[Note: This post is just a brainstorm session. I apologize for the run-on sentences and possibly confusing flow, but I wanted to just pour out my ideas in the exact manner in which I think.]
I've been working on a number of Perl scripts for competition-based hack and defend scenarios. Scripts that lock users out, watch for un-authorized users to a system, etc. I can keep doing that, but I need a more detailed project.
I need to improve my PHP skills. I'm thinking about a vulnerable web app that teaches exploitation. That way it will help me, since I need to code the site and purposefully add vulnerabilities, and then I can secure it with a WAF when I'm done. But Damn Vulnerable Web App already exists. But it's not that detailed, only a few pages and very basic exploits. I'm thinking of something that can be more of a learning experience, something with step-by-step walkthroughs and demos of exploitable security flaws. It should also show the code/techniques necessary to protect against that vulnerability as well. I like this idea.
I'm trying to think of other ideas, but I keep coming back to a vulnerable web app / tutorial / teaching guide. There really needs to be a good, solid guide to web application vulnerabilities that lets the user see exactly what is happening. I think I'm going to run with this. To the drawing board!