Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
dotDefender
Posted by: wimvincken
Date: June 15, 2009 09:39PM

I have downloaded the dotDefender from Applicure
The thing is free for 30 days (evaluation). Everything seems to work fine, no problem, nice statistics and very easy to install on my Linux and IIS servers.

What I am interested in is does anyone has any experience with the dotDefender? Are there problems or issues and is it fast enough?

You can download it here: http://www.applicure.com/downloads/dotdefender and try it for yourself

Wim

Options: ReplyQuote
Re: dotDefender
Posted by: johnson12
Date: June 28, 2009 04:31AM

> Are there problems or issues and is it fast enough?
slow as shit, easy to bypass, and is probably backdoored with their live update thing.

Options: ReplyQuote
Re: dotDefender
Posted by: orwell
Date: September 30, 2009 02:11AM

Hi Johnson,

Just my 2 cents,
We are a group of 5 students - 2 of us are doing penetration testing.
After we tried a few web application firewall such as modsecurity, dotdefender, denyall and port80software I can tell you that we did find some holes in some of the waf's but not from what you have described in your post about dotdefender.
We found out that modsecurity & dotdefender were the best solution out there.
I should also mention that dotdefender is much easier to handle comparing to modesecurity. The other waf's we tested were good but there were some issues that we are still trying to understand better.
On our target goal as part of our project we suppose to get some hardware web application firewall and I will be happy to share with you our conclusions.

Best,
Orwell

Options: ReplyQuote
Re: dotDefender
Posted by: rvdh
Date: September 30, 2009 01:54PM

Orwell, what do you mean with "holes" ? missed vectors, or actual vulnerabilities?

Options: ReplyQuote
Re: dotDefender
Posted by: sirdarckcat
Date: November 03, 2009 03:11AM

We found out that modsecurity & dotdefender were the best solution out there.
modsecurity? really? lol

modsecurity bypassed :)
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf

dotDefender trollraped :)
http://sla.ckers.org/forum/read.php?13,28823#msg-28986

And again and again.. http://www.applicure.com/Partner_Zone username:
'='
and magic, you are logged in.. xDD

kthxbye

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 3 time(s). Last edit at 11/03/2009 03:59AM by sirdarckcat.

Options: ReplyQuote
Re: dotDefender
Posted by: thornmaker
Date: November 03, 2009 03:40PM

regarding modsecurity: to be fair, last summer (at blackhat) modsecurity beta released a long-overdue update to their core rule set. sdc's and my presentation covered only the older rule set. I think the new ones are still being refined, but the they should theoretically be more useful out-of-the-box. Aside from now being an Owasp project (maintaining the rules, not modsecurity itself), the biggest change is that the new rules now include an import of the PHPIDS filters.

Options: ReplyQuote
Re: dotDefender
Posted by: thornmaker
Date: November 03, 2009 03:41PM

@orwell - by the way... which modsecurity rule set did you test?

Options: ReplyQuote
Re: dotDefender
Posted by: rvdh
Date: November 07, 2009 10:37AM

Well, the idea behind the term firewall implies that you can add rules yourself. That's the whole point. That platform has to be secure and not prone to vulnerabilities itself. if that fails, the firewall fails as a whole. If it misses a couple of vectors, it's not due to the platform.

Options: ReplyQuote
Re: dotDefender
Posted by: sirdarckcat
Date: November 07, 2009 11:52AM

<rule id="1">
<match>.*</match>
<panic/>
</rule>

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: dotDefender
Posted by: rvdh
Date: November 12, 2009 09:47AM

Ghehe love that one!

Options: ReplyQuote
Re: ddos Defender need
Posted by: jlw
Date: January 14, 2010 06:55AM

my server was attacked over 20days in china, i know who attacked me in china, but due to somereason, nobody can help me, even ploice. sb introduce me to come here ask for help. if sb. can help me, pls pm or send e-mail to me: log8656@gmail.com

many thks. joe

Options: ReplyQuote
Re: dotDefender
Posted by: gil
Date: May 22, 2010 05:50AM

<deleted>



Edited 7 time(s). Last edit at 05/28/2010 11:39PM by gil.

Options: ReplyQuote


Sorry, only registered users may post in this forum.