ModSecurity
Web application firewall engine for Apache, nginx, and IIS with OWASP CRS rule sets and audit logging.
Why it is included
Foundational open WAF layer still embedded in many reverse-proxy stacks.
Best for
Self-hosted WAF in front of monoliths and APIs with tuning time.
Strengths
- CRS rules
- Audit log detail
- Connector ecosystem
Limitations
- False positives; needs active tuning and DevOps ownership
Good alternatives
Coraza WAF · commercial WAAP
Related tools
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Networking & Remote Access
nginx
High-performance web server, reverse proxy, and load balancer.
Security & Privacy
OWASP Top 10
Community awareness document for critical web application risks.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.
Security & Privacy
Nikto
Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.
Security & Privacy
OWASP Amass
Attack surface mapping engine: DNS, certificates, APIs, scraping, and graphing for deep asset discovery.