This webapp is used to demonstrate bypassing of authentication by reusing a SESSION ID.
To demonstrate web parameter changing to reduce price of items.
To demonstrate changing cookie parameter to authenticate a user as admin.
A 2FA based web app which could be manipulated to authorise attacker as any other user.
This web app have implementation of mitigation method to detect session fixation, session hijacking and broken authentication attacks.