This software intentionally includes numerous security vulnerabilities. Do not use this code unless you know what you are doing. You have been warned.
This is my course project for a cybersecurity course at the University of Helsinki. The assignment was to make a web application that includes at least six vulnerabilities on the OWASP Top 10 list. The course materials are available here.
This code is functional and fulfills the assignment criteria, but is not pretty. There are some wholly unnecessary files left over and the code could do with a major refactoring. And, of course, as per the nature of the assignment, it includes a lot of very bad business logic :)