The OWASP Juice Shop is an amazing resource for both developers and folks working in application security (or those interested in learning application security!). It is easy to run. You can run it in Heroku at the click of a button. Or you can build from source or run in a Docker container. Remember that it is a vulnerable application though!
Once you have it running, you can use an open book Pwning OWASP Juice Shop to learn more about the exercises or setting it up for training.
The platform includes a ton of challenges from SQL Injection, to XSS to Privilege Escalation and Business Logic Abuse. Many of the challenges can be completed with just browser developer tools!
Huge kudos to the Juice Shop team and particularly Bjoern Kimminich for building such an awesome tool and bringing so much energy to the process!