Damn Vulnerable Linux (DVL) is a a special distribution of Linux that is designed to be used by computer security students to learn about exploiting vulnerabilities. According to their website:
"Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop - it's a learning tool for security students."
Its a very interesting idea, and one I wish I the time to really delve deeply into. I feel the same way about web application security: the best way to improve your security is to attack the system, and these attacks will often include exploiting known vulnerabilities in the operating system, databases, and interpreters that your web application runs on top of.
For more information on DVL: http://www.damnvulnerablelinux.org/
Updated 2021 : note that the above post was originally published in 2010, but is left here for archival purposes. Sadly Damn Vulnerable Linux has been discontinued, so I have unlinked their dead homepage.