Evaluation of safe3 web application firewall 14.1

Source: Internet
Author: User
Tags sql injection protection

Four years ago, today, a website security protection software named "safe3 web application firewall" was launched. From then on, the domestic server security field began to enter a new era. Yesterday, security umbrella network technology company officially released the safe3 web application firewall 14.1 Enterprise Edition, which was upgraded from the previous 13. X to the 14.1 anniversary preview version.
In general, such a major version upgrade often means that major functions are added. What are the surprises of this safe3 web application firewall? Next let's take a look.

Software Name: Safe3 Web Application Firewall
Software Version: 14.1 anniversary edition
Software size: 4.9 m
Software authorization: Trial version
Applicable platform: Win2000 win2003 win2008 (32, 64-bit)
: Safe3 Web Application Firewall


I. Installation and Interface
The installation process is as simple as ever. However, due to the addition of new features, the volume is slightly increased from the previous version, reaching 4.9 MB. The entire process is still composed of several key steps, such as decompression, selecting a 32-bit or 64-bit installation package, and "installation path". Except for slight adjustments to the version number, the remaining steps are basically the same as those of version 13. X.
Safe3 web application firewall has never been bundled with other software during the installation process. We can safely click "Next" to complete the installation, even if there are not many computer application basics, don't worry.

Figure 1 Installation

After the software is started for the first time, the function panel will appear. The left side of the Panel can be directly linked to the corresponding functions to help users quickly grasp the location and attributes of new functions.

 

Figure 2 New Main Page

Ii. test software functions

How to Improve the Hacker defense capability of security software has always been a headache for many vendors. Although Web application firewalls are becoming increasingly popular, most vendors are still improving the interception performance of their own products. In safe3 web application firewall 14.1, I finally learned what is "Han Xin dianbing, a lot of benefits ".

In addition to traditional Web security protection, safe3 web application firewall has added many practical functions such as Web anti-virus, website monitoring, and tampering check, thus, safe3 web application firewall has become a fully functional web information security product in the true sense. Of course, the so-called "no picture, no truth", whether the practical functions can create a miracle for the safe3 web application firewall, we decided to take a look at it through a real evaluation!

 

Figure 3 SQL Injection Protection in legend

Like many professional web application firewalls, safe3 web application firewall has also added the get and cookie anti-injection functions. However, in addition to these two types of protection, there is also the post SQL anti-injection function, this is not available in URLScan, a product officially developed by Microsoft. In addition, the software also has built-in strong SQL Injection Protection rules that have been accumulated by the security umbrella Technology for many years, while many hackers of similar products on the market can easily bypass anti-injection, and the software is just like a false one. For advanced Web administrators, users familiar with SQL injection and regular expressions can also customize SQL anti-injection rules.

 

Figure 4 powerful website monitoring

Webshells uploaded by hackers are not uncommon at ordinary times. However, due to the varying levels of web programmers, it is difficult to find out the Web backdoors and web pages where the vulnerabilities are located. to eliminate this problem, it is obvious that web programmers alone are not enough. In this case, you can use the website monitoring function to monitor all changes such as modification, deletion, and rename of specified types of files, so that hackers can monitor every action on the webpage. You can also select Delete to delete a specified type of new file, such as ASP file, so that the ASP webshell uploaded by hackers can be easily killed, so as to prevent further crisis caused by the web Upload Vulnerability.

 

Figure 5 powerful webshell Scanning

Safe3 web application firewall (WAF) is the first comprehensive web anti-virus software in China that can scan webshells completely. Because the software uses the intelligent script parsing and scanning engine, the detection and removal rate leads similar products in China.

Figure 6 humanized Log Viewing

Figure 7 detailed report functions

The safe3 web application firewall provides the Enterprise Firewall log query function and can export detailed log view reports. This not only facilitates the website administrator to analyze and view hacker attacks, but also allows the Administrator to generate reports to view logs easily.

 

TotalEnd

As a complete set of Enterprise Web Information Security Products, safe3 web application firewall integrates multiple security protection and enterprise report functions, including hacker attack defense, backdoor detection and removal, website monitoring, tampering check, and report generation, it has developed into an excellent compound website security product. The safe3 web application firewall 14.1 released this time is a milestone in the development history of security umbrella network technology. It can be said that safe3 Web Application Firewall is a security product that integrates the health concept, it not only takes website security as its mission, but also takes network health protection as its responsibility. We believe that safe3 web application firewall will surely become a necessary software for every webmaster!

 

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.