Web Security Dojo is a web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo. It is available free of cost.
Targets: * OWASP WebGoat, * Damn Vulnerable Web App, * Hacme Casino, * OWASP InsecureWebApp, * custom PHP scripts including REST and JSON labs
Tools: * Burp Suite (free version), * w3af, * OWASP Skavenger, * OWASP Dirbuster, * Paros, * Webscarab, * Ratproxy, * sqlmap, * helpful Firefox add-ons
src- Web Security