I'm not sure if a tutorial is needed for this, since their is already one on FAQForge on how to install mod_security, also how to whitelist.
Therefor this is really more a collection on useful information for them rather than a guide itself.
However, it might be a good refresher to see it here as a tutorial again - I'll look if I find time...but I hope to be able to test some more popular CMS like typo3, joomla, Drupal etc. first so we have a solid list.
BTW it would be good if you could re-check the WebDAV thing by yourself and add it to ISPConfig by default (like you did completely disable mod_security for ISPConfig's vHost).