"Hacme Casino is an online casino, built with Ruby on Rails, with plenty of AJAX functionality. It has security vulnerabilities baked- in, and is meant to help educate developers and testers about web application security in the context of new technologies.

If you are interested in the security aspects Ruby on Rails and AJAX, give Hacme Casino a try. Its a completely self-contained Ruby W EBrick server and Rails application in a simple exe.

Vulnerabilities:
Blind SQL Injection
Cross-Site Request Forgery
Improper Session Management
Good, old fashioned cheating!"

Download Link: http://www.foundstone.com/resources/proddesc/hacmecasino.htm