Foundstone has released a sample web application written in ASP.NET / C# that simulates the most common vulnerabilities in todays HTTP based applications (cross site scripting, sql injection…).
You can instantly start hacking – or read the detailed how-to pdf thats included.
Have Fun :)