FuseGuard 2.4 - ColdFusion's <body> Guard
$349per ColdFusion application
Up to 4 hours
What are People Saying about FuseGuard?
The <CFHour> Podcast Listen
FuseGuard was easy to install on ColdFusion 9 Enterprise, has blocked numerous hack attempts ... I only wish I'd been using FuseGuard earlier!
Aaron Longnion - Founder & CTO of Refynr.com
"The best $350 you can spend on securing your application."
John Blayter - Denver ColdFusion User Group Manager
"After years of patching a homegrown web application firewall that continued to fall short during third party security audits, our team tested replacing it with FuseGuard. FuseGuard's report interface made easy work of analyzing the security alerts and allowed us to configure the firewall to maximize the signal to noise ratio very efficiently. We found FuseGuard to be very extensible so that we could customize it to handle some of the quirks in some legacy applications. After a few days of using FuseGuard in our Dev environment, we put our apps to the test by running IBM's AppScan security analysis tool against them. We found that with FuseGuard our web applications easily passed the security audit with flying colors, so we rolled it out into production across all of our sites."
Why use a Web Application Firewall?
A recent study by security firm Veracode found that "58% of all applications submitted for verification did not achieve an acceptable security score... Internally Developed applications fared the poorest, with failure rates as high as 88%."
Even the best developers in the world are capable of writing code that is not secure. Security vulnerabilities, like bugs are often unintended oversights. Just as no developer writes 100% bug free software 100% of the time, no developer can write 100% secure code 100% of the time.
Blocks Many Types of Attacks
The firewall comes with over 15 filters to help protect against vulnerabilities such as:
- Malicious File Uploads
- Cross Site Scripting / XSS
- SQL Injection
- Session Hijacking
- Cross Site Request Forgery
- CRLF Injection
- Path Traversal Attacks
- Password Dictionary Attacks
We highly recommend that you frequently perform security audits to identify vulnerabilities within your code and server configuration. FuseGuard should not be your only line of defense.
Easy to Add to Existing Applications
Adding protection to your existing web applications is extremely easy to do, even for entry level programmers. Additionally we can help you install it.
- Copy the Firewall Files on to your server
- Edit the configuration file to determine which types of attacks you want to block or log.
- Add a few lines of code we supply to your
Customizable & Configurable
Because the firewall is written in ColdFusion, you will find it very easy to extend, and configure. Other firewalls have domain specific languages you need to learn in order to configure them properly. You already use CFML why not use that to configure your WAF.
You can also write your own custom filter in CFML that runs inside the firewall.
We've worked hard to create a high quality product. We've written hundreds of unit tests, and have researched web application security extensively to create a first of its kind security product for ColdFusion.
Run's Where You Need It
We support the ColdFusion Web Application Firewall on:
- Adobe ColdFusion 7, 8, 9, or 10
- Open Bluedragon 1.0 and up
- Railo 3 and up
Using a database for logging is not required (you can log to file or email), we currently support these database platforms:
- MySQL 4 or Greater
- Microsoft SQL Server 7 or Greater
- Apache Derby (Included in CF8 or Greater, script for creating DB and Datasource Included)
Works on most shared hosting environments.
There are three standard licensing options, however if you have a licensing need that doesn't fit within our model we would be happy to work out a custom quote.
- Application License $349/application - This license allows you to use the firewall on one web application on one server. An Application is defined as a collection of CFML code which runs off of a single Application.cfc or Application.cfm file.
- Server License $999/server - Allows you to use the firewall on an unlimited number of Applications residing on ONE physical server. The physical server may contain multiple J2EE server instances, and multiple virtualized operating systems.
- Enterprise License $7999/unlimited - Software may be used on multiple physical servers, and applications within the same organization located in the same country.
- Clustered License - For Applications that are clustered or behind a load balancer. Contact Us for details and pricing.
- Cloud License - For Applications that run on a number of servers that changes dynamically. Contact Us for details and pricing.
Here are some frequently asked licensing questions:
Can I upgrade my Application License to a Server License?
Yes, you can upgrade for the difference in price, $650. Add to Cart
Does the Server license cover multiple ColdFusion instances?
Yes, the server license covers an unlimited number of FuseGuard instances on the same physical server. This includes multiple Applications within a single ColdFusion instance, multiple applications on multiple instances of ColdFusion (on the same physcial server), and multiple instances of ColdFusion on multiple virtualized servers (running from the same physical host computer)
What constitutes an Application?
An application is defined as a single Application scope. If you have multiple Application.cfc/cfm files that all share the same application scope, they are considered to be a single Application. If you have a special scenario, please contact us and we'll let you know.
Do I need to purchase licenses for Development, Staging, Testing Servers?
No, a single FuseGuard license may be used on unlimited non-production servers, including development, staging, testing / qa, backup, hot-standby.
Other Security Products & Services
- CFML Security Checklist Included Free with Firewall Purchase
- ColdFusion Security Consulting
- HackMyCF - A FREE Service that checks your ColdFusion server for remote vulnerabilites
ColdFusion is a trademark of Adobe Systems Incorporated.