Websites and Intranet Applications provide users with convenient access to information and services. The data managed by these applications is critical for running a company's day-to-day business operations. Cybercriminals are constantly trying to abuse web applications by exploiting vulnerabilities in the applications. Their goal: to steal valuable information and prevent companies from doing business on the web.

ViUX™ offers dotDefender™ to deliver optimal protection against SQL injection, cross-site scripting, website defacement, and many other types of attack techniques (including the OWASP Top 10). dotDefender™ allows businesses to protect external websites and internal applications in an affordable, effective, and simple manner – without involving costly security experts.

dotDefender™ is a multi-platform solution, that is able to run on ViUX™ Linux (Apache) and Windows (IIS) Web Servers. ViUX™ personnel are able to manage all dotDefender™ installs on our network via a Central Management Console, which ensures a single point of control and reporting for all servers; or each (VPS / DDS) customer can also manage dotDefender™ from their server's desktop.

Packed with hundreds of "best practice" rules, dotDefender™ delivers robust out-of-the-box security, with easy deployment and simplified maintenance. Automatic updates ensure continuous security for your web applications against new threats as they emerge. Also, by installing dotDefender™, companies are fully compliant with the PCI DSS 6.6 requirement to install an application layer firewall.

dotDefender™ secures some of the world's most sensitive websites including financial institutions, e-commerce websites, universities, government agencies, and many other e‑businesses.

Every business today faces the challenge of securing its internal and external web based applications. ViUX™ is pleased to offer dotDefender™ from Applicure Technologies as an innovative and proven solution, currently empowering thousands of organizations worldwide to prevent website attacks and block attempts to hack into their internal systems.

dotDefender™ Highlights:

• Quality Protection – Out-of-the-box, best practice security levels to suit diverse security needs.

• Ongoing Security Commitment – Sutomatic updates against emerging threats.

• Rapid Implementation – Plug and play software solution, no need to change server configuration or network architecture.

• LowMaintenance – No need for security expertise, very low false positive rate, simple customization.

• Automated Operations – dotDefender™ automatically detects and blocks attack attempts, logs the information, and generates reports and alerts.

• Smooth Integration – Centrally managed, multi-platform solution fits any network architecture.

• Best TCO in the Industry – Affordable acquisition, rapid implementation, and simple maintenance.

• FREE Trial – 30-Day FREE Trial, and as low as $25/mo thereafter for full protection; or continue to use for FREE in Monitor Only Mode!

dotDefender™ Features:

• Software Plug-in

  dotDefender™ is designed as an ISAPI filter for IIS, and a module for Apache. Works as part of normal web server operation and is transparent to any external client accessing the website.

• Plug & Play

  Installs in minutes on the web server. Once installed, automatically identifies,  and provides immediate protection to all websites. Supports HTTP and HTTPS (SSL) traffic.

• Multiple Platform Support

  Deployed on IIS and Apache servers, 32-Bit and 64-Bit architectures. Supports MS-Windows 2000/2003/XP/2008 and various Linux flavors: RPM based, Debian based, FreeBSD.

• Predefined Rule Base

  Delivered with best practice security rules for website protection. The rules protect against many diverse attack types. Strong, accurate, finely tuned security rules result in low false positive rate.

• Automatic Update

  Automatic updates include protection against zero-day attacks and emerging threats to ensure continuous protection.

• Granularity

  Easily customized security rules at multiple levels: field, form, application, website and server.

• Flexible Customization Options

  Ability to customize and fine tune the security parameters for each specific application. The regular expression based rules are easy to define and maintain.

• Security Profile Per Site

  Each website may have its own security profile to suit specific application needs.

• Optimized Engine

  Optimized engine designed for efficiency, consumes low CPU and I/O resources.

• Comprehensive Logging

  Logging of all blocked requests with full details: e.g., time and date, attack type, source of attack, blocking reason, and many others. Provides real-time visibility of application security.

• Auditing

  Keeps track of any changes made to dotDefender™, including scheduled audits.

• Notifications

  Supports syslog notifications and e-mail notifications from central management.

• Reports

  Predefined set of reports: executive, standard, and detailed including all information about attacks attempts. Dashboard for immediate system status. Customized and scheduled reports with unlimited flexibility and granularity. Standard reports for compliance with PCI, SOX, etc.

dotDefender™ is a software based Web Application Firewall. dotDefender™ complements the Network Firewall, IPS, and other network-based Internet Security products by intercepting seemingly legitimate users attempting to use the Web Application(s) to commit fraud or gain unauthorized access to valuable and confidential information. dotDefender™ protects Web Applications against attacks, by inspecting the HTTP/HTTPS traffic for suspicious behavior.

dotDefender™ leverages breakthrough security technology to achieve unmatched levels of protection. dotDefender™'s unique security approach eliminates the need to learn the specific idiosyncrasies of each application. The software focuses on analyzing the request and its impact on the application. Effective Web Application security is based on three powerful Web Application Security Engines:

• Pattern Recognition – The Pattern Recognition Web Application Security Engine effectively protects against malicious behavior such as: SQL Injection and Cross Site Scripting. The patterns are designed efficiently and accurately to identify application-level attacks. As a consequence, dotDefender™ is characterized by an extremely low false positive rate.

• Session Protection – The Session Protection Web Application Security Engine focuses on user sessions. Session Protection prevents session cookie tampering and blocks attempts to crash the server or reduce server performance by flooding the application with multiple requests.

• Signatures Database – The Signatures Database contains "signatures" to detect requests from known malicious sources such as: bots, zombies, and spammers. It identifies bad user agents and prevents hacking tools from gathering information about vulnerabilities in Web Applications.

The Pattern Recognition Web Application Security Engine effectively protects against malicious behavior such as: SQL Injection and Cross Site Scripting. The patterns are regular expression based and designed to efficiently and accurately identify a wide array of application-level attacks. As a consequence, dotDefender™ is characterized by an extremely low false positive rate.

Whitelists for easy customization:

Complete whitelist functionality facilitates customization of the Pattern Recognition rules according to each organization's specific security policy. A whitelist allows you to define specific users, pages, or actions that will always be permitted by dotDefender™.  Users can configure, for example, rules to block access to server applications or, conversely, allow absolute access so they are not checked. dotDefender™ can also define certain application web pages or directories not to be checked at all. Whitelist rules are performed before all other dotDefender™ protection rules and signatures.

Predefined rules for paranoid security:

This engine supports paranoid security via a predefined collection of rules which delivers a high level of security, but could possibly interfere with Web Application usability. You can use this category to tighten security for sensitive applications or functionality (e.g., login, credit cards, and personal details).

Predefined rules designed to identify attack methods:

The Pattern Recognition Security Engine identifies patterns that enable prevention of the following types of application-level attacks:

• Encoding

  Encoding is a method of representing characters in different ways for use in computer systems. ASCII (American Standard Code for Information Interchange) and UTF (Unicode Transformation Format) are examples where the same text is encoded in various ways, so that a web server can interpret it. An Encoding attack uses obfuscation to "hide" suspect packets from security tools by using, for example, UTF or HEX (HEXadecimal) encoding. This results in a disguised injection of malicious phrases in URLs, parameters, or metadata.

• Buffer Overflow

  When an application sends more data to a buffer than the buffer is designed to hold, the overflow can cause a system crash or create a vulnerability that enables unauthorized system access.

• SQL Injection

  SQL (Structured Query Language) provides an interface to facilitate access to and interaction with a database. A database usually stores data in tables and procedures. An SQL injection is an attack method that aims at penetrating a back-end database to manipulate, steal, or modify information in the database. This attack method exploits the Web Application by injecting malicious queries, causing the manipulation of data.

• Cross-Site Scripting

  Scripting is a programming technique that comprises a set of instructions executed by another program (such as a web browser). Scripting is used to create dynamic pages in Web Applications. Cross-Site Scripting is a client-side attack method that occurs when an attacker uses a web-based application to send malicious code to another user of the same application. This attack is most common in dynamically-generated application pages, where embedded application forms are built. This attack is automatically executed when the client’s browser opens an HTML web page. As a result of Cross-Site Scripting, a user’s browser mistakenly identifies the script to have originated from a trusted source, allowing the maliciously injected code to access cookies, session tokens, or any other sensitive information.

There are two types of Cross-Site Scripting:

• Stored attacks – these occur when the injected malicious code is stored on a target server such as a bulletin board, a visitor log, or a comment field. The victim retrieves and executes the malicious code from the server, when interacting with the target server.

• Reflected attacks – these occur when the user is tricked into clicking a malicious link, or submitting a manipulated form (crafted by the attacker). The injected code travels to the vulnerable web server which directs the cross-site attack back to the user’s browser. The browser then executes the malicious code, assuming it comes from a trusted server.

• Path Traversal

  A URL is a web address translated into a path on the Web Server. A URL leads to specific directories and files residing on the server. Path Traversal is an attack mechanism that changes the original path to a path desired by an attacker, in order to gain access to internal libraries and folders. Path Traversal gains access to an organization’s server files and directories that are otherwise inaccessible to external users. Path Traversing is implemented with common OS operations, such as using the characters “/../../..” for traversing between files and directories.

• Probing

  Probing is an attack aiming to collect information about a Web Server and Applications, based on common practices and educated guesses. Attackers send probes looking for common weaknesses, and third party software that has known vulnerabilities. This information can be used to breach and thereby gain unauthorized access to the server.

• Remote Command Execution

  Once a Web server has been breached, an attacker can attempt to execute OS commands or programs installed on that server. This type of attack often follows SQL Injection, Path Traversal, or other attacks. In this mode of attack, an attacker executes commands through the Web Application. The commands will be executed under the privileges of the Web Application, which may allow access to the database, OS commands, and more.

• Cookie Manipulation

  Cookies are commonly used to store user identification and privileges information. Cookie Manipulation refers to a range of attack methods that aim to deceive the Web Server into sending cookies that the attacker is unauthorized to receive. Using the cookies, an attacker can obtain unauthorized access to the Web Server. CRLF Injection (Carriage Return/Line Feed) is an example of Cookie Manipulation.

• Default Windows Directories and Files

  Deafult Windows Directories and Files are components created by default during the installation of IIS and related applications, such as FrontPage, IIS sample page, and more. These default components contain known weaknesses, which an attacker may use to breach the server.

• XML Schema

   XML Schema is a document that describes, in a formal way, the syntax elements and parameters of a web language. It is used in web services and XML based applications. Since the XML Schema describes all of the available service functions, hackers may use this information to discover vulnerabilities in the application.

• XPath Injection

   XPath is a language used to access parts of an XML document. Hackers may insert malicious code into XML parameters to gain access to the Web Server, or retrieve information from the database. All protection methods are similar to those for SQL Injection.

• XPath Cross-Site Scripting

   XPath is a language used to access parts of an XML document. Hackers may insert malicious code into XML parameters to execute cross-site scripting attacks (see Cross-Site Scripting).

The Session Protection Security Engine focuses on the user session level. Session Protection prevents impersonation and the sending of large volumes of automatic requests that could potentially crash a server.

dotDefender™ blocks and intercepts security attacks at the user session level, such as:

• Session Hijacking

  Overtaking (hijacking) a legitimate user to perform unauthorized operations.

• Denial of Service (DoS)

  Attempts that threaten to flood and overwhelm server functionality and cause the server to crash.

• Cookie Tampering

  Attempts to tamper with sessions cookies, an attack aiming to modify user information in cookies.

The Signatures Database Web Application Security Engine uses signatures to detect requests from known malicious sources, such as: hackers and spammers. It identifies bad users’ agents and prevents hacking tools from gathering information about vulnerabilities in an application.

dotDefender™ identifies known attack sources and blocks requests originating from them... these include:

• Compromised / Hacked Servers

  A compromised server is one which has been accessed and manipulated by hackers. Hackers use compromised servers for a variety of attacks, thus presenting a high risk to the application.

• Anti-Proxy Protection

  Proxy servers operate as intermediary entities to Web Servers. Proxy servers perform various functions or operations on behalf of another application or system, so the origin of the request remains anonymous. Anti-Proxy Potection protects web servers from becoming proxies that serve unauthorized users. What is a proxy attack? A proxy attack is an attempt to use your web server as a jumping point to attack other sites. Your web server then attacks other sites.

• Known Worms Signatures

  Web Application worms exploit the vulnerability of applications by sending crafted requests with the intent to execute or inject code, locate an SQL injection vulnerability in an application or perform cross-site scripting attacks. Worms replicate and distribute themselves, and inflict damage similar to computer viruses.

• Bad User-Agents Signatures

  Bad User-Agents Signatures identify application-level scanners that attackers use to probe web applications. Such probing is a preliminary step in preparing an attack, and is therefore very dangerous to allow.

• Known Spammer Crawlers

  Spammer Crawlers consist of automatic software that crawls into websites, scanning e-mail addresses, page links, image paths, and IP addresses. Collecting this information breaches the privacy of website users.

• MPack Protection

  The MPack hacking package infects website visitors with malware to steal passwords and other sensitive information.