After my post the other day about SQL injection I found the Might Seek website’s podcast for hands-on SQL Injection, which guides you through the process many hackers will take to gain information about users and ultimately get admin access to a website. A unique aspect to about this tutorial is that the author has set up a website that he invites you to hack whilst you listen.
He’s also compiled a great list of web application hacking tools.