Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application purposely designed to be vulnerable. Its primary objectives include providing a legal environment for security professionals to test their skills and tools, aiding web developers in comprehending the process of securing web applications, and assisting teachers and students in teaching and learning web application security within a classroom setting.

ModSecurity, also known as Modsec, is an open-source web application firewall (WAF) that initially functioned as a module for the Apache HTTP Server. Over time, it has expanded to offer a range of HTTP request and response filtering capabilities, as well as other security features, across various platforms including Apache HTTP Server, Microsoft IIS, and Nginx. Released under the Apache license 2.0, it provides a rule configuration language called 'SecRules' for real-time monitoring, logging, and filtering of HTTP communications based on user-defined rules.

Snort, an open-source network intrusion prevention system, is capable of performing real-time traffic analysis and packet logging on IP networks. Written in C programming language, Snort can execute protocol analysis, content searching/matching, and is employed to detect various attacks and probes such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Developed in 1998 by Martin Roesch and now maintained by Cisco, Snort is a network-based intrusion detection system based on a library packet capture tool.

Splunk serves as our chosen SIEM (Security Information and Event Management) solution. Through a web interface, Splunk displays all alerts generated by Snort and the firewall. Additionally, it provides robust tools for searching, understanding, and drawing deeper insights from these alerts. While Splunk is free for the purposes we're utilizing it for, there are optional licenses available for additional functionality, particularly for managing larger Splunk installations.