dotDefender is a software-based web application firewall, which provides protection against attacks by using three types of filters: pattern recognition is an engine that automatically detects and blocks attempts to hack a website. The security engine includes SQL injection and cross-site scripting, the top two security vulnerabilities in the Open Web Application Security Project Top 10.
The second filter is session protection: The session protection security engine focuses on the user session level. It impersonates the sending of large volumes of automatic requests that could potentially crash a server.
The final filter is signature knowledge base. This engine uses signatures to detect requests from known malicious sources, such as hackers and spammers. It identifies bad user agents and prevents hacking tools from gathering information about vulnerabilities in an application.
dotDefender is feature rich and includes logging and alerting capabilities. But unlike some of the other application firewalls, dotDefender requires almost the entire configuration be done manually and changed each time the site is altered.
Documentation PDFs are well written and easy to understand. However, the website offers little to no help if users have an issue.
Standard support and maintenance includes telephone and email support, bug fixes, live updates and new releases. The first year of support is included in the price of a perpetual license. Beginning in year two, there is an annual fee of 18 percent of the list price. Maintenance and support are included in the price of an annual subscription. 24/7 support is available at 25 percent of list price, and includes telephone and email support, live updates, fixes and new releases.
dotDefender's MSRP is $3,995, which places it at the less expensive end of the medium price range.