The signature-based DragonWAF activates defense mechanism when IIS server is under attack, it records all attack patterns using intellectual filtration techniques, webmasters are able to add more filtration strings by themselves, customize warning messages. The multiple graphic reports facilitate log management, making optimal security control an easy task. DragonWAF is capable of blocking any SQL Injection target at database (Oracle, MySQL), DragonSoft offers the online updater and continuously to update database.

DragonWAF effectively prevents against 18 common web application attack methods:
1. SQL Injection
2. Server-Side Include
3. Directory Indexing
4. Path Traversal
5. Cross-Site Scripting
6. Buffer Overflow
7. LDAP Injection
8. Phishing
9. HTTP Response Splitting
10. Content Spoofing
11. Predictable Resource Location
12. Denial of Service
13. Application Fingerprinting
14. Insufficient Session Expiration
15. Session Fixation
16. Web Server Fingerprinting
17. Abuse of Functionality (emails, spiders, data theft)
18. Command Injection