today I wanna point out this amazing project called DVWA (Damn Vulnerable Web App) developed by Ryan Dewhurst.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
The"camera-shy" presentation :D is here :
And here the well-done "how to install and set up" DVWA.
As you probably know I've written some Vulnerable Challenges and some Hacking Missions around theglobe (especially cesena.ing2.unibo.it) but the great idea of this guy is the "View Code" button which shows where is the bug inside the code.
Good job man, and if you need help please feel free to contact me.