OWASP WebGoat is a deliberately insecure web application designed to teach web application security lessons.
example.com and example.org are maintained for documentation purposes. These domains may be used as illustrative examples in documents without prior coordination with IANA. They are not available for registration or transfer.
metasploitable is an insecure Linux virtual machine for testing Metasploit and other exploitation tools without hitting live servers.
Gracefully Vulnerable Virtual Machine is a web application running on a virtual machine, designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications.
HackThisSite! is a legal and safe network security resource where users test their hacking skills on various challenges and learn about hacking and network security.