Solutions Directory

Web Application Firewalls

Network Based (Proxy, Bridge or Sniffer)

• Armor Logic - Profense
• Assurent - Web Application Firewall
• Barracuda (fromerly NetContinuum) - Web Application Firewall
  • Xiom Coverage
• Bee-Ware - i-Suite
• BinarySEC
• Breach Security - WebDefend
• BugSec - WebSniper
• Citrix (Formerly Teros) - Application Firewall
• Cisco - ACE XML Gateway
• Deny All - rWeb
• F5 - Application Security Manager
  • Xiom Coverage
• Fujitsu - IPCOM EX (Xiom Coverage)
• GeNUA - GeNUScreen (Based on Art of Defence)
• Guardian@JUMPERZ.NET (open source)
• Imperva - SecureSphere
  • Imperva’s DIY syslog format - intersting article about the internals of Imperva's flexible syslog mechanism
• JetNexus - Enterprise Traffic Manager JAF (Based on Art of Defence hyperguard)
• Mykonos - The Mykonos Security Appliance
• NFOCUS
  • Xiom Coverage
• Protegrity - Defiance
• Radware - AppWall (Based on Protegrity)

Host Based

• Armorize - smartWAF (Various hosts, Based on Art of Defence)
• Art of Defence - Hyperguard (Various hosts)
• Applicure - dotDefender (Apache and IIS)
• HTTP Data Integrity Validator (HDIV) (Java, open source) ⁽¹⁾
• ModSecurity (Apache, open source)
• Privacyware - ThreatSentry (IIS)
• Port80 - ServerDefender (IIS)
• IISwall (IIS)
• OWASP ESAPI WAF (Java)

Service Based

• Art Of Defence
• BinarySEC
• Unisys

HTTP Aware IDPS

Many of the tools in this section have been proclaimsed by their creators as WAFs, but do not qualify by Xiom definition. This observation is based on available documentation, which in many cases is lacking, and we are open to comments and corrections.

Unless noted otherwise, HTTP aware IDPS solutions are host based.

• DragonSoft - Personal WAF (IIS, Sold as a WAF)
• Nec - SiteShell (Apache and IIS, sold as a WAF). 
  • Xiom Coverage
  • User Guide
• PHP IDS (Open Source, PHP)
• Anit Hacker (Open Source, PHP)
• AQTRONIX - WebKnight (Open Source, IIS, offered as a WAF)
• jFirewall - commercial but cheap solution specifically targeting Joomla sites.
• Microsoft - URLscan (Free, IIS).
  
  • Additional URLscan resources can be found at CGI security
• EEye - SecureIIS (IIS)
• Gothan - Secure Parameter Filter for IIS (SPF) (Free, IIS). an IIS filter that signs URLs, parameters and cookies sent to the client to ensure that they are not tampered with. Also includes rudimentary black list signatures.
• Web Application Firewall for ColdFusion (ColdFusion, still not released

Complementary Solutions

• BreakingPoint Systems - Hardware testing solutions for WAFs.
• ModSecurity tools & enhancements