If you’re familiar with the Damn Vulnerable Web App (DVWA) then you will love this. It’s called Hackazon and in its own words:
Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and testing ground for IT security professionals. And, it’s full of your favorite vulnerabilities like SQL Injection, cross-site scripting and so on.
I plan to pull and run this myself in the coming days. Let me know what you think in the comments down below.