Free Trials Download and Product Support

 

DragonWAF web application firewall

Fulfill new value of website protection of "Security reinforcement, Block intrusion, Protect from penentration, Stop tampering"

DragonWAF is a host-based web application firewall using filtration algorithms, it targets to filter and prevent malicious coding attacks and defacements aiming at personal, SMB and corporate web sites that are hosted on Microsoft IIS Web Servers. The attack patterns and sources are recorded despite the encryption status of the attacking word strings, DragonWAF records by date, incoming IP addresses, attack types. The data are transformed into graphical reports which allows web masters to take easy control and security managements on their IIS Web Servers.

DragonSoft offers best reasonable price package to SMB websites against malicious attacks and web defacements .

DragonWAF Install Guide(For IIS 5/6/7)

Trial Version Operation System Requirement Free Trial
IIS 7
IIS 7.0 for Windows Server 2008
IIS 6 IIS 6.0 for Windows Server 2003
IIS 5 IIS 5.0 for Windows 2000
IIS 5.1 for Windows XP Professional

 

DragonWAF Features

 

------Website malicious attack & injection filtration

 

DragonWAF’s multi-language user interface and reporting provide effective filtrations for a number of web communication service, irrespective of their state of encryption such as SSL (Secure Sockets Layer). As Web Server face milious attacks, DragonWAF activates its protection mechanism, to prevent trojan horses and web defacements etc. The attack patterns and sources are recorded despite the encryption status of the attacking word strings, DragonWAF records by date, incoming IP addresses, attack types. The data are transformed into graphical reports which allows web masters to take easy control and security managements on their IIS Web Servers.

 

------Customizable Remote Warning Page

 

The customizable warning page is flexible that users are able to edit desired warning page, which alert or flexibly guide attackers to elsewhere after protection has taken effect.

 

------SQL Injection Prevention

 

When malicious users send remote command strings to database stored on web servers (Intend to delete important data stored on web server via “delete” command), the inability to justify bewtween legitamate and harmful database variables could result in web database illegal access, information loss through admin rights compromise. (This feature supports Regular Expression technology)

 

------Buffer Overflow Protection 

 

As the abnormal strings are sent to web servers by remote malicious users, generate a Buffer Overflow to cripple normal operations, important data leak and Denial of Service take place under compromised authentication. DragonWAF offers identification, filtration and protection against those kinds of web attacks.

 

------OWASP/PCI-DSS 6.6 compliance

 

DragonWAF protects against website attacks and recovery modules, it is most ideal for corporate to follow OWASP(Open Web Application Security Project)/ PCI-DSS(Payment Card Industry Data Security Standard) 6.6 compliance.

 

------Shellcode Exploits Prevention

 

The high-bit transmission are not common in standard English-based websites, however, it is seen on Chinese or special-character content websites, with possible hidden attacking methods to the multi-language-dealing web servers, there is need to address the high-bit attack issue.

 

------Allowed Methods

 

Webmasters could control the degree of tolerance of HTTP commands on web server openness setting through DragonWAF, against malicious HTTP commands trying to steal data stored on web servers. The control is based on the security level of website, either allow or prohibit potential malicious HTTP command attemps.

 

------Encoding Prevention

 

Traditional web applications transfer data between client and server using the HTTP or HTTPS protocols. The Encoding methods is carried out through URL manipulations on web server to deceive the normal policy. DragonWAF is able to distinguish and filter the bad ones from normal requests.

 

------Directory Traversal

 

When a malicious user exploits insufficient security validation / sanitization of user-supplied input file names on web server, to get characters representing "traverse to parent directory" passed through to the file APIs to gain authentication, DragonWAF is able to identify such act, completely protect the web servers.

 

------Keyword Strings Filtering

 

When web server is getting malicious program like cmd.exe file under C:\WINNT\system32\cmd.exe, one can get away with the attacks by setting keyword strings in DragonWAF configuration. (This feature supports Regular Expression technology)

 

------Coss Site Scripting, XSS / Asynchronous JavaScript and XML,AJAX / X Path / XML  attack & injection

DragonWAF defines designated strings configuration and Regular Expression technology, tailored to multiple attack methods, the program is flexible to adding and filtering incoming traffic, applicable on all types of URL, input box and long strings of characters. The attackers are prevented from illegally browse and send malicious requests to the websites.

 

------Allow Directory

 

DragonWAF offers protection setting to the website directory, adjust their read or write permission to and from any specific index, the users could add restrictions on forbidden-access index and files, in order to protect websites from malicious access.