OWASP Hackademic Challenges
This is an open source project that helps us test our knowledge on web applications security. This can actually be used to attack web applications in a realistic but controllable safe env.
You can download the current version here. Don't feel like setting up the env. yourself. Try the live hosted version. Kudos to the OWASP team.