Because I don't really want to increase my IDS points (currently 15000) at NIST, I have to setup a website for doing my web apps scanners evaluation on a local network. It's pretty annoying because I could not test some tools such as AppScan or WebInspect since I only have the trial version.

Anyway, I try to make a website with a variable degree of security from the weakest to the more realistic one. I also use AJAX on limited parts to see how tools can handle this...

By the way, I will need to read lots of papers, forums, techniques about "how to avoid the vulnerability v"... I mean efficient techniques.