This workshop will introduce you to a free and professional-grade software program that is used to attack websites called the OWASP Zed Attack Proxy. In a specially prepared lab environment, you will see how real-life attack techniques like code injection are discovered and used in order to gain unauthorized, administrative access to websites and steal information like user passwords. By seeing how and why the attacks work, you will be better prepared to defend your own accounts and any websites you might be building or be responsible for protecting.
https://wiki.hope.net/index.php?title=Introduction_to_Exploiting_Web_Applications_workshop