diff --git a/main/project/WebContent/images/WebGoatFinancial/banklogo.jpg b/main/project/WebContent/images/WebGoatFinancial/banklogo.jpg
new file mode 100644
index 000000000..a76f481c4
Binary files /dev/null and b/main/project/WebContent/images/WebGoatFinancial/banklogo.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation.html b/main/project/WebContent/lesson_solutions/SessionFixation.html
new file mode 100644
index 000000000..74649b4e1
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SessionFixation.html
@@ -0,0 +1,120 @@
+
+
+
+
+Session Fixation
+
+
+
+
Lesson Plan Title: Session Fixation
+
+
Concept / Topic To Teach:
+How to steal a session with a 'Session Fixation'
+
+
+
How the attacks works:
+A user is recognized by the server by an unique
+Session ID. If a user has logged in and is authorized
+he does not have to reauhorize when he revisits the
+application as the user is recognized by the Session ID.
+ In some applications it is possible to deliver the Session
+ ID in the Get-Request. Here is where the attack starts.
+
+
An attacker can send a hyperlink to a
+ victim with a choosen Session ID. This can be
+ done for example by a phishing mail. If the victim
+ clicks on the link and loggs in he is authorized by the
+ Session ID the attacker has choosen. The attacker can visit
+ the page with the same ID and is recognized as the victim
+ and gets logged in without authorization.
+
+
General Goal(s):
+This lesson has several stages. You play the attacker but
+also the victim. After having done this lesson it should be
+ understood how a Session Fixation in general works. It should
+ be also understood that it is a bad idea to use the Get-Request
+ for Session IDs.
+
+
+
+
+Solution:
+This lesson has 4 stages. In stage 1 and 4 you are Hacker Joe
+in lesson 2 and 3 you are the victim Jane.
+
+
+Stage 1:
+You have to send a phishing mail to Jane with a link containing a Session ID.
+The mail is already prepared. You only have to alter the link so it includes
+a Session ID (SID). You can archive this by adding &SID=WHATEVER to
+the link. Of course can WHATEVER be replaced by any other string.
+The link should look similar to following:
+<a href=http://localhost/WebGoat/attack?Screen=46&menu=320&SID=WHATEVER>
+
+
+
+Image 1: Phishing Mail
+
+
+
+
+Stage 2:
+Now you are Jane which receives the mail you wrote in stage 1.
+Point with the mouse on the link and you will notice the
+SID in the status bar of your browser. This is the easiest
+stage as you have only to click on the link 'Goat Hills Financial'.
+
+
+
+Image 2: Received Phishing Mail
+
+
+
+
+
+Stage 3:
+You are on the login screen of Goat Financial Hills now. In
+the URL is the SID visible. All
+you have to do is to log in with your user name Jane
+and your password tarzan.
+
+
+
+Image 3: Goat Hills Financial Login Screen
+
+
+
+
+Stage 4:
+The application switches again to the hacker Joe.
+There is already a prepared link you have to click on
+to reach the Goat Hill Financial. In real life this
+would be different of course. You could directly put the URL
+in the address bar of your browser.
+
+
+After having clicked on the provied link you reach
+Goat Hill Financial. Take a look at the URL and
+you will see that your SID is NOVALIDSESSION.
+Change this string to the SID you have chosen
+at the beginning of this lesson and hit enter.
+
+
+Image 4: Browser Address Bar Before Changes
+
+
+Image 5: Browser Address Bar After Changes
+
+
+
+Congratulation! You are logged in as Jane
+and the lesson was successful.
+
+
+Image 6: Successful Completion Of The Lesson
+
+
+
+
+
+
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage1.png b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage1.png
new file mode 100644
index 000000000..feb782736
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage1.png differ
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage2.png b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage2.png
new file mode 100644
index 000000000..002ceece2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage2.png differ
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage3.png b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage3.png
new file mode 100644
index 000000000..d7c056258
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage3.png differ
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage4_1.png b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage4_1.png
new file mode 100644
index 000000000..a905298d0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage4_1.png differ
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage4_2.png b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage4_2.png
new file mode 100644
index 000000000..c0579ce8f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_stage4_2.png differ
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_success.png b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_success.png
new file mode 100644
index 000000000..a3edf2e13
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SessionFixation_files/sf_success.png differ
