OWASP's BWA and sql injection notes
Mutillae has a great SQLMAP target on it. I have been using owasp’s bwa vm to work on more web apps.
websec’s writeup on sql injection filtering has been helping a lot with filtering evasion.
Written on November 14, 2014