The idea of creating web applications with intentional vulnerabilities is nothing new. It seems that everyone created at least one such application around the turn of the millennium. The problem is, most of those applications haven't been updated since then. In addition to being dated, these applications are largely closed source, can be complicated to set up, and often conflict with one another. In an effort to address these issues, this talk will describe a new infrastructure for creating and running a variety of open source, vulnerable web applications that all co-exist on a single virtual machine.