I have downloaded the dotDefender from Applicure
The thing is free for 30 days (evaluation). Everything seems to work fine, no problem, nice statistics and very easy to install on my Linux and IIS servers.

What I am interested in is does anyone has any experience with the dotDefender? Are there problems or issues and is it fast enough?

You can download it here: http://www.applicure.com/downloads/dotdefender and try it for yourself

Wim

> Are there problems or issues and is it fast enough?
slow as shit, easy to bypass, and is probably backdoored with their live update thing.

Hi Johnson,

Just my 2 cents,
We are a group of 5 students - 2 of us are doing penetration testing.
After we tried a few web application firewall such as modsecurity, dotdefender, denyall and port80software I can tell you that we did find some holes in some of the waf's but not from what you have described in your post about dotdefender.
We found out that modsecurity & dotdefender were the best solution out there.
I should also mention that dotdefender is much easier to handle comparing to modesecurity. The other waf's we tested were good but there were some issues that we are still trying to understand better.
On our target goal as part of our project we suppose to get some hardware web application firewall and I will be happy to share with you our conclusions.

Best,
Orwell

Orwell, what do you mean with "holes" ? missed vectors, or actual vulnerabilities?

We found out that modsecurity & dotdefender were the best solution out there.
modsecurity? really? lol

modsecurity bypassed :)
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf

dotDefender trollraped :)
http://sla.ckers.org/forum/read.php?13,28823#msg-28986

And again and again.. http://www.applicure.com/Partner_Zone username:

'='

and magic, you are logged in.. xDD

kthxbye

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 3 time(s). Last edit at 11/03/2009 03:59AM by sirdarckcat.

regarding modsecurity: to be fair, last summer (at blackhat) modsecurity beta released a long-overdue update to their core rule set. sdc's and my presentation covered only the older rule set. I think the new ones are still being refined, but the they should theoretically be more useful out-of-the-box. Aside from now being an Owasp project (maintaining the rules, not modsecurity itself), the biggest change is that the new rules now include an import of the PHPIDS filters.

@orwell - by the way... which modsecurity rule set did you test?

Well, the idea behind the term firewall implies that you can add rules yourself. That's the whole point. That platform has to be secure and not prone to vulnerabilities itself. if that fails, the firewall fails as a whole. If it misses a couple of vectors, it's not due to the platform.

<rule id="1">
<match>.*</match>
<panic/>
</rule>

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Ghehe love that one!

my server was attacked over 20days in china, i know who attacked me in china, but due to somereason, nobody can help me, even ploice. sb introduce me to come here ask for help. if sb. can help me, pls pm or send e-mail to me: log8656@gmail.com

many thks. joe

<deleted>



Edited 7 time(s). Last edit at 05/28/2010 11:39PM by gil.