I stumbled across the OWASP ‘Broken Web Apps’ project today. Basically OWASP have created a vm that is purposely open to certain web based vulnerabilities.
I thought it may be worth a share as there may be more of you out there also wanting to gain a greater practical understanding of these issues.
The OWASP Broken Web Apps project can be found here
The VM can be downloaded from here