According to info-sec expert studies, 70% of the world’s top 100
websites contain malicious links that re-direct visitors to malicious
websites, let alone ordinary individual and small business websites.
There is not one single Web Application Firewall(WAF) product catered
for them in the market, it is estimated at least 2 million websites
face serious info-sec threats that could lead to unbearable legal
issues.
Famous websites have major concerns on OWASP Top 10 web vulnerability
when they tackle web application development, they understand the
importance of firewalls, most webmasters could put firewalls in place
on their own, but what they do not realize is that conventional
firewalls only protect layer 2 and layer 3 of the network communication
protocol.
The latest cyber attacks (SQL Injection, cross-site scripting) intrude
web application directly. International Research Institute Gartner
indicated that 75 percents of the website attacks are targeted at web
applications that conventional firewalls cannot protect. Individual and
small business websites become vulnerable targets to hackers and become
stepping stones to more website attacks. Furthermore, PCI-DSS 6.6
recommends adoption of WAF practice to bridge the last mile gap between
web application code review with total web security if they are to deal
with customers’ confidential business transactions.
Although webmasters understand the importance of WAF, the existing WAF
products in the market are made for corporate customers that cost tens
of thousands of dollars that are too expensive to acquire for small
scale website owners. Consequently, DragonSoft introduces an
easy-to-install, affordable WAF product to this segment. DragonWAF is
selling at USD 99 during promotion, customers can get corporate level
web application security at anti-virus price. DragonWAF offers
multi-intellectual website protections, working jointly with
conventional firewalls, the individual and small business websites are
protected effectively against malicious codes, website defacement,
customer data leaks, following by immense legal responsibilities.
Excellent protection features on DragonWAF 2010
The signature-based DragonWAF activates defense mechanism when IIS
server is under attack, it records all attack patterns using
intellectual filtration techniques, webmasters are able to add more
filtration strings by themselves, customize warning messages. The
multiple graphic reports facilitate log management, making optimal
security control an easy task. DragonWAF 2010 is capable of blocking
any SQL Injection target at database (Oracle, MySQL…), DragonSoft
offers the online updater and continuously to update database.
DragonWAF 2010 effectively prevent against 18 common web application attack methods:
1. SQL Injection
2. Server-Side Include
3. Directory Indexing
4. Path Traversal
5. Cross-Site Scripting
6. Buffer Overflow
7. LDAP Injection
8. Phishing
9. HTTP Response Splitting
10. Content Spoofing
11. Predictable Resource Location
12. Denial of Service
13. Application Fingerprinting
14. Insufficient Session Expiration
15. Session Fixation
16. Web Server Fingerprinting
17. Abuse of Functionality (emails, spiders, data theft)
18. Command Injection
