DownloadCENTER

SiteShell

siteshell — Sun, 20 Dec 2009 22:54:24 GMT

SiteShell is a Software WAF (Web Application Firewall) which effectively protects the website and its data from attacks exploiting the weakness and vulnerabilities of websites (e.g. SQL injection or cross site scripting). SiteShell offers various special features including "online blacklist update" and "intuitive user interface".

ThreatSentry 4 - IIS Web Application Firewall

privacyware — Tue, 17 Aug 2010 22:52:29 GMT

ThreatSentry is a Web Application Firewall and Intrusion Prevention solution that helps system administrators improve web application security and comply with regulatory demands such as Section 6.6 of the Payment Card Industry Data Security Standard. ThreatSentry 4 supports Windows Server 2008 R2 and IIS 7 on 32 and 64 bit systems.

An ISAPI Extension hosted in MMC, ThreatSentry's knowledgebase of pre-configured filters is designed to identify and block a broad range of web application threats including Structured Query Language (SQL) Injection, DoS, Cross Site Request Forgery (CSRF/XSRF), Cross-Site Scripting (XSS) and other attack techniques. ThreatSentry's conventional defense capabilities are augmented by a behavior-based Intrusion prevention component that profiles typical request activity and detects unusual events and patterns indicative of zero-day and targeted attacks. Default configuration settings are designed to deliver optimal out-of-box performance and administrative ease.

ServerDefender AI

port80 — Fri, 27 Feb 2009 14:43:01 GMT

Advanced Behavioral Learning Web Application Firewall

The new ServerDefender Artificial Intelligence (AI) Web application firewall is designed to provide immediate protection for Web sites and applications running on the Microsoft IIS Web server by blocking known HTTP, IIS, Windows, and application attack signatures:

HTTP methods
URL characters and request elements
URL query strings
POST data
Specific HTTP request headers.

ServerDefender AI then goes beyond mere signature blacklisting by learning, from your Web logs or by monitoring traffic with your guidance, exactly what is legitimate traffic for your site and blocking anything else:

An advanced behavioral engine organizes IIS server requests into a multi-dimensional baseline of normal system activity.
Each server connection and request is scrutinized by the rule-set configured in ServerDefender AI and also by the behavioral baseline to identify and take action against any activity falling outside trusted parameters.
ServerDefender's anomaly detection and intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from Web administrators.

Combining attack countermeasures -- ranging from 404 error presentation, robust IP blocking to IIS shut-down -- with reporting and real time alerts (via e-mail, SMS/text message, and instant messaging services), ServerDefender AI is the complete solution. The software analyzes, detects and responds to suspicious activity, accurately differentiating between trusted and untrusted behavior to thwart hacker attacks such as:

SQL injection
cross-site scripting (XSS)
request forgery (CSRF)
buffer overflows
directory traversal
zero-day
brute force
dictionary

In short, only safe, trusted requests are allowed to the application and database layers of your Web site or app.

ServerDefender AI adds its own external layer to protect application source code and database layers from attack with no additional hardware infrastructure, no single point of failure, and low overhead. This Web app firewall leverages your existing IIS Web server resources to stop unauthorized access or remote control of your network, site defacement, and loss of data.

ServerMask

port80 — Thu, 15 Jan 2009 14:53:56 GMT

Stop Information Leakage: Web Server Anonymization
Misdirect Hackers for Defense-In-Depth Security
New Version 4 Released December 2008

Broadcasting your Web server's identity allows intruders to complete their first task -- identifying your operating system, Web server, and application technology. ServerMask modifies your IIS Web server's "fingerprint" by removing unnecessary HTTP header data and adjusting other response information.

ServerMask obscures the identity of your Microsoft IIS Web server's "fingerprint" by:

    * Removing unnecessary HTTP response data
    * Camouflaging info by providing false signatures
    * Modifying cookie values
    * Removing the need to serve file extensions

Successful anti-reconnaissance makes it more likely attackers will try the wrong exploits first and be snared by firewalls and intrusion detection systems. ServerMask augments these defenses to build more secure networks, return better results on security audits, and mitigate the risk of attack.

ServerMask is already protecting thousands of customers around the world, including financial institutions, governments, and Fortune 1000 companies

With easy installation and configuration in minutes, secure your Microsoft IIS Web servers by downloading ServerMask today.

ServerDefender VP

port80 — Thu, 08 Jul 2010 14:38:48 GMT

ServerDefender Vulnerability Protection (VP) Web application firewall is designed to provide IMMEDIATE PROTECTION for Web sites and applications running on the Microsoft IIS Web server by blocking Web attacks including SQL injection, buffer overflows, cross-site scripting (XSS) and request forgery (CSRF), zero-day, brute force, dictionary, denial of service and others. SQL Injection - SDVP scrutinizes incoming data with a set of strict web application security controls thereby preventing SQL injection attacks attempting to use application code to access or corrupt database content. Cross-Site Scripting (XSS) - SDVP blocks XSS attacks often used in conjunction with phishing, social engineering, and other browser exploits, ultimately preventing malicious HTML or client-side scripts from being injected into Web pages viewed by others. Cross-Site Request Forgery - SDVP prevents orphaned sessions that could become points of attack and vulnerability, potentially sending a harmful pre-authenticated request to a vulnerable web application. Session Hardening - SDVP enforces your security policy in a stateful manner, making its web application security controls even more effective.

SSL Protocol & Cipher Manager for IIS

pete.freitag — Fri, 23 Oct 2009 12:41:48 GMT

A Windows GUI for managing SSL ciphers and protocols. If your web site handles credit card transactions and must comply with PCI requirements you must disable weak protocols and ciphers in IIS (such as SSL V2). This tool makes it very easy to do, saving you time and worry.

IIS Authentication plugin for Wordpress

mvolo — Thu, 16 Aug 2007 01:22:28 GMT

The IIS Authentication plugin allows Wordpress to recognize IIS authentication methods, allowing the user to log in with an IIS authentication method such as Windows Authentication, Basic Authentication, or the ASP.NET forms authentication.

The Wordpress blog engine would then recognize the IIS user and use it for things like writing posts, leaving comments, or performing blog administration.

IIS Passwords Sync

HostsTools — Tue, 14 Oct 2008 11:41:23 GMT

IIS Passwords Sync is a command line tool. And it is free!

IIS 6.0 web sites run under anonymous user accounts. It is IUSR_<machine name> (by default) or other user accounts created by your web hosting control panel. The users' passwords are set automatically and are never known. However, sometimes for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to use IIS Passwords Sync program. It extracts the passwords that Microsoft IIS 6.0 has in its metabase and updates the accounts in Local Users and Groups to use that passwords.

RSA Authentication Agent 5.3 for Web for Internet Information Services

rsasecurity — Wed, 20 Dec 2006 22:07:59 GMT

The RSA Authentication Agent 5.3 for Web for Internet Information Services is the RSA solution that enforces two-factor SecurID authentication for Web applications running on the IIS Web Server. RSA Authentication Agent 5.3 for Web for Internet Information Services: . Provides local, domain, and multi-domain access to the Web resources . Supports private SSL communication channel between user and Web server . Allows single sign-on access for Microsoft Outlook Web Access and Microsoft Sharepoint Portal . Supports wireless access protocol authentication . Interoperable Microsoft Exchange Server 2003 ActiveSync In addition, RSA Authentication Agent 5.3 for Web for Internet Information Services . Controls user and group access privileges to protected web resources . Provides customizable activity trace/security log, exception, incident, and system usage reports . Uses tamper evident cookies to prevent cookie alteration or forging

IISPassword

troxo — Wed, 20 Dec 2006 22:12:36 GMT

IISPassword by Troxo is an add-on for Microsoft IIS which password protects web contents without using system user accounts. With it's compatibility with htaccess based protection on Apache and a user-friendly interface, fully integrated with IIS, IISPassword makes it easy for server administrators to protect web files and folders. IISPassword can be integrated with existing solutions for automatic administration based on scripts or applications.

HotlinkBlocker

helicontech — Wed, 20 Dec 2006 21:40:54 GMT

HotlinkBlocker protects your web site against leech sites that steal traffic by directly linking to your content. Image collections, video or document archives, Flash games and music, any content can be protected by HotlinkBlocker easily and flawlessly. It can turn parasites into advertisers redirecting their clients to your site's homepage. Install trial version of HotlinkBlocker now and start saving money immediately.

AuthentiX

flicks — Wed, 20 Dec 2006 21:36:26 GMT

Form-based or 100% cookie-free "Basic Authentication" website protection while keeping your NT Users Names and Passwords private. Protect all files, not just ASP pages. Validate against internal database, text file or external ODBC datasource. Webmasters love AuthentiX.

.netPROTECT

cws — Fri, 19 Jan 2007 13:26:26 GMT

.netPROTECT is a natural evolution of our password protection, IIS authentication and management systems, incorporating years of feedback from thousands of clients, into a completely managed solution which supports xcopy deployment and shared hosting environments. .netPROTECT is one of the most advanced password protection systems available on any platform and can be used by webmasters with no development experience to experienced ASP.NET developers alike. .netPROTECT also includes seamless integration with .netPAYMENT for a complete, end to end, paid membership system.

VideoQuota

flicks — Wed, 20 Dec 2006 21:35:30 GMT

Internet Content Administrators now have a single integrated solution for password protecting streaming video/audio as well as website membership areas. VideoQuota allows you to protect WMS media files as well as IIS directories from a single, integrated application control panel.

iisPROTECT Password Protection

cws — Fri, 19 Jan 2007 13:22:22 GMT

In 2001, after years of development, we released a high end authentication and password management system, iisPROTECT. This ISAPI filter based authentication system has seen extensive commercial use in thousands of sites throughout the world and continues to be enhanced.

ASP.NET Security Context Troubleshooter

dbaier — Mon, 05 Feb 2007 15:59:38 GMT

In IIS/ASP.NET you have to juggle with a lot of identities. Some are used for resource access, some for NTFS based authorization and some for role based authorization (some on Context.User, some on Thread.CurrentPrincipal).

This test page shows all relevant information about the current security context and makes it easier to troubleshoot security context related problems.

IIS Secure Parameter Filter (SPF)

bholyfield — Tue, 16 Dec 2008 17:05:41 GMT

SPF is an application security module designed for Microsoft IIS web servers. SPF uses cryptography to dynamically secure embedded application parameters from manipulation at runtime. These parameters typically include Query String variables, non-editable HTML Form Inputs, Browser Cookies, and other variables set via client-side JavaScript. SPF does not require any changes to the underlying application code and provides instant protection against parameter tampering, URL manipulation and replay attacks. SPF also includes the capability to define forbidden input patterns (Black-Lists) using regular expressions to block known attack signatures.