ModSecurity Framework FTW
The ModSecurity Framework FTW project was launched by researchers from ModSecurity and Fastly to provide rigorous testing of WAF rules. It uses OWASP Core Ruleset V3 as a basis for testing rules on a WAF.
Each rule in the rule set is loaded into a YAML file that issues HTTP requests that trigger those rules.
Users can check the execution of the rule after the tests are issued to ensure that the expected response is received by an attack.
Installation ModSecurity Framework FTW
git clone https://github.com/CRS-support/ftw.git
virtualenv env && source ./env/bin/activate
- pip install -r requirements.txt
- py.test -s -v test/test_default.py –ruledir=test/yaml