Greetings all. I'm on a bit of a mission to understand software security better, in a Java environment. My particular focus right now is to try to find--and understand--real examples of how code fails in practice. I've read extensive stuff about "don't do this" on a bunch of topics, and I've looked at a number of resources (e.g. metasploit) that would potentially show me how to *perform* an attack (with the goal of penetration testing one's own software, one hopes!) but what I'd really like to see now is examples of how real code has actually failed. E.g. how did the struts code permit remote code execution? I'm hoping some of you might be able to point me at such resources, either individual case studies, or perhaps whole data sets, that describe some of these.
I will add that I already found the OWASP web goat, and am trying to get into that. But I am hoping for specific, described, examples of real failures "in the wild", ideally (for impact's sake) associated with known dramatic breaches (Equifax, anyone?!)