broken.net
This is a crappy implementation of some web vulnerabilites that demonstrate poor coding practices
Broken Authentication and Session Management
Insecure Direct Object Reference / Broken Access Control
CrossSiteRequest Forgery
CrossSiteScripting
Deserialization
FileUpload and PathTraversal
OS-Command-Injection
SQL-Injection
XXE
Server Side Template Injection
Open Redirects
WebHeaders