Testing your patches
After a virtual patch has been applied you should test that it's working as intended by attempting to exploit the vulnerability and verifying that the exploit no longer works. If you created a test script to run against the vulnerability before implementing the virtual patch then this will be easy as all you have to do is run the script again and verify that the access attempt is being blocked by ModSecurity.
Equally important—if not even more so—is testing the functionality of your web application to make sure the virtual patch hasn't broken any functionality that was previously working. After all, the aim of applying the patch is to stop a vulnerability from being exploited, but not at the cost of breaking functionality that is critical for the proper operation of your web site. It's always a good idea to have a set of test cases ready to run against the web application to make sure it is working as intended.
