It's been a while since I've had the chance to put up a blog entry, mainly due to travel during the last few weeks. This post will take a quick break from the Top 10 series and introduce some useful tools you can use to get hands-on experience with web application vulnerabilities in a sandbox environment.

Traditionally, you would first have to spend a decent amount of time setting up a server, installing/configuring the applications (or worse, writing your own), generating fake data, and generally performing lots of sysadmin work that is really not related to IT security. These tools (along with many others), make this process much easier by providing ready-made environments where you can explore secure coding concepts and "get your hands dirty" on other people's programming mistakes (both intentional and unintentional).