About this training target

This application is an intentionally-vulnerable ASP.NET Framework 4.8 web app used for penetration-testing practice. It is not a real helpdesk, not a reference implementation, and the code patterns inside are deliberately wrong.

Scope

• All ticket content, attachments, and audit entries are synthetic.
• Every CRUD seam intentionally hosts at least one OWASP Top 10 vulnerability.
• There are no CTF flag files. Success is demonstrating impact.

See TRAINING-TARGET.md and SECURITY.md in the repository root.