OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.