I'm wondering if there is a web application firewall (WAF) equivalent of VirusTotal? A site where I can throw for example injection strings, exploits or xss, and it will tell me what the default setups for different WAFs will detect.
I know there is the ModSecurity site out there which I could set up myself and experiment on, but I'd like one that covers the commercial offerings so I can get some experience with the way they work.
Question taken from seclist.org