Secondly, as a Ruby's developer I really enjoy the courses provided by Peepcode. However, I don't think screencasts will fit the pentest learning process. From my experience, most people need hands on experience to learn (how many times I heard: "it looks easy when you explain, but there is so many little details you need to remember"). The best way to learn is to test and reproduce. To do that you need access to the application for as long as you need without any stress, and that's why having a virtual system is the best option.
Thirdly, I don't believe in learning penetration testing with an application with thousands of bugs... It just doesn't represent real life pentesting. Most of the time, penetration testing is in the details (like the devil).
Finally, most online Security training are too expensive and we wanted to provide something students can afford.
That's why we created PentesterLab :D
- PHP Include And Post Exploitation exercise;
- An enterprise license with full access on a per year basis (as soon as 5 exercises are available);
- ... a lot more to come :D
Hit me up if you have any questions, suggestions, opinions :)