This post is just a reference to a list of available vulnerable web applications, in case I need to test tools or sharpen my skills :)

This post from Taddong has a good list of projects that maintain vulnerable web applications in several languages: PHP, Java, Ruby, ColdFusion, etc.

The listing is broken into Offline (source code),  VM/ISO  and Live Systems.