10/10/2005: "WebGoat an excellent application for testing web security"
Few people have open access to full blown web based business applications that they can use to practice all manner of web based attacks. The Open Web Application Security Project has created a full J2EE web application called WebGoat that is aimed at allowing people to practice various attack vectors whilst giving on line lessons on how to perform the attacks. The tool includes examples for Cross Site Scripting, SQL Injection, blind SQL, weak session identifiers and many more. This is a great tool for those wishing to learn about web application security.