As part of the exercises for my 50.020 Security class, we needed a simple setup to test XSS, SQL injection, and command injection attacks. Instead of using solutions such as the standard OWASP webserver, this year I decided to write my own minimal application  (using Python/Flask) which I called YAVW.  Using Flask resulted in a very small codebase, which should be easier to understand for students. In case this is useful for others, I made it public here.