FuseGuard 2.0 - ColdFusion's <body> Guard

The FuseGuard Web Application Firewall for ColdFusion is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.

Application License $349 per ColdFusion application	Server License $999 per server	Support Services $599 per year Up to 4 hours

What are People Saying about FuseGuard?

"Highly Recommended!"

The <CFHour> Podcast Listen

FuseGuard was easy to install on ColdFusion 9 Enterprise, has blocked numerous hack attempts ... I only wish I'd been using FuseGuard earlier!

Aaron Longnion - Founder & CTO of Refynr.com

"The best $350 you can spend on securing your application."

John Blayter - Denver ColdFusion User Group Manager

"After years of patching a homegrown web application firewall that continued to fall short during third party security audits, our team tested replacing it with FuseGuard. FuseGuard's report interface made easy work of analyzing the security alerts and allowed us to configure the firewall to maximize the signal to noise ratio very efficiently. We found FuseGuard to be very extensible so that we could customize it to handle some of the quirks in some legacy applications. After a few days of using FuseGuard in our Dev environment, we put our apps to the test by running IBM's AppScan security analysis tool against them. We found that with FuseGuard our web applications easily passed the security audit with flying colors, so we rolled it out into production across all of our sites."

Steven Erat

Why use a Web Application Firewall?

A recent study by security firm Veracode found that "58% of all applications submitted for verification did not achieve an acceptable security score... Internally Developed applications fared the poorest, with failure rates as high as 88%."

Even the best developers in the world are capable of writing code that is not secure. Security vulnerabilities, like bugs are often unintended oversights. Just as no developer writes 100% bug free software 100% of the time, no developer can write 100% secure code 100% of the time.

Blocks Many Types of Attacks

The firewall comes with over 15 filters to help protect against vulnerabilities such as:

Malicious File Uploads
Cross Site Scripting / XSS
SQL Injection
Session Hijacking
Cross Site Request Forgery
CRLF Injection
Path Traversal Attacks
Password Dictionary Attacks

Important Note

We highly recommend that you frequently perform security audits to identify vulnerabilities within your code and server configuration. FuseGuard should not be your only line of defense.

We include a FREE copy of our CFML Security Checklist with every purchase of our firewall. If you need help reviewing your ColdFusion code, we can help.

Easy to Add to Existing Applications

Adding protection to your existing web applications is extremely easy to do, even for entry level programmers. Additionally we can help you install it.

Copy the Firewall Files on to your server
Edit the configuration file to determine which types of attacks you want to block or log.
Add a few lines of code we supply to your Application.cfm or Application.cfc file

Customizable & Configurable

Because the firewall is written in ColdFusion, you will find it very easy to extend, and configure. Other firewalls have domain specific languages you need to learn in order to configure them properly. You already use CFML why not use that to configure your WAF.

You can also write your own custom filter in CFML that runs inside the firewall.

Checkout the Documentation and CFC API Reference

Thoroughly Tested

We've worked hard to create a high quality product. We've written hundreds of unit tests, and have researched web application security extensively to create a first of its kind security product for ColdFusion.

Run's Where You Need It

We support the ColdFusion Web Application Firewall on:

Adobe ColdFusion 7, 8, or 9
Open Bluedragon 1.0 and up
Railo 3 and up

Using a database for logging is not required (you can log to file or email), we currently support these database platforms:

MySQL 4 or Greater
Microsoft SQL Server 7 or Greater
Apache Derby (Included in CF8 or Greater, script for creating DB and Datasource Included)

Works on most shared hosting environments.

Licensing

There are three standard licensing options, however if you have a licensing need that doesn't fit within our model we would be happy to work out a custom quote.

Application License $349/application - This license allows you to use the firewall on one web application on one server. An Application is defined as a collection of CFML code which runs off of a single Application.cfc or Application.cfm file.
Server License $999/server - Allows you to use the firewall on an unlimited number of Applications residing on ONE physical server. The physical server may contain multiple J2EE server instances, and multiple virtualized operating systems.
Enterprise License $7999/unlimited - Software may be used on multiple physical servers, and applications within the same organization located in the same country.
Clustered License - For Applications that are clustered or behind a load balancer. Contact Us for details and pricing.
Cloud License - For Applications that run on a number of servers that changes dynamically. Contact Us for details and pricing.

Here are some frequently asked licensing questions:

Can I upgrade my Application License to a Server License?

Yes, you can upgrade for the difference in price, $650. Add to Cart

Does the Server license cover multiple ColdFusion instances?

Yes, the server license covers an unlimited number of FuseGuard instances on the same physical server. This includes multiple Applications within a single ColdFusion instance, multiple applications on multiple instances of ColdFusion (on the same physcial server), and multiple instances of ColdFusion on multiple virtualized servers (running from the same physical host computer)

What constitutes an Application?

An application is defined as a single Application scope. If you have multiple Application.cfc/cfm files that all share the same application scope, they are considered to be a single Application. If you have a special scenario, please contact us and we'll let you know.

Do I need to purchase licenses for Development, Staging, Testing Servers?

No, a single FuseGuard license may be used on unlimited non-production servers, including development, staging, testing / qa, backup, hot-standby.

Other Security Products & Services

CFML Security Checklist Included Free with Firewall Purchase
ColdFusion Security Consulting
HackMyCF - A FREE Service that checks your ColdFusion server for remote vulnerabilites

ColdFusion is a trademark of Adobe Systems Incorporated.