A purposefully ugly, buggy and insecure web application built with Spring Boot, Java 8 and Spring Security for the first project of the MOOC Cyber Security Base with F‑Secure (http://mooc.fi/courses/2016/cybersecurity/)
It has the following security vulnerabilities:
- A3-Cross-Site Scripting (XSS)
- A4-Insecure Direct Object References
- A5-Security Misconfiguration
- A7-Missing Function Level Access Control
- A8-Cross-Site Request Forgery (CSRF)
References