FTW project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF.
Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules.
Users can verify the execution of the rule after the tests are issued to make sure the expected response is received from an attack.
Installation ModSecurity Framework FTW
git clone https://github.com/CRS-support/ftw.git
virtualenv env && source ./env/bin/activate
- pip install -r requirements.txt
- py.test -s -v test/test_default.py –ruledir=test/yaml