For reference, there are a lot of platforms to play for free with security preventive tools and techniques as well as vulnerabilities. OWASPs Juice Shop gives lets you play with the Top 10 OWASP risks. PwnAdventure lets you test your skills in hacking games.
CTFd is a Capture The Flag (CTF) framework that guides you in how to set it all up.
And then you have the common cloud platforms, AWS, Azure, Google Cloud, DigitalOcean etc. to easily set up and test security features on easy-to-deploy infrastructures, platforms and/or applications. Have to mention Heroku, a platform for apps, including Juice Shop as just mentioned.