<p>The idea of creating web applications with intentional vulnerabilities is nothing new. It seems that everyone created at least one such application around the turn of the millennium. The problem is, most of those applications haven't been updated since then. In addition to being dated, these applications are largely closed source, can be complicated to set up, and often conflict with one another. In an effort to address these issues, this talk will describe the release of a new, completely free, virtual machine running a variety of open source, vulnerable web applications. This virtual machine is ideally suited for use as both a training environment and as a testbed for experimenting with web application and source code analysis tools and techniques.</p>