Google's online tutorial for web developers includes a server which demonstrates typical vulnerabilities for them to virtually exploit. The tutorial consists of two elements: an intentionally unsafe mini-blog web application
The Google Code University's guide includes sections on cross-site scripting, path traversal, code execution and denial of service. It then challenges the student to exploit the various vulnerabilities on the Jarlsberg server, providing some hints along the way. For those who do not discover the solutions, each section ends with answers and a suggestions on how the student might improve their technique.

The link for this article located at H Security is no longer available.