Web application security is difficult to learn and practice. Very few people have full blown web applications like online book stores or online banks that can be used to search for vulnerabilities. In addition, security professionals frequently need to test tools against a known vulnerable platform to ensure they perform as advertised.