Vicnum is an OWASP project consisting of vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross site scripting, sql injections, and session management issues.
Being small web applications, Vicnum applications can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed in evaluating a web security scanner or a web application firewall, you might want to control a target web application to see what the scanner can find and what the firewall can protect.
Ultimately the major goal of this project is to strengthen the security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it's OK to have a little fun.