Zen, developed by Aikido, is designed to protect your web applications from a wide range of vulnerabilities. This is a live example app. Zen is installed and configured to protect this application. Here you can experiment with different types of injection attacks, user blocking, rate-limiting, bot blocking to see how Zen is able to protect against unwanted behavior at runtime.
→ Install Zen and start securing your web applications today!
Test rate-limiting and bot blocking
You can test our rate limiting features with the following button, this is equivalent to running the following cURL command
curl ...test_ratelimiting_1
(max 3 requests / minute)
You can test our bot blocking features with the following button, this is equivalent to running the following cURL command
Note: This only works on Firefox, Chromium-based browsers currently have an issue with setting the User-Agent in a fetch request (see here). You can still test it out with the cURL command below
curl \
-H "User-Agent: Mozilla/5.0 (compatible;
Bytespider/1.0; +http://bytespider.com/bot.html)" \
-X GET ...
User blocking
In this example app the user is determined by a user header, we provided some examples here
curl \
with allowed user (ID: 123456)
-H "user: 123456" \
-X GET ...
curl \
with blocked user (ID: 789)
-H "user: 789" \
-X GET ...
IP Blocking
Demo-ing the IP Blocking capabilities isn't super easy. We offer support for geo-ip blocking, blocking of malicious actor and blocking Tor traffic
We enabled the blocking of Tor traffic on this site to demo the IP Blocking capabilities as best as we could.
Attack Wave Simulation
Test attack wave detection by sending probing requests to trigger reconnaissance detection.
AI Usage
Large language models are awesome, but providing them with user input opens up the door to abuse. Try out our monitoring and protection methods below.