Will be doing that once Christmas and new years is over. Can't wait! 

As my op stated, I'm not looking for things like WebGoat, De-ICE or things like that. I've already done all that, and it only allows you to try out concepts, not apply them in a real-life situation that gives you any experience you can use anywhere else.

Hey there,

So I've been pondering this question for a few days. I was wondering if anybody had any good ideas:

As somebody who's learning about information security, what is the best way to gain experience in stuff like penetration testing and general application security?

Obviously, I can't go out on the internet and start attempting to get into servers/web apps or the like. So it has to be done in a controlled environment.

But where does on find real-life targets to gain experience working against? And where does on find targets that aren't obviously flawed and "too easy", yet aren't so high-profile targets that you need to be a guru to break it?

Basically the goal is just to find a project to work on to give one experience with security. Any ideas/advice is appreciated.

I already went through the first couple of exploit development guides at corelan, and have exploited a number of targets(Including freefloat). So I'm pretty up to speed on buffer overflows(No SEH/Stack cookie exploiting so far though)

That's not helpful. I can read all the books in the world, but if I don't read things that's actually gonna help me over the next 2 months, then it's not worth it.

So what books should I read over the next 2 months? Or other activity that will teach me stuff, that would make PWB a bit easier?

Hey,

In January I'll be doing PWB. Until then, I have 2 months(including my Christmas vacation) to basically do studying ahead of doing PWB.

What books should I be reading over the next months to prepare myself for PWB, and make my life less of a hell once I do it? Anything I should be doing?

Any advice is most welcome!

Thanks in advance.