2 very similar web application in java : 1 will be considered safe using the Top 10 OWASP vulnerabilities (https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet) and the other one will essentially be the same as the first, but with these 10 vulnerabilities left exploitable.