C:WINNTsystem32cmd.exe, the Keyword Strings Filtering function in DragonWAF is able to eliminate such commands. Generally speaking, this type of command attempts to create a buffer overflow on web servers, causing permission issues to execute intrusion attacks.
7.Directory Traversal Filtering
In a typical file transfer, the server end will provide required files by user end requests. Before processing each request, the server keeps a network access control (NAC) policy to decide if users are permitted to read, write and create directories. Whenever an illegal attempt to read, write and create directories using web server vulnerability, DragonWAF is able to identify the so-called Directory Traversal attack, and start filtration process on IIS Web Servers.
DragonWAF protects default IIS website directory, against any abnormal access requests to exploit sub-directory paths.
9.Customizable Remote Warning Page
It is not enough just to have self-protection on own web server, you need to warn remote end of their malicious attacks with a warning message. DragonWAF designs a Remote Warning Page customizable with your own message to warn attackers.
IIS 6, IIS 7, IIS 7.5
IIS 6 version running special promotion at USD 189