Joel sent me an email last week about an interesting application called WebGoat
from the Open Web Application Security Project. This sounded interesting so I went for a look. Basically web application security testing is hard to learn and practice as few have access to real complete web based business applications that they can hack. The WebGoat project provides a full J2EE web application that is designed to be tested for security bugs. The application includes lessons that allow someone to understand and try out various hacks. It includes a lot of different attack vectors including SQL Injection, Cross Site Scripting, hidden form field manipulation, blind SQL and many many more.