If you develop applications for the web understanding the latest security exploits is crucial to securing your site.  WebGoat by the Open Web Application Security Project is a great tool to test your knowledge.  WebGoat is a J2ee application designed to deploy to Tomcat.  The application contains numerous security holes and lessons dedicated to showing users (hands on) how to exploit them.  I highly recommend WebGoat and enjoyed going through the lessons.  You will need WebScarab for the advanced lessons.