Use Lynx via a remote shell.
Squid can be setup to filter things out. It, however, needs RAM and fast disk IO to really work well.
You could setup an IDS using Snort, and use Metasploit to create traffic. Alternately, you could look into ways to mitigate a DOS attack. There are a lot performance testing tools to generate loads for website testing.
You could research how application design influences the creation of insecure code and vulnerabilities. This dovetails off of the secure coding research paper I did. This could be more of a computer science topic rather then an IT security topic though.