From 243f8ca360b51ce4449659bef5b06d3a038d3abf Mon Sep 17 00:00:00 2001
From: mayhew64 <mayhew64@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Tue, 22 Apr 2008 15:34:54 +0000
Subject: [PATCH] Minor fixes removed many System.out.printlns delete extra
 solutions directory - wrong location added 5.2 credits

git-svn-id: http://webgoat.googlecode.com/svn/trunk@344 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../webgoat/lessons/BlindSqlInjection.java    |  6 +--
 .../webgoat/lessons/Challenge2Screen.java     |  2 +-
 .../Lab XSS/Lab Block Reflected XSS.html      | 10 ----
 ...ock Stored XSS using Input Validation.html | 46 -------------------
 ...lock Stored XSS using Output Encoding.html | 26 -----------
 .../Lab XSS/Lab Reflected XSS.html            | 11 -----
 .../Lab XSS/Lab Stored XSS Revisited.html     | 27 -----------
 .../Lab XSS/Lab Stored XSS.html               | 31 -------------
 .../webgoat/lessons/ConcurrencyCart.java      |  2 +-
 .../CrossSiteScripting.java                   | 12 ++---
 .../CrossSiteScripting/FindProfile.java       |  4 +-
 .../CrossSiteScripting/UpdateProfile.java     |  4 +-
 .../DBCrossSiteScripting.java                 | 10 ++--
 .../DBCrossSiteScripting/UpdateProfile.java   |  4 +-
 .../DBSQLInjection/DBSQLInjection.java        | 10 ++--
 .../webgoat/lessons/DBSQLInjection/Login.java |  4 +-
 .../GoatHillsFinancial/DeleteProfile.java     |  4 +-
 .../GoatHillsFinancial/FindProfile.java       |  4 +-
 .../GoatHillsFinancial.java                   | 10 ++--
 .../lessons/GoatHillsFinancial/Login.java     |  4 +-
 .../lessons/GoatHillsFinancial/Logout.java    |  4 +-
 .../GoatHillsFinancial/UpdateProfile.java     |  4 +-
 .../webgoat/lessons/MultiLevelLogin2.java     |  2 +-
 .../RoleBasedAccessControl/DeleteProfile.java |  4 +-
 .../RoleBasedAccessControl.java               | 20 ++++----
 .../RoleBasedAccessControl/UpdateProfile.java |  4 +-
 .../webgoat/lessons/SQLInjection/Login.java   |  4 +-
 .../lessons/SQLInjection/SQLInjection.java    | 10 ++--
 .../lessons/SQLInjection/ViewProfile.java     |  2 +-
 .../lessons/SameOriginPolicyProtection.java   |  4 +-
 .../lessons/SequentialLessonAdapter.java      |  2 +-
 .../webgoat/lessons/SessionFixation.java      |  4 +-
 .../webgoat/lessons/SqlNumericInjection.java  |  2 +-
 .../webgoat/lessons/SqlStringInjection.java   |  2 +-
 .../webgoat/lessons/ThreadSafetyProblem.java  |  2 +-
 .../RoleBasedAccessControl_i.java             |  8 ++--
 webgoat/main/project/build.xml                |  2 +-
 37 files changed, 80 insertions(+), 231 deletions(-)
 delete mode 100644 webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Reflected XSS.html
 delete mode 100644 webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Input Validation.html
 delete mode 100644 webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Output Encoding.html
 delete mode 100644 webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Reflected XSS.html
 delete mode 100644 webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS Revisited.html
 delete mode 100644 webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS.html

diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
index 80c3deb61..121c12144 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
@@ -89,8 +89,8 @@ public class BlindSqlInjection extends LessonAdapter
 																		ResultSet.CONCUR_READ_ONLY);
 				ResultSet answer_results = answer_statement.executeQuery(answer_query);
 				answer_results.first();
-				System.out.println("Account: " + accountNumber);
-				System.out.println("Answer : " + answer_results.getString(1));
+				//System.out.println("Account: " + accountNumber);
+				//System.out.println("Answer : " + answer_results.getString(1));
 				if (accountNumber.toString().equals(answer_results.getString(1)))
 				{
 					makeSuccess(s);
@@ -233,7 +233,7 @@ public class BlindSqlInjection extends LessonAdapter
 			super.handleRequest(s);
 		} catch (Exception e)
 		{
-			System.out.println("Exception caught: " + e);
+			//System.out.println("Exception caught: " + e);
 			e.printStackTrace(System.out);
 		}
 	}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
index 185432bb0..23e650d92 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
@@ -721,7 +721,7 @@ public class Challenge2Screen extends SequentialLessonAdapter
 			osw.write(message);
 		} catch (Exception e)
 		{
-			System.out.println("Couldn't write " + message + " to " + s);
+			//System.out.println("Couldn't write " + message + " to " + s);
 			e.printStackTrace();
 		}
 	}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Reflected XSS.html b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Reflected XSS.html
deleted file mode 100644
index 652044954..000000000
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Reflected XSS.html	
+++ /dev/null
@@ -1,10 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Insert title here</title>
-</head>
-<body>
-stub stage 6
-</body>
-</html>
\ No newline at end of file
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Input Validation.html b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Input Validation.html
deleted file mode 100644
index 5e30990d2..000000000
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Input Validation.html	
+++ /dev/null
@@ -1,46 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Solution Lab Block Stored XSS</title>
-<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
-</head>
-<body>
-<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
-
-<p><b>Concept / Topic To Teach:</b><br/>
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-</p> 
-
-<p><b>General Goal(s):</b><br/>
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks. 
-</p>
-
-<p><b>Solution:</b><br/>
-You have to alter the method parseEmployeeProfile in the class UpdateProfile.java which is
-placed in the package org.owasp.webgoat.lessons.CrossSiteScripting<br/>
-The place to Code is marked! Following Code will work:<br/>
-</p>
-<p>
-<code>	
-/**Your code**/<br/>
-String regex = "[\\s\\w-,]*";<br/>
-String stringToValidate = firstName+lastName+ssn+title+phone+address1+address2+<br/>startDate+ccn+disciplinaryActionDate+<br/>disciplinaryActionNotes+personalDescription;<br/>
-Pattern pattern = Pattern.compile(regex);<br/>
-validate(stringToValidate, pattern);<br/>
-/**End of your code**/
-</code>
-</p>
-<p>
-This Validation allows following:<br>
-\s = whitspace: \t\n\x0B\f\r<br>
-\w = word: a-zA-Z_0-9<br>
-and the characters - and ,
-</p>
-<p>
-Use of any other Character will throw a Validation Exception.
-</p>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Output Encoding.html b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Output Encoding.html
deleted file mode 100644
index fc795aac1..000000000
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Block Stored XSS using Output Encoding.html	
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Solution Lab Block Stored XSS</title>
-<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
-</head>
-<body>
-<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
-
-<p><b>Concept / Topic To Teach:</b><br/>
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-</p> 
-
-<p><b>General Goal(s):</b><br/>
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks. 
-</p>
-
-<p><b>Solution:</b><br/>
-You have to use a static method called encode(String s) which is part of the class org.owasp.webgoat.util.HtmlEncoder;
-<p>This method changes all special characters in the string. Now you have to use this method in the getEmployeeProfile method in the org.owasp.webgoat.lessons.CrossSiteScripting class. 
-Replace all answer_results.getString(someString) with HtmlEncoder.encode(answer_results.getString(someString)) and you are done.</p>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Reflected XSS.html b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Reflected XSS.html
deleted file mode 100644
index 417b51164..000000000
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Reflected XSS.html	
+++ /dev/null
@@ -1,11 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Insert title here</title>
-</head>
-<body>
-stub stage5
-
-</body>
-</html>
\ No newline at end of file
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS Revisited.html b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS Revisited.html
deleted file mode 100644
index 7b60f64f6..000000000
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS Revisited.html	
+++ /dev/null
@@ -1,27 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Solution Lab Block Stored XSS</title>
-<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
-</head>
-<body>
-<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
-
-<p><b>Concept / Topic To Teach:</b><br/>
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-</p> 
-
-<p><b>General Goal(s):</b><br/>
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks. 
-</p>
-
-<p><b>Solution:</b><br/>
-Log in as David with david as password. Choose Bruce from the List and click
-on the 'ViewProfile' Button. 
-
-</p>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS.html b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS.html
deleted file mode 100644
index 15fa67743..000000000
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/Lab XSS/Lab Stored XSS.html	
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Solution Lab Block Stored XSS</title>
-<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
-</head>
-<body>
-<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
-
-<p><b>Concept / Topic To Teach:</b><br/>
-It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
-XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
-</p> 
-
-<p><b>General Goal(s):</b><br/>
-For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks. 
-</p>
-
-<p><b>Solution:</b><br/>
-First Login as Tom with tom as password. Select Tom from the list and click on the View Profile Button.
-Now should appear Tom's Profile. Click on the 'Edit Profile' Button and try an XSS attack on the street filed.<br/>
-For example: &lt;script&gt;alert("Got Ya");&lt;/script&gt;<br/>
-Click on the UpdateProfile Button and Log out.</p><p>
-Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the 
-ViewProfile Button. Congratulation! You have completed the lesson.
-
-</p>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java
index 67d78e19c..c3bbdf763 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java
@@ -137,7 +137,7 @@ public class ConcurrencyCart extends LessonAdapter
 
 		} catch (ParameterNotFoundException pnfe)
 		{
-			System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage");
+			//System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage");
 			ec = createShoppingPage(s, quantity1, quantity2, quantity3, quantity4);
 		}
 
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
index 9d75b7d18..1260b13b0 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
@@ -113,7 +113,7 @@ public class CrossSiteScripting extends GoatHillsFinancial
 
 		try
 		{
-			System.out.println("Solution: " + getLessonSolutionFileName(s));
+			//System.out.println("Solution: " + getLessonSolutionFileName(s));
 			src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false);
 		} catch (IOException e)
 		{
@@ -258,28 +258,28 @@ public class CrossSiteScripting extends GoatHillsFinancial
 				}
 			} catch (ParameterNotFoundException pnfe)
 			{
-				System.out.println("Missing parameter");
+				//System.out.println("Missing parameter");
 				pnfe.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (ValidationException ve)
 			{
-				System.out.println("Validation failed");
+				//System.out.println("Validation failed");
 				ve.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (UnauthenticatedException ue)
 			{
 				s.setMessage("Login failed");
-				System.out.println("Authentication failure");
+				//System.out.println("Authentication failure");
 				ue.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
 				s.setMessage("You are not authorized to perform this function");
-				System.out.println("Authorization failure");
+				//System.out.println("Authorization failure");
 				ue2.printStackTrace();
 			} catch (Exception e)
 			{
 				// All other errors send the user to the generic error page
-				System.out.println("handleRequest() error");
+				//System.out.println("handleRequest() error");
 				e.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
index badaacec0..9623c28e1 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
@@ -104,11 +104,11 @@ public class FindProfile extends DefaultLessonAction
 					chainedAction.handleRequest(s);
 				} catch (UnauthenticatedException ue1)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue1.printStackTrace();
 				} catch (UnauthorizedException ue2)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue2.printStackTrace();
 				}
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
index 4997bcc91..330af3a85 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
@@ -94,11 +94,11 @@ public class UpdateProfile extends DefaultLessonAction
 				chainedAction.handleRequest(s);
 			} catch (UnauthenticatedException ue1)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue1.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue2.printStackTrace();
 			}
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
index 1a935639a..acb8d5d41 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
@@ -186,28 +186,28 @@ public class DBCrossSiteScripting extends GoatHillsFinancial
 				}
 			} catch (ParameterNotFoundException pnfe)
 			{
-				System.out.println("Missing parameter");
+				//System.out.println("Missing parameter");
 				pnfe.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (ValidationException ve)
 			{
-				System.out.println("Validation failed");
+				//System.out.println("Validation failed");
 				ve.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (UnauthenticatedException ue)
 			{
 				s.setMessage("Login failed");
-				System.out.println("Authentication failure");
+				//System.out.println("Authentication failure");
 				ue.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
 				s.setMessage("You are not authorized to perform this function");
-				System.out.println("Authorization failure");
+				//System.out.println("Authorization failure");
 				ue2.printStackTrace();
 			} catch (Exception e)
 			{
 				// All other errors send the user to the generic error page
-				System.out.println("handleRequest() error");
+				//System.out.println("handleRequest() error");
 				e.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
index 087eaa05a..58ea7f458 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
@@ -129,11 +129,11 @@ public class UpdateProfile extends DefaultLessonAction
 				chainedAction.handleRequest(s);
 			} catch (UnauthenticatedException ue1)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue1.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue2.printStackTrace();
 			}
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
index 287be6ce2..620c74cd1 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
@@ -187,28 +187,28 @@ public class DBSQLInjection extends GoatHillsFinancial
 					setCurrentAction(s, ERROR_ACTION);
 			} catch (ParameterNotFoundException pnfe)
 			{
-				System.out.println("Missing parameter");
+				//System.out.println("Missing parameter");
 				pnfe.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (ValidationException ve)
 			{
-				System.out.println("Validation failed");
+				//System.out.println("Validation failed");
 				ve.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (UnauthenticatedException ue)
 			{
 				s.setMessage("Login failed");
-				System.out.println("Authentication failure");
+				//System.out.println("Authentication failure");
 				ue.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
 				s.setMessage("You are not authorized to perform this function");
-				System.out.println("Authorization failure");
+				//System.out.println("Authorization failure");
 				ue2.printStackTrace();
 			} catch (Exception e)
 			{
 				// All other errors send the user to the generic error page
-				System.out.println("handleRequest() error");
+				//System.out.println("handleRequest() error");
 				e.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java
index 1bcabcb76..5644c59ec 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java
@@ -82,11 +82,11 @@ public class Login extends DefaultLessonAction
 					chainedAction.handleRequest(s);
 				} catch (UnauthenticatedException ue1)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue1.printStackTrace();
 				} catch (UnauthorizedException ue2)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue2.printStackTrace();
 				}
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
index 81799d83b..b65910af8 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
@@ -66,11 +66,11 @@ public class DeleteProfile extends DefaultLessonAction
 				chainedAction.handleRequest(s);
 			} catch (UnauthenticatedException ue1)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue1.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue2.printStackTrace();
 			}
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
index 5adb844eb..f2384907f 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
@@ -69,11 +69,11 @@ public class FindProfile extends DefaultLessonAction
 					chainedAction.handleRequest(s);
 				} catch (UnauthenticatedException ue1)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue1.printStackTrace();
 				} catch (UnauthorizedException ue2)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue2.printStackTrace();
 				}
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
index 43ad810e4..4210cc839 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
@@ -220,29 +220,29 @@ public class GoatHillsFinancial extends RandomLessonAdapter
 			}
 		} catch (ParameterNotFoundException pnfe)
 		{
-			System.out.println("Missing parameter");
+			//System.out.println("Missing parameter");
 			pnfe.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);
 		} catch (ValidationException ve)
 		{
-			System.out.println("Validation failed");
+			//System.out.println("Validation failed");
 			ve.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);
 		} catch (UnauthenticatedException ue)
 		{
 			s.setMessage("Login failed");
-			System.out.println("Authentication failure");
+			//System.out.println("Authentication failure");
 			ue.printStackTrace();
 		} catch (UnauthorizedException ue2)
 		{
 			s.setMessage("You are not authorized to perform this function");
-			System.out.println("Authorization failure");
+			//System.out.println("Authorization failure");
 			setCurrentAction(s, ERROR_ACTION);
 			ue2.printStackTrace();
 		} catch (Exception e)
 		{
 			// All other errors send the user to the generic error page
-			System.out.println("handleRequest() error");
+			//System.out.println("handleRequest() error");
 			e.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
index 96834fb08..2eb89d8dc 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
@@ -75,11 +75,11 @@ public class Login extends DefaultLessonAction
 					chainedAction.handleRequest(s);
 				} catch (UnauthenticatedException ue1)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue1.printStackTrace();
 				} catch (UnauthorizedException ue2)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue2.printStackTrace();
 				}
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
index 3e155d5fa..7d877a902 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
@@ -58,11 +58,11 @@ public class Logout extends DefaultLessonAction
 			chainedAction.handleRequest(s);
 		} catch (UnauthenticatedException ue1)
 		{
-			System.out.println("Internal server error");
+			//System.out.println("Internal server error");
 			ue1.printStackTrace();
 		} catch (UnauthorizedException ue2)
 		{
-			System.out.println("Internal server error");
+			//System.out.println("Internal server error");
 			ue2.printStackTrace();
 		}
 
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
index c4f0e3bbf..740f68722 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
@@ -94,11 +94,11 @@ public class UpdateProfile extends DefaultLessonAction
 				chainedAction.handleRequest(s);
 			} catch (UnauthenticatedException ue1)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue1.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue2.printStackTrace();
 			}
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
index d677844cd..de25f93bd 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
@@ -678,7 +678,7 @@ public class MultiLevelLogin2 extends LessonAdapter
 
 			if ((results != null) && (results.first() == true))
 			{
-				System.out.println(results.getString("tanValue"));
+				//System.out.println(results.getString("tanValue"));
 				return results.getString("tanValue");
 
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java
index 9550f533e..a46a7a3d7 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java
@@ -69,11 +69,11 @@ public class DeleteProfile extends DefaultLessonAction
 				chainedAction.handleRequest(s);
 			} catch (UnauthenticatedException ue1)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue1.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue2.printStackTrace();
 			}
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
index 89b759460..829437264 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@@ -250,18 +250,18 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 				setCurrentAction(s, ERROR_ACTION);
 		} catch (ParameterNotFoundException pnfe)
 		{
-			System.out.println("Missing parameter");
+			//System.out.println("Missing parameter");
 			pnfe.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);
 		} catch (ValidationException ve)
 		{
-			System.out.println("Validation failed");
+			//System.out.println("Validation failed");
 			ve.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);
 		} catch (UnauthenticatedException ue)
 		{
 			s.setMessage("Login failed");
-			System.out.println("Authentication failure");
+			//System.out.println("Authentication failure");
 			ue.printStackTrace();
 		} catch (UnauthorizedException ue2)
 		{
@@ -306,13 +306,13 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 				}
 			}
 
-			System.out.println("Authorization failure");
+			//System.out.println("Authorization failure");
 			setCurrentAction(s, ERROR_ACTION);
 			ue2.printStackTrace();
 		} catch (Exception e)
 		{
 			// All other errors send the user to the generic error page
-			System.out.println("handleRequest() error");
+			//System.out.println("handleRequest() error");
 			e.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);
 		}
@@ -377,18 +377,18 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 					setCurrentAction(s, ERROR_ACTION);
 			} catch (ParameterNotFoundException pnfe)
 			{
-				System.out.println("Missing parameter");
+				//System.out.println("Missing parameter");
 				pnfe.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (ValidationException ve)
 			{
-				System.out.println("Validation failed");
+				//System.out.println("Validation failed");
 				ve.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (UnauthenticatedException ue)
 			{
 				s.setMessage("Login failed");
-				System.out.println("Authentication failure");
+				//System.out.println("Authentication failure");
 				ue.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
@@ -432,13 +432,13 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 				}
 
 				s.setMessage("You are not authorized to perform this function");
-				System.out.println("Authorization failure");
+				//System.out.println("Authorization failure");
 				setCurrentAction(s, ERROR_ACTION);
 				ue2.printStackTrace();
 			} catch (Exception e)
 			{
 				// All other errors send the user to the generic error page
-				System.out.println("handleRequest() error");
+				//System.out.println("handleRequest() error");
 				e.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java
index 56b805267..365a9fea1 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java
@@ -98,11 +98,11 @@ public class UpdateProfile extends DefaultLessonAction
 				chainedAction.handleRequest(s);
 			} catch (UnauthenticatedException ue1)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue1.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
-				System.out.println("Internal server error");
+				//System.out.println("Internal server error");
 				ue2.printStackTrace();
 			}
 		}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
index a6acb8f78..a3b139549 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
@@ -82,11 +82,11 @@ public class Login extends DefaultLessonAction
 					chainedAction.handleRequest(s);
 				} catch (UnauthenticatedException ue1)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue1.printStackTrace();
 				} catch (UnauthorizedException ue2)
 				{
-					System.out.println("Internal server error");
+					//System.out.println("Internal server error");
 					ue2.printStackTrace();
 				}
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
index 3e35123ac..97debc15f 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@@ -203,28 +203,28 @@ public class SQLInjection extends GoatHillsFinancial
 					setCurrentAction(s, ERROR_ACTION);
 			} catch (ParameterNotFoundException pnfe)
 			{
-				System.out.println("Missing parameter");
+				//System.out.println("Missing parameter");
 				pnfe.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (ValidationException ve)
 			{
-				System.out.println("Validation failed");
+				//System.out.println("Validation failed");
 				ve.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			} catch (UnauthenticatedException ue)
 			{
 				s.setMessage("Login failed");
-				System.out.println("Authentication failure");
+				//System.out.println("Authentication failure");
 				ue.printStackTrace();
 			} catch (UnauthorizedException ue2)
 			{
 				s.setMessage("You are not authorized to perform this function");
-				System.out.println("Authorization failure");
+				//System.out.println("Authorization failure");
 				ue2.printStackTrace();
 			} catch (Exception e)
 			{
 				// All other errors send the user to the generic error page
-				System.out.println("handleRequest() error");
+				//System.out.println("handleRequest() error");
 				e.printStackTrace();
 				setCurrentAction(s, ERROR_ACTION);
 			}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
index 9cd13499b..d68603934 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
@@ -117,7 +117,7 @@ public class ViewProfile extends DefaultLessonAction
 									.getInt("salary"), answer_results.getString("ccn"), answer_results
 									.getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
 									.getString("disciplined_notes"), answer_results.getString("personal_description"));
-					System.out.println("Profile: " + profile);
+					//System.out.println("Profile: " + profile);
 					/*
 					 * System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " +
 					 * profile.getLastName() + " (" + profile.getId() + ")");
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java
index 70f720b96..a712f1b98 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java
@@ -111,8 +111,8 @@ public class SameOriginPolicyProtection extends LessonAdapter
 		int hiddenWGStatusInt = s.getParser().getIntParameter("hiddenWGStatus", 0);
 		int hiddenGoogleStatusInt = s.getParser().getIntParameter("hiddenGoogleStatus", 0);
 
-		System.out.println("hiddenWGStatus:" + hiddenWGStatusInt);
-		System.out.println("hiddenGoogleStatusInt:" + hiddenGoogleStatusInt);
+		//System.out.println("hiddenWGStatus:" + hiddenWGStatusInt);
+		//System.out.println("hiddenGoogleStatusInt:" + hiddenGoogleStatusInt);
 
 		if (hiddenWGStatusInt == 1 && hiddenGoogleStatusInt == 1)
 		{
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java
index 70dbe1b7b..f5e7e4850 100755
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java
@@ -86,7 +86,7 @@ public abstract class SequentialLessonAdapter extends LessonAdapter
 		} catch (Exception e)
 		{
 			s.setMessage("Error generating " + this.getClass().getName());
-			System.out.println(e);
+			//System.out.println(e);
 			e.printStackTrace();
 		}
 
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
index 1c567591f..74305ed19 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
@@ -127,7 +127,7 @@ public class SessionFixation extends SequentialLessonAdapter
 
 			if (sid.equals("NOVALIDSESSION"))
 			{
-				System.out.println("STAGE 5");
+				//System.out.println("STAGE 5");
 				getLessonTracker(s).setStage(5);
 			}
 					
@@ -213,7 +213,7 @@ public class SessionFixation extends SequentialLessonAdapter
 	@Override
 	protected Element doStage5(WebSession s) throws Exception
 	{
-		System.out.println("Doing stage 5");
+		//System.out.println("Doing stage 5");
 		return createStage5Content(s);
 	}
 	
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
index 6e9185834..d29fb0222 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
@@ -344,7 +344,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 			super.handleRequest(s);
 		} catch (Exception e)
 		{
-			System.out.println("Exception caught: " + e);
+			//System.out.println("Exception caught: " + e);
 			e.printStackTrace(System.out);
 		}
 	}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
index 3dd1fd325..7f71b57ea 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
@@ -273,7 +273,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
 			super.handleRequest(s);
 		} catch (Exception e)
 		{
-			System.out.println("Exception caught: " + e);
+			//System.out.println("Exception caught: " + e);
 			e.printStackTrace(System.out);
 		}
 	}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
index 01d77415d..a61d3cb8e 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
@@ -189,7 +189,7 @@ public class ThreadSafetyProblem extends LessonAdapter
 			super.handleRequest(s);
 		} catch (Exception e)
 		{
-			System.out.println("Exception caught: " + e);
+			//System.out.println("Exception caught: " + e);
 			e.printStackTrace(System.out);
 		}
 	}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java
index eb3b0fc15..d594975f0 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java
@@ -109,20 +109,20 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl
 		}
 		catch (ParameterNotFoundException pnfe)
 		{
-			System.out.println("Missing parameter");
+			//System.out.println("Missing parameter");
 			pnfe.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);												
 		}
 		catch (ValidationException ve)
 		{
-			System.out.println("Validation failed");
+			//System.out.println("Validation failed");
 			ve.printStackTrace();
 			setCurrentAction(s, ERROR_ACTION);												
 		}
 		catch (UnauthenticatedException ue)
 		{
 			s.setMessage("Login failed");
-			System.out.println("Authentication failure");
+			//System.out.println("Authentication failure");
 			ue.printStackTrace();
 		}
 		catch (UnauthorizedException ue2)
@@ -168,7 +168,7 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl
 			}
 			
 		    s.setMessage("You are not authorized to perform this function");
-		    System.out.println("Authorization failure");
+		    // System.out.println("Authorization failure");
 		    setCurrentAction(s, ERROR_ACTION);
 		    ue2.printStackTrace();
 		}
diff --git a/webgoat/main/project/build.xml b/webgoat/main/project/build.xml
index aed0f44c6..f9a9261e7 100644
--- a/webgoat/main/project/build.xml
+++ b/webgoat/main/project/build.xml
@@ -74,7 +74,7 @@
 
   <property name="app.name"      		   value="WebGoat"/>
   <property name="app.path"      		   value="/${app.name}"/>
-  <property name="app.version"   		   value="5.1"/> <!-- UPDATE THIS! -->
+  <property name="app.version"   		   value="5.2"/> <!-- UPDATE THIS! -->
   <property name="build.home"    		   value="${basedir}/build"/>
   <property name="catalina.home" 		   value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
   <property name="dist.home"     		   value="${basedir}/dist"/>