OWASP have a 'open source project that helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controllable and safe environment. On the left menu you can see all attack scenarios that are currently available.'
I've just completed Web 1 although I have to admit I had help.
Go have a go. http://hackademic1.teilar.gr
I'll post what I did sometime in the future.