安全测试相当详细的一份资料了，基本上各种类型及测试方法全部都涉及到了

The OWASP Top 10 is primarily intended to educate developers, designers, architects and companies on the impact of security vulnerabilities most common web applications.

Web application JAVA J2EE, STRUTS, JSP, HIBERNATE, Mysql OR HSQLDB, this application show the top 10 OWASP attaks. This application contain two applications : security-training-start (application with security flaw) And security-training-cor