If you want to delve deeper into O2's world I would say that your first step is to replicate the BlackBox and WhiteBox examples that I have already created and published with O2 (check out the Demo's Tab in the main GUI).
Some pointers:
- If you are on a 32bit box, I would recommend that you use the latest version of O2 (which is only available via the ClickOnce install ) since it as a ton of new features
- Install HacmeBank and WebGoat locally
- Write a BlackBox script to exploit an SQL Injection in HacmeBank and an XSS in WebGoat
- From HacmeBank's Source Code, build its MethodStreams and find the SQL Injections on the WebServices, and connect the WebLayer with the WebServices Layer
- Transform the above scripts in Unit tests
- Create a document with your experiments containing tons of screenshots about it
- Create a video with your experiments (and publish it, or send it to me)
If you have any issues, join the O2 Platform mailing list and ask a question.
There is also an Amazon EC2 image that I have with O2 fully configured which I can give you access if you ping me directly