While taking part in the Software Security course offered through Coursera, one of the projects requires you to setup a virtual instance of BadStore.
BadStore is a deliberately vulnerable web application, which offers a hands-on approach to finding and exploiting web based vulnerabilities. It’s an older piece of software, but the material is still relevant today.
BadStore is available at http://www.BadStore.net. I also have a copy below as the site was not responding when I was originally setting up the project.
It required a couple of attempts for me to get it working under VMWare as this is based on an older Linux kernel, and seeing the questions on the discussion forums I figured I’d outline the steps to getting it setup for anyone who is running into issues.