On May 4, 2010, Google Webmaster Central Blog announced a codelab called Web Application Exploits and Defenses. The codelab is for use in learning/training about common web vulnerabilities. It's built around a micro blogging application that is riddled with security holes. The goal is to provide users with an opportunity to apply white-box hacking to learn and understand some of the most common web vulnerabilities and exploits. The bugs are real bugs. The application is real.
I love this idea. If you've never applied any of the hacking techniques addressed in the CodeLab, it's tough to know how to prevent them. This is similar to WebGoat, which is also useful for learning web application security. Even if you don't use the same programming technologies or web development language presented in the lab, it's still completely applicable in understanding exploit techniques and how they apply in your environment.