Lets Start with building an attacker-victim LAB   :)

For Building an Attacker-Victim Lab;  Part I

1.you will need a good pc or server (I have HP proliant server with 8gb memory and 1.5 tb with Raid)

2. Virtualization Miracle (vmware,hyper-v,zen, ....whatever)

3. And start creating with your virtual machines : xp, win server 2003/2008, linux (back track preferred,and other ubuntu ,etc) because we will install IIS and also Apache server as our victims.

You should at least 5 virtual machines 1.Backtrack attacker (or 1 xp pro/win 7 as attacker, or both preferred), 2. a win server 2003 and/or 2008, 3. another linux (ubuntu for apache server) ...etc.

4. Download SQL Express from here. (and also learn MySql / Oracle also)

5. Download:  Burp, WebInspect, paros proxy, IBM AppScan,  Hp Scrawlr, Netsparker, Acunetix  and other fire fox add-ons such web developer, Tamper Data, Fiddler, HttpWatch, IEWatch, and important thing download and review their documentations /tutorials.