Pentest - (Online) Web Based
Name: Biscuit
Homepage: http://heideri.ch/biscuit/
Brief description: Goal: alert(document.cookie) // extract the PHPSESSID, FF3.6 - 4 only!
Version/Levels: 1


Name: Gruyere / Jarlsberg
Homepage: http://google-gruyere.appspot.com/
Brief description: This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application
Version/Levels: 1 (v1.0.7)



Name: HackThis
Homepage: http://www.hackthis.co.uk/
Brief description: Welcome to HackThis!!, this site was set up over 2 years ago as a safe place for internet users to learn the art of hacking in a controlled environment, teaching the most common flaws in internet security.
Version/Levels: 32 (40?)



Name: HackThisSite
Homepage: http://www.hackthissite.org/
Brief description: Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
Version/Levels: Lots


Name: Hell Bound Hackers
Homepage: http://www.hellboundhackers.org/
Brief description: We offer challenges that teach you how computer based exploits work. The idea being, if you know how to exploit a website for instance, then you can go and secure your website, and help others in securing theirs. If you know how malicious hackers get in, you can keep them out.
Version/Levels: Lots


Name: Hackxor
Homepage: http://hackxor.sourceforge.net/cgi-bin/index.pl
Brief description: Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
Version/Levels: 1


Name: Vicnum
Homepage: http://vicnum.ciphertechs.com/
Brief description: A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats
Version/Levels: 1.4 (2009)