ModSecurity Trustwave

ModSecurity Demonstration Projects

ModSecurity CRS Evasion Testing Demo
The ModSecurity Demo allows users to easily test the effectiveness of the OWASP CRS rules. Any data is sent to a ModSecurity install for inspection and processing. The response body will then list any rules that triggered.

XSS Mitigation with Content Injection Demo
This demo shows how to use ModSecurity's Content Injection capabilities to prepend defensive JavaScript to the top of the returned page, which will protect against unauthorized JS execution.

ModSecurity Protecting Commercial Web App Vuln Scanner Demo Sites
We have setup ModSecurity to proxy to the following 4 commercial vuln scanner demo sites:

  1. IBM (AppScan) - demo.testfire.net site
  2. Cenzic (HailStorm) - CrackMe Bank site
  3. HP (WebInspect) - Free Bank site
  4. Acunetix (Acunetix) - Acuart site
If ModSecurity sees any inbound attacks or outbound application defects/info leakages, it will prepend a warning banner to the top of the page.