Google has come out with an online tutorial that gives security enthusiasts an opportunity to play the role of an intruder by exploiting real security vulnerabilities in a mock web application.
Google's "Web Application Exploits and Defenses" codelab can be used in a black-box setting, in which hackers aren't privy to the source code of the application they're attacking, or a white-box setting, in which they are. Jarlsberg is written in Python, although hackers, of course, need not be versed in the language in order to make mincemeat of the application.
The tutorial is designed to give developers - and anyone else - hands-on experience finding and fixing security bugs in the typical web application. It's broken up into various classes of vulnerabilities such as XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal. Students are taught not only how to identify specific types of vulnerabilities but how to exploit them to carry out certain types of attacks.
The online website -
http://jarlsberg.appspot.com/the instructor's guide -
http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdfClick the following links for more information:
http://www.theregister.co.uk/2010/05/05/google_web_app_security_course/
Tutorials : Hacking Scenarios 
Hadnagy : [Article]-An Insider`s Look at the Social-Engineer.Org SE CtF at DEFCON
Editor-In-Chief : Free Webcast: Don't Pick the Lock, Steal the Key - PW Auditing with Metasploit
Links to cool sites. : Ninja-Sec Challenge You !
Tools : Nmap 6 Released
