WebMaven

WebMaven (better known as Buggy Bank) was an interactive learning environment for web application security. It emulated various security flaws for the user to find. This enabled users to safely & legally practice web application vulnerability assessment techniques. In addition, users could benchmark their security audit tools to ensure they perform as advertised.

"Give a man an audit and he will be secure for a day. Teach a man to audit and he will be secure for the rest of his life."
- David Rhoades

The original code for WebMaven was developed by David Rhoades of Maven Security, and was released under GPL. WebMaven was the original OWASP WebGoat (v1), but has since been replaced by vastly superior code.
WebMaven has not been updated for several years, and is therefore no longer available for download at Source Forge.
We strongly recommend you try the current OWASP WebGoat or Foundstone’s Hacme Series (Hacme Books and Hacme Casino are very easy to install).

Our Web Security Dojo has WebGoat, Hacme Casino, and many other useful targets and security tools installed, and is the spiritual successor of WebMaven.

However, if for some odd reason you are still interested in trying WebMaven (e.g. nostalgic reasons) it can be downloaded here (v1.01 with install and user guides).
It should work on Apache for Windows and Xitami for Windows (and possibly Xitami for UNIX). Some people have claimed to get it working on Apache for UNIX but the exact install instructions are not documented yet.