🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Framework for Testing WAFs (FTW!)

modsecurity audit log analyser and parser

Vagrant-based configurations intended for ModSecurity performance testing

ModSecurity Django middleware

A CLI wrapper for libmodsecurity (v3.0.10)

ModSecurity CRS rules parser (project moved to CRS-support: see https://github.com/CRS-support/secrules_parsing)

Experiments for paper ModSec-AdvLearn: Countering Adversarial SQL Injections with Robust Machine Learning

Test tool for mod-security rules

👴🏻 The only tool that parses your ModSecurity audit logs to generate exceptions automagically ;)

A script to send ModSecurity logs to Elasticsearch

A simple python cli app, to learn exclusions rules from the error.log for the OWASP Coreruleset to reduce false positives.

Python bindings for libModSecurity (aka ModSecurity v3)

Modsecurity for Kubernetes, with a new way of logging.

Practice exercises to enhance skills in tuning OWASP ModSecurity core rule set rules and implementing your own rules.

The log that modsecuirty produced that translate its txt to sql and save

42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.

AI-driven autonomous optimization of OWASP ModSecurity CRS. 30 experiments, BA from 80.8% to 98.4%, FPs cut 94%.

Empirical evaluation of ModSecurity CRS 3.3.8 at Paranoia Level 1 vs PL2 against SQLi and XSS payloads. Key finding: raising paranoia level doubled false positives with zero detection improvement.

Flask secure voting portfolio project with blind signatures, encrypted PII, audit-chain integrity, WAF controls, Vault signing, and security tests.