This website is provided by troyhunt.com as part of the Pluralsight course Hack Yourself First: How to go on the cyber-offence. It's full of nasty app sec holes. No seriously, it's terrible!
This course is designed to help web developers on all frameworks identify risks in their own websites before attackers do and it uses this site extensively to demonstrate risks. Feel free to browse through this site and go watch the course if you'd like to see both the risks and mitigations in action. Note: The underlying database will be frequently re-built.
Hint: There are 50 very sloppy security practices to be found!