Ideas for building vulnerabilities into your site?

I'm trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks.

The current idea I have is to build multiple vulnerabilities into the site - but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc.

Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge.

This will not be deployed on a public site - it's simply a learning tool for developers at my company. I'm not looking for MVC-specific vulnerabilities - I'm simply using MVC开发者_如何转开发 because it allows me to work with the 'raw' HTML.

Any ideas on the different vulnerabilities I can use?

You might want to take some inspiration from something similar from Google. They go through a number of types of vulnerability, and for each type explain how to exploit and prevent that kind of problem.

I suggest you go through the OWASP top ten and just do the opposite of each :)