1) Prevent web site attacks with effective web server protection: An application-layer solution works best to inspect requests as they come in from the network and at every level of processing in between. If at any point a possible attack is detected, a solution like this will take over and prevent unauthorized access and/or damage to the web server and host applications. 2) Look for solutions with IIS ISAPI Integration: Solutions developed as an ISAPI filter allow for tighter integration with the web server as compared to other application firewalls. Look for a solution that monitors data as it is processed by IIS, blocking any requests that resemble one of many classes of attack patterns; including SQL injection and cross site scripting. 3) As a site visitor, make sure you have zero-day protection: Look for solutions that use multiple security filters to inspect web server traffic that could cause buffer overflows, parser evasions, directory traversal, or other attacks. This enables blocking of entire classes of attacks, including those attacks that have not yet been discovered.