You may all be aware of this, but I was not. Last night I was looking for a LiveCD to use for testing some web app testing tools against. A couple of fine folks, Craig and Wesley suggested I check Damn Vulnerable Linux. So I did.
After a couple hours of download time, the thing is 1.5 GBs, I fired up a virtual machine, booted the iso, started apache and began poking about. They have put together a fine set of vulnerable applications and web pages that are very useful for both learning about pen/web security testing and testing new tools you might come across. The testing part is good for keeping the intarweb police jackboots off you neck 🙂
Check it out.