diff --git a/webgoat-lessons/challenge/pom.xml b/webgoat-lessons/challenge/pom.xml
index a2cc9c6f4..05ff6d9ac 100644
--- a/webgoat-lessons/challenge/pom.xml
+++ b/webgoat-lessons/challenge/pom.xml
@@ -9,4 +9,12 @@
         <version>8.0-SNAPSHOT</version>
     </parent>
 
+
+    <dependencies>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.7.0</version>
+        </dependency>
+    </dependencies>
 </project>
diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java
index a6a3418b7..743f67160 100644
--- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java
@@ -12,5 +12,6 @@ public interface SolutionConstants {
     String PASSWORD = "!!webgoat_admin_1234!!";
     String SUPER_COUPON_CODE = "get_it_for_free";
     String PASSWORD_TOM = "thisisasecretfortomonly";
+    String JWT_PASSWORD = "victory";
 
 }
diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java
new file mode 100644
index 000000000..d0b431493
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java
@@ -0,0 +1,39 @@
+package org.owasp.webgoat.plugin.challenge5;
+
+import com.google.common.collect.Lists;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.NewLesson;
+
+import java.util.List;
+
+/**
+ * @author nbaars
+ * @since 3/21/17.
+ */
+public class Challenge5 extends NewLesson {
+
+    @Override
+    public Category getDefaultCategory() {
+        return Category.CHALLENGE;
+    }
+
+    @Override
+    public List<String> getHints() {
+        return Lists.newArrayList();
+    }
+
+    @Override
+    public Integer getDefaultRanking() {
+        return 10;
+    }
+
+    @Override
+    public String getTitle() {
+        return "challenge5.title";
+    }
+
+    @Override
+    public String getId() {
+        return "Challenge5";
+    }
+}
diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java
new file mode 100644
index 000000000..e36712270
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java
@@ -0,0 +1,13 @@
+package org.owasp.webgoat.plugin.challenge5;
+
+/**
+ * @author nbaars
+ * @since 4/30/17.
+ */
+public class Views {
+    interface GuestView {}
+    interface UserView extends GuestView {}
+    interface AdminView extends UserView {}
+
+
+}
diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Votings.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Votings.java
new file mode 100644
index 000000000..0ef7bee5b
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Votings.java
@@ -0,0 +1,102 @@
+package org.owasp.webgoat.plugin.challenge5;
+
+import com.fasterxml.jackson.annotation.JsonView;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.converter.json.MappingJacksonValue;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import static org.owasp.webgoat.plugin.SolutionConstants.JWT_PASSWORD;
+
+/**
+ * @author nbaars
+ * @since 4/23/17.
+ */
+@RestController
+@RequestMapping("/votings")
+public class Votings {
+
+    @AllArgsConstructor
+    @Getter
+    private class Voting {
+        @JsonView(Views.GuestView.class)
+        private String title;
+        @JsonView(Views.GuestView.class)
+        private String information;
+        @JsonView(Views.GuestView.class)
+        private String imageSmall;
+        @JsonView(Views.GuestView.class)
+        private String imageBig;
+        @JsonView(Views.UserView.class)
+        private int numberOfVotes;
+        @JsonView(Views.AdminView.class)
+        private String flag;
+    }
+
+    private int totalVotes = 38929;
+    private List votings = Lists.newArrayList(
+            new Voting("Admin lost password",
+                    "In this challenge you will need to help the admin and find the password in order to login",
+                    "challenge1-small.png", "challenge1.png", 14242, null),
+            new Voting("Vote for your favourite",
+                    "In this challenge ...",
+                    "challenge5-small.png", "challenge5.png", 12345, null),
+            new Voting("Get is for free",
+                    "The objective for this challenge is to buy a Samsung phone for free.",
+                    "challenge2-small.png", "challenge2.png", 12342, null)
+    );
+
+    @GetMapping("/login")
+    @ResponseBody
+    @ResponseStatus(code = HttpStatus.OK)
+    public void login(@RequestParam("user") String user, HttpServletResponse response) {
+        Map<String, Object> claims = Maps.newHashMap();
+        claims.put("admin", "false");
+        claims.put("user", user);
+        String token = Jwts.builder()
+                .setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10)))
+                .setClaims(claims)
+                .signWith(SignatureAlgorithm.HS512, JWT_PASSWORD)
+                .compact();
+        Cookie cookie = new Cookie("access_token", token);
+        response.addCookie(cookie);
+    }
+
+    @GetMapping
+    public MappingJacksonValue getVotings(@CookieValue(value = "access_token", required = false) String accessToken) {
+        MappingJacksonValue value = new MappingJacksonValue(votings);
+        if (accessToken == null) {
+            value.setSerializationView(Views.GuestView.class);
+        } else {
+            value.setSerializationView(Views.UserView.class);
+        }
+        return value;
+    }
+
+    @PostMapping
+    @ResponseBody
+    @ResponseStatus(HttpStatus.ACCEPTED)
+    public void vote(String title) {
+        totalVotes = totalVotes + 1;
+        //return
+    }
+
+    @GetMapping("/flags")
+    @ResponseBody
+    public ResponseEntity<?> getFlagInformation(@CookieValue("access_token") String accessToken, HttpServletResponse response) {
+        return ResponseEntity.ok().build();
+    }
+}
diff --git a/webgoat-lessons/challenge/src/main/resources/css/challenge5.css b/webgoat-lessons/challenge/src/main/resources/css/challenge5.css
new file mode 100644
index 000000000..590e2a4b0
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/resources/css/challenge5.css
@@ -0,0 +1,12 @@
+a.list-group-item {
+    height:auto;
+}
+a.list-group-item.active small {
+    color:#fff;
+}
+.stars {
+    margin:20px auto 1px;
+}
+.img-responsive {
+    min-width: 100%;
+}
\ No newline at end of file
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
index 8c61187d4..7771134ab 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+    <!DOCTYPE html>
 
 <html xmlns:th="http://www.thymeleaf.org">
 
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge1.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge1.html
index 91ca58ce2..9ceb99db5 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge1.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge1.html
@@ -5,30 +5,33 @@
 <div class="lesson-page-wrapper">
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-        <div class="panel panel-default">
-            <div class="panel-heading">
-                <img th:src="@{/images/webgoat2.png}" class="img-thumbnail"/>
-            </div>
-            <div class="panel-body">
-                <form class="attack-form" accept-charset="UNKNOWN"
-                      method="POST" name="form"
-                      action="/WebGoat/challenge/1"
-                      style="width: 200px;"
-                      enctype="application/json;charset=UTF-8">
 
-                    <div class="form-group">
-                        <label for="exampleInputEmail1" th:text="#{username}">Username</label>
-                        <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
-                               id="exampleInputEmail1" placeholder="Username" name='username' value="admin"/>
-                    </div>
-                    <div class="form-group">
-                        <label for="exampleInputPassword1" th:text="#{password}">Password</label>
-                        <input type="password" class="form-control" id="exampleInputPassword1"
-                               placeholder="Password"
-                               name='password'/>
-                    </div>
-                    <button class="btn btn-primary btn-block" type="submit" th:text="#{sign.in}">Sign in</button>
-                </form>
+        <div class="container">
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <img th:src="@{/images/webgoat2.png}" class="img-thumbnail"/>
+                </div>
+                <div class="panel-body">
+                    <form class="attack-form" accept-charset="UNKNOWN"
+                          method="POST" name="form"
+                          action="/WebGoat/challenge/1"
+                          style="width: 200px;"
+                          enctype="application/json;charset=UTF-8">
+
+                        <div class="form-group">
+                            <label for="exampleInputEmail1" th:text="#{username}">Username</label>
+                            <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
+                                   id="exampleInputEmail1" placeholder="Username" name='username' value="admin"/>
+                        </div>
+                        <div class="form-group">
+                            <label for="exampleInputPassword1" th:text="#{password}">Password</label>
+                            <input type="password" class="form-control" id="exampleInputPassword1"
+                                   placeholder="Password"
+                                   name='password'/>
+                        </div>
+                        <button class="btn btn-primary btn-block" type="submit" th:text="#{sign.in}">Sign in</button>
+                    </form>
+                </div>
             </div>
         </div>
 
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge2.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge2.html
index 49b129a5c..3e261419b 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge2.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge2.html
@@ -9,81 +9,84 @@
     <script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-        <form class="attack-form" accept-charset="UNKNOWN"
-              method="POST" name="form"
-              action="/WebGoat/challenge/2"
-              enctype="application/json;charset=UTF-8">
 
-            <input id="discount" type="hidden" value="0"/>
-            <div class="row">
+        <div class="container">
+            <form class="attack-form" accept-charset="UNKNOWN"
+                  method="POST" name="form"
+                  action="/WebGoat/challenge/2"
+                  enctype="application/json;charset=UTF-8">
 
-                <div class="col-xs-3 item-photo">
-                    <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
-                </div>
-                <div class="col-xs-5" style="border:0px solid gray">
-                    <h3>Samsung Galaxy S8</h3>
-                    <h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
-                        <small style="color:#337ab7">(124421 reviews)</small>
-                    </h5>
+                <input id="discount" type="hidden" value="0"/>
+                <div class="row">
 
-                    <h6 class="title-price">
-                        <small>PRICE</small>
-                    </h6>
-                    <h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
+                    <div class="col-xs-3 item-photo">
+                        <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
+                    </div>
+                    <div class="col-xs-5" style="border:0px solid gray">
+                        <h3>Samsung Galaxy S8</h3>
+                        <h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
+                            <small style="color:#337ab7">(124421 reviews)</small>
+                        </h5>
 
-                    <div class="section">
-                        <h6 class="title-attr" style="margin-top:15px;">
-                            <small>COLOR</small>
+                        <h6 class="title-price">
+                            <small>PRICE</small>
                         </h6>
-                        <div>
-                            <div class="attr" style="width:25px;background:lightgrey;"></div>
-                            <div class="attr" style="width:25px;background:black;"></div>
+                        <h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
+
+                        <div class="section">
+                            <h6 class="title-attr" style="margin-top:15px;">
+                                <small>COLOR</small>
+                            </h6>
+                            <div>
+                                <div class="attr" style="width:25px;background:lightgrey;"></div>
+                                <div class="attr" style="width:25px;background:black;"></div>
+                            </div>
                         </div>
-                    </div>
-                    <div class="section" style="padding-bottom:5px;">
-                        <h6 class="title-attr">
-                            <small>CAPACITY</small>
-                        </h6>
-                        <div>
-                            <div class="attr2">64 GB</div>
-                            <div class="attr2">128 GB</div>
+                        <div class="section" style="padding-bottom:5px;">
+                            <h6 class="title-attr">
+                                <small>CAPACITY</small>
+                            </h6>
+                            <div>
+                                <div class="attr2">64 GB</div>
+                                <div class="attr2">128 GB</div>
+                            </div>
                         </div>
-                    </div>
-                    <div class="section" style="padding-bottom:5px;">
-                        <h6 class="title-attr">
-                            <small>QUANTITY</small>
-                        </h6>
-                        <div>
-                            <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
-                            <input class="quantity" value="1"/>
-                            <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
+                        <div class="section" style="padding-bottom:5px;">
+                            <h6 class="title-attr">
+                                <small>QUANTITY</small>
+                            </h6>
+                            <div>
+                                <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
+                                <input class="quantity" value="1"/>
+                                <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
+                            </div>
                         </div>
-                    </div>
 
-                    <div class="section" style="padding-bottom:5px;">
-                        <h6 class="title-attr">
-                            <small>CHECKOUT CODE</small>
-                        </h6>
-                        <!--
-                          Checkout code: webgoat, owasp, owasp-webgoat
-                        -->
-                        <input name="checkoutCode" class="checkoutCode" value=""/>
+                        <div class="section" style="padding-bottom:5px;">
+                            <h6 class="title-attr">
+                                <small>CHECKOUT CODE</small>
+                            </h6>
+                            <!--
+                              Checkout code: webgoat, owasp, owasp-webgoat
+                            -->
+                            <input name="checkoutCode" class="checkoutCode" value=""/>
 
-                    </div>
+                        </div>
 
-                    <div class="section" style="padding-bottom:20px;">
-                        <button type="submit" class="btn btn-success"><span style="margin-right:20px"
-                                                                            class="glyphicon glyphicon-shopping-cart"
-                                                                            aria-hidden="true"></span>Buy
-                        </button>
-                        <h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
-                                              style="cursor:pointer;"></span>
-                            Like</a></h6>
+                        <div class="section" style="padding-bottom:20px;">
+                            <button type="submit" class="btn btn-success"><span style="margin-right:20px"
+                                                                                class="glyphicon glyphicon-shopping-cart"
+                                                                                aria-hidden="true"></span>Buy
+                            </button>
+                            <h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
+                                                  style="cursor:pointer;"></span>
+                                Like</a></h6>
+                        </div>
                     </div>
                 </div>
-            </div>
 
-        </form>
+            </form>
+        </div>
         <br/>
         <form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
             <div class="form-group">
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge3.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge3.html
index 2413f3c85..c10d5f72f 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge3.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge3.html
@@ -9,39 +9,42 @@
     <script th:src="@{/lesson_js/challenge3.js}" language="JavaScript"></script>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-        <div class="panel post">
-            <div class="post-heading">
-                <div class="pull-left image">
-                    <img th:src="@{/images/avatar1.png}"
-                         class="img-circle avatar" alt="user profile image"/>
-                </div>
-                <div class="pull-left meta">
-                    <div class="title h5">
-                        <a href="#"><b>John Doe</b></a>
-                        uploaded a photo.
+
+        <div class="container">
+            <div class="panel post">
+                <div class="post-heading">
+                    <div class="pull-left image">
+                        <img th:src="@{/images/avatar1.png}"
+                             class="img-circle avatar" alt="user profile image"/>
+                    </div>
+                    <div class="pull-left meta">
+                        <div class="title h5">
+                            <a href="#"><b>John Doe</b></a>
+                            uploaded a photo.
+                        </div>
+                        <h6 class="text-muted time">24 days ago</h6>
                     </div>
-                    <h6 class="text-muted time">24 days ago</h6>
                 </div>
-            </div>
 
-            <div class="post-image">
-                <img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
-            </div>
+                <div class="post-image">
+                    <img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
+                </div>
 
-            <div class="post-description">
+                <div class="post-description">
 
-            </div>
-            <div class="post-footer">
-                <div class="input-group">
-                    <input class="form-control" id="commentInput" placeholder="Add a comment" type="text"/>
-                    <span class="input-group-addon">
+                </div>
+                <div class="post-footer">
+                    <div class="input-group">
+                        <input class="form-control" id="commentInput" placeholder="Add a comment" type="text"/>
+                        <span class="input-group-addon">
                                 <i id="postComment" class="fa fa-edit" style="font-size: 20px"></i>
                             </span>
-                </div>
-                <ul class="comments-list">
-                    <div id="list">
                     </div>
-                </ul>
+                    <ul class="comments-list">
+                        <div id="list">
+                        </div>
+                    </ul>
+                </div>
             </div>
         </div>
 
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html
index d7fbb8590..85028116b 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html
@@ -9,7 +9,7 @@
     <script th:src="@{/lesson_js/challenge4.js}" language="JavaScript"></script>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-
+        <div class="container">
             <div class="row">
                 <div class="col-md-6">
                     <div class="panel panel-login">
@@ -32,10 +32,12 @@
                                           action="/WebGoat/challenge/4"
                                           enctype="application/json;charset=UTF-8" role="form">
                                         <div class="form-group">
-                                            <input type="text" name="username_login" id="username4" tabindex="1" class="form-control" placeholder="Username" value=""/>
+                                            <input type="text" name="username_login" id="username4" tabindex="1"
+                                                   class="form-control" placeholder="Username" value=""/>
                                         </div>
                                         <div class="form-group">
-                                            <input type="password" name="password_login" id="password4" tabindex="2" class="form-control" placeholder="Password"/>
+                                            <input type="password" name="password_login" id="password4" tabindex="2"
+                                                   class="form-control" placeholder="Password"/>
                                         </div>
                                         <div class="form-group text-center">
                                             <input type="checkbox" tabindex="3" class="" name="remember" id="remember"/>
@@ -44,7 +46,9 @@
                                         <div class="form-group">
                                             <div class="row">
                                                 <div class="col-sm-6 col-sm-offset-3">
-                                                    <input type="submit" name="login-submit" id="login-submit" tabindex="4" class="form-control btn-primary" value="Log In"/>
+                                                    <input type="submit" name="login-submit" id="login-submit"
+                                                           tabindex="4" class="form-control btn-primary"
+                                                           value="Log In"/>
                                                 </div>
                                             </div>
                                         </div>
@@ -52,7 +56,8 @@
                                             <div class="row">
                                                 <div class="col-lg-12">
                                                     <div class="text-center">
-                                                        <a href="#" tabindex="5" class="forgot-password">Forgot Password?</a>
+                                                        <a href="#" tabindex="5" class="forgot-password">Forgot
+                                                            Password?</a>
                                                     </div>
                                                 </div>
                                             </div>
@@ -63,21 +68,27 @@
                                           action="/WebGoat/challenge/4"
                                           enctype="application/json;charset=UTF-8" style="display: none;" role="form">
                                         <div class="form-group">
-                                            <input type="text" name="username_reg" id="username" tabindex="1" class="form-control" placeholder="Username" value=""/>
+                                            <input type="text" name="username_reg" id="username" tabindex="1"
+                                                   class="form-control" placeholder="Username" value=""/>
                                         </div>
                                         <div class="form-group">
-                                            <input type="email" name="email_reg" id="email" tabindex="1" class="form-control" placeholder="Email Address" value=""/>
+                                            <input type="email" name="email_reg" id="email" tabindex="1"
+                                                   class="form-control" placeholder="Email Address" value=""/>
                                         </div>
                                         <div class="form-group">
-                                            <input type="password" name="password_reg" id="password" tabindex="2" class="form-control" placeholder="Password"/>
+                                            <input type="password" name="password_reg" id="password" tabindex="2"
+                                                   class="form-control" placeholder="Password"/>
                                         </div>
                                         <div class="form-group">
-                                            <input type="password" name="confirm_password_reg" id="confirm-password" tabindex="2" class="form-control" placeholder="Confirm Password"/>
+                                            <input type="password" name="confirm_password_reg" id="confirm-password"
+                                                   tabindex="2" class="form-control" placeholder="Confirm Password"/>
                                         </div>
                                         <div class="form-group">
                                             <div class="row">
                                                 <div class="col-sm-6 col-sm-offset-3">
-                                                    <input type="submit" name="register-submit" id="register-submit" tabindex="4" class="form-control btn btn-primary" value="Register Now"/>
+                                                    <input type="submit" name="register-submit" id="register-submit"
+                                                           tabindex="4" class="form-control btn btn-primary"
+                                                           value="Register Now"/>
                                                 </div>
                                             </div>
                                         </div>
@@ -88,6 +99,7 @@
                     </div>
                 </div>
             </div>
+        </div>
         <br/>
         <form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
             <div class="form-group">
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge5.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge5.html
new file mode 100644
index 000000000..d3127e93e
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge5.html
@@ -0,0 +1,203 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:Challenge_5.adoc"></div>
+    <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge5.css}"/>
+    <script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
+    <script th:src="@{/lesson_js/challenge5.js}" language="JavaScript"></script>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <div class="container">
+
+            <div class="row">
+
+                <div class="well">
+                    <div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;">
+                        <div class="dropdown" style="display:inline">
+                            <button type="button" data-toggle="dropdown" class="btn btn-default dropdown-toggle"
+                                    id="user-menu">
+                                <i class="fa fa-user"></i> <span class="caret"></span>
+                            </button>
+                            <ul class="dropdown-menu dropdown-menu-left">
+                                <li role="presentation"><a role="menuitem" tabindex="-1" th:text="Unknown">current</a></li>
+                                <li role="presentation" class="divider"></li>
+                                <li role="presentation"><a role="menuitem" tabindex="-1" th:onclick="'javascript:login(\'' + ${#authentication.name} + '\');'"
+                                                           th:text="${#authentication.name}">current</a></li>
+                                <li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Tom')"
+                                                           th:text="Tom">current</a></li>
+                                <li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Jerry')"
+                                                           th:text="Jerry">current</a></li>
+                                <li role="presentation"><a role="menuitem" tabindex="-1" onclick="javascript:login('Sylvester')"
+                                                           th:text="Sylvester">current</a></li>
+                            </ul>
+                        </div>
+                    </div>
+
+
+                    <div>
+                        <h3>Vote for your favorite</h3>
+                    </div>
+                    <div class="list-group">
+                        <a href="#" class="list-group-item active">
+                            <div class="media col-md-3">
+                                <figure>
+                                    <img class="media-object img-rounded"
+                                         th:src="@{/images/challenge1-small.png}"
+                                         alt="placehold.it/350x250"/>
+                                </figure>
+                            </div>
+                            <div class="col-md-6">
+                                <h4 class="list-group-item-heading">Admin lost password</h4>
+                                <p class="list-group-item-text">In this challenge you will need to help the admin and
+                                    find the password in
+                                    order to login
+                                </p>
+                            </div>
+                            <div class="col-md-3 text-center">
+                                <h2> 14240
+                                    <small> votes</small>
+                                </h2>
+                                <button type="button" class="btn btn-default btn-lg btn-block"> Vote Now!</button>
+                                <div class="stars">
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star-empty"></span>
+                                </div>
+                                <p> Average 4.5
+                                    <small> /</small>
+                                    5
+                                </p>
+                            </div>
+                            <div class="clearfix"></div>
+                        </a>
+                        <a href="#" class="list-group-item">
+                            <div class="media col-md-3">
+                                <figure>
+                                    <img class="media-object img-rounded"
+                                         th:src="@{/images/challenge5-small.png}"
+                                         alt="placehold.it/350x250"/>
+                                </figure>
+                            </div>
+                            <div class="col-md-6">
+                                <h4 class="list-group-item-heading">Vote for your favourite</h4>
+                                <p class="list-group-item-text">In this challenge.....
+                                </p>
+                            </div>
+                            <div class="col-md-3 text-center">
+                                <h2> 14240
+                                    <small> votes</small>
+                                </h2>
+                                <button type="button" class="btn btn-primary btn-lg btn-block">Vote Now!</button>
+                                <div class="stars">
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star-empty"></span>
+                                </div>
+                                <p> Average 4.2
+                                    <small> /</small>
+                                    5
+                                </p>
+                            </div>
+                            <div class="clearfix"></div>
+                        </a>
+                        <a href="#" class="list-group-item">
+                            <div class="media col-md-3">
+                                <figure>
+                                    <img class="media-object img-rounded img-responsive"
+                                         th:src="@{/images/challenge2-small.png}"
+                                         alt="placehold.it/350x250"/>
+                                </figure>
+                            </div>
+                            <div class="col-md-6">
+                                <h4 class="list-group-item-heading">Get is for free</h4>
+                                <p class="list-group-item-text">The objective for this challenge is to buy a Samsung
+                                    phone for free.
+                                </p>
+                            </div>
+                            <div class="col-md-3 text-center">
+                                <h2> 12424
+                                    <small> votes</small>
+                                </h2>
+                                <button type="button" class="btn btn-primary btn-lg btn-block">Vote Now!</button>
+                                <div class="stars">
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star-empty"></span>
+                                    <span class="glyphicon glyphicon-star-empty"></span>
+                                </div>
+                                <p> Average 3
+                                    <small> /</small>
+                                    5
+                                </p>
+                            </div>
+                            <div class="clearfix"></div>
+                        </a>
+                        <a href="#" class="list-group-item">
+                            <div class="media col-xs-12 col-md-3">
+                                <figure>
+                                    <img class="media-object img-rounded img-responsive"
+                                         th:src="@{/images/challenge3-small.png}"
+                                         alt="placehold.it/350x250"/>
+                                </figure>
+                            </div>
+                            <div class="col-md-6">
+                                <h4 class="list-group-item-heading">Photo comments </h4>
+                                <p class="list-group-item-text">In this challenge you can comment on the photo you
+                                    will need to find the flag somewhere.
+                                </p>
+                            </div>
+                            <div class="col-md-3 text-center">
+                                <h2> 13540
+                                    <small> votes</small>
+                                </h2>
+                                <button type="button" class="btn btn-primary btn-lg btn-block">Vote Now!</button>
+                                <div class="stars">
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star"></span>
+                                    <span class="glyphicon glyphicon-star-empty"></span>
+                                </div>
+                                <p> Average 4.1
+                                    <small> /</small>
+                                    5
+                                </p>
+                            </div>
+                            <div class="clearfix"></div>
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <br/>
+        <form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
+            <div class="form-group">
+                <div class="input-group">
+                    <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
+                                                      style="font-size:20px"></i></div>
+                    <input type="text" class="form-control" id="flag" name="flag"
+                           placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
+                </div>
+                <div class="input-group" style="margin-top: 10px">
+                    <button type="submit" class="btn btn-primary">Submit flag</button>
+                </div>
+            </div>
+
+        </form>
+
+        <br/>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+</html>
\ No newline at end of file
diff --git a/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties
index 653602852..3a425339e 100644
--- a/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties
@@ -3,6 +3,7 @@ challenge1.title=Admin lost password
 challenge2.title=Get it for free
 challenge3.title=Photo comments
 challenge4.title=Creating a new account
+challenge5.title=Voting
 challenge.solved=Congratulations, you solved the challenge. Here is your flag: {0}
 challenge.close=This is not the correct password for tom, please try again.
 
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge1-small.png b/webgoat-lessons/challenge/src/main/resources/images/challenge1-small.png
new file mode 100644
index 000000000..a4fbc3470
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge1-small.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge1.png b/webgoat-lessons/challenge/src/main/resources/images/challenge1.png
new file mode 100644
index 000000000..0008ceb5e
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge1.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge2-small.png b/webgoat-lessons/challenge/src/main/resources/images/challenge2-small.png
new file mode 100644
index 000000000..777b5a093
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge2-small.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge2.png b/webgoat-lessons/challenge/src/main/resources/images/challenge2.png
new file mode 100644
index 000000000..d1eadfefe
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge2.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge3-small.png b/webgoat-lessons/challenge/src/main/resources/images/challenge3-small.png
new file mode 100644
index 000000000..daf7f7ebb
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge3-small.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge3.png b/webgoat-lessons/challenge/src/main/resources/images/challenge3.png
new file mode 100644
index 000000000..b271d4ea1
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge3.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge4-small.png b/webgoat-lessons/challenge/src/main/resources/images/challenge4-small.png
new file mode 100644
index 000000000..b9ddaa7e7
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge4-small.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge4.png b/webgoat-lessons/challenge/src/main/resources/images/challenge4.png
new file mode 100644
index 000000000..cb5301ac9
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge4.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge5-small.png b/webgoat-lessons/challenge/src/main/resources/images/challenge5-small.png
new file mode 100644
index 000000000..1aa84ab4c
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge5-small.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge5.png b/webgoat-lessons/challenge/src/main/resources/images/challenge5.png
new file mode 100644
index 000000000..e5d9a8108
Binary files /dev/null and b/webgoat-lessons/challenge/src/main/resources/images/challenge5.png differ
diff --git a/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js b/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
new file mode 100644
index 000000000..b04a0e82f
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
@@ -0,0 +1,6 @@
+/*!
+ * Bootstrap v3.1.1 (http://getbootstrap.com)
+ * Copyright 2011-2014 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ */
+if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(jQuery),+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function c(){f.trigger("closed.bs.alert").remove()}var d=a(this),e=d.attr("data-target");e||(e=d.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,""));var f=a(e);b&&b.preventDefault(),f.length||(f=d.hasClass("alert")?d:d.parent()),f.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(f.removeClass("in"),a.support.transition&&f.hasClass("fade")?f.one(a.support.transition.end,c).emulateTransitionEnd(150):c())};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),"string"==typeof b&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.isLoading=!1};b.DEFAULTS={loadingText:"loading..."},b.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",f.resetText||d.data("resetText",d[e]()),d[e](f[b]||this.options[b]),setTimeout(a.proxy(function(){"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c))},this),0)},b.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")&&(c.prop("checked")&&this.$element.hasClass("active")?a=!1:b.find(".active").removeClass("active")),a&&c.prop("checked",!this.$element.hasClass("active")).trigger("change")}a&&this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof c&&c;e||d.data("bs.button",e=new b(this,f)),"toggle"==c?e.toggle():c&&e.setState(c)})},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.bs.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle"),b.preventDefault()})}(jQuery),+function(a){"use strict";var b=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=this.sliding=this.interval=this.$active=this.$items=null,"hover"==this.options.pause&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.DEFAULTS={interval:5e3,pause:"hover",wrap:!0},b.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},b.prototype.getActiveIndex=function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},b.prototype.to=function(b){var c=this,d=this.getActiveIndex();return b>this.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}if(e.hasClass("active"))return this.sliding=!1;var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});return this.$element.trigger(j),j.isDefaultPrevented()?void 0:(this.sliding=!0,f&&this.pause(),this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid.bs.carousel",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")?(e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid.bs.carousel")},0)}).emulateTransitionEnd(1e3*d.css("transition-duration").slice(0,-1))):(d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid.bs.carousel")),f&&this.cycle(),this)};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("collapse in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?void this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);!e&&f.toggle&&"show"==c&&(c=!c),e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(jQuery),+function(a){"use strict";function b(b){a(d).remove(),a(e).each(function(){var d=c(a(this)),e={relatedTarget:this};d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown",e)),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown",e))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('<div class="dropdown-backdrop"/>').insertAfter(a(this)).on("click",b);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown",h),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=" li:not(.divider):visible a",i=f.find("[role=menu]"+h+", [role=listbox]"+h);if(i.length){var j=i.index(i.filter(":focus"));38==b.keyCode&&j>0&&j--,40==b.keyCode&&j<i.length-1&&j++,~j||(j=0),i.eq(j).focus()}}}};var g=a.fn.dropdown;a.fn.dropdown=function(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new f(this)),"string"==typeof b&&d[b].call(c)})},a.fn.dropdown.Constructor=f,a.fn.dropdown.noConflict=function(){return a.fn.dropdown=g,this},a(document).on("click.bs.dropdown.data-api",b).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",e,f.prototype.toggle).on("keydown.bs.dropdown.data-api",e+", [role=menu], [role=listbox]",f.prototype.keydown)}(jQuery),+function(a){"use strict";var b=function(b,c){this.options=c,this.$element=a(b),this.$backdrop=this.isShown=null,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,a.proxy(function(){this.$element.trigger("loaded.bs.modal")},this))};b.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},b.prototype.toggle=function(a){return this[this.isShown?"hide":"show"](a)},b.prototype.show=function(b){var c=this,d=a.Event("show.bs.modal",{relatedTarget:b});this.$element.trigger(d),this.isShown||d.isDefaultPrevented()||(this.isShown=!0,this.escape(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',a.proxy(this.hide,this)),this.backdrop(function(){var d=a.support.transition&&c.$element.hasClass("fade");c.$element.parent().length||c.$element.appendTo(document.body),c.$element.show().scrollTop(0),d&&c.$element[0].offsetWidth,c.$element.addClass("in").attr("aria-hidden",!1),c.enforceFocus();var e=a.Event("shown.bs.modal",{relatedTarget:b});d?c.$element.find(".modal-dialog").one(a.support.transition.end,function(){c.$element.focus().trigger(e)}).emulateTransitionEnd(300):c.$element.focus().trigger(e)}))},b.prototype.hide=function(b){b&&b.preventDefault(),b=a.Event("hide.bs.modal"),this.$element.trigger(b),this.isShown&&!b.isDefaultPrevented()&&(this.isShown=!1,this.escape(),a(document).off("focusin.bs.modal"),this.$element.removeClass("in").attr("aria-hidden",!0).off("click.dismiss.bs.modal"),a.support.transition&&this.$element.hasClass("fade")?this.$element.one(a.support.transition.end,a.proxy(this.hideModal,this)).emulateTransitionEnd(300):this.hideModal())},b.prototype.enforceFocus=function(){a(document).off("focusin.bs.modal").on("focusin.bs.modal",a.proxy(function(a){this.$element[0]===a.target||this.$element.has(a.target).length||this.$element.focus()},this))},b.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keyup.dismiss.bs.modal",a.proxy(function(a){27==a.which&&this.hide()},this)):this.isShown||this.$element.off("keyup.dismiss.bs.modal")},b.prototype.hideModal=function(){var a=this;this.$element.hide(),this.backdrop(function(){a.removeBackdrop(),a.$element.trigger("hidden.bs.modal")})},b.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},b.prototype.backdrop=function(b){var c=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var d=a.support.transition&&c;if(this.$backdrop=a('<div class="modal-backdrop '+c+'" />').appendTo(document.body),this.$element.on("click.dismiss.bs.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("bs.modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());c.is("a")&&b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'<div class="tooltip"><div class="tooltip-arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this,d=this.tip();this.setContent(),this.options.animation&&d.addClass("fade");var e="function"==typeof this.options.placement?this.options.placement.call(this,d[0],this.$element[0]):this.options.placement,f=/\s?auto?\s?/i,g=f.test(e);g&&(e=e.replace(f,"")||"top"),d.detach().css({top:0,left:0,display:"block"}).addClass(e),this.options.container?d.appendTo(this.options.container):d.insertAfter(this.$element);var h=this.getPosition(),i=d[0].offsetWidth,j=d[0].offsetHeight;if(g){var k=this.$element.parent(),l=e,m=document.documentElement.scrollTop||document.body.scrollTop,n="body"==this.options.container?window.innerWidth:k.outerWidth(),o="body"==this.options.container?window.innerHeight:k.outerHeight(),p="body"==this.options.container?0:k.offset().left;e="bottom"==e&&h.top+h.height+j-m>o?"top":"top"==e&&h.top-m-j<0?"bottom":"right"==e&&h.right+i>n?"left":"left"==e&&h.left-i<p?"right":e,d.removeClass(l).addClass(e)}var q=this.getCalculatedOffset(e,h,i,j);this.applyPlacement(q,e),this.hoverState=null;var r=function(){c.$element.trigger("shown.bs."+c.type)};a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,r).emulateTransitionEnd(150):r()}},b.prototype.applyPlacement=function(b,c){var d,e=this.tip(),f=e[0].offsetWidth,g=e[0].offsetHeight,h=parseInt(e.css("margin-top"),10),i=parseInt(e.css("margin-left"),10);isNaN(h)&&(h=0),isNaN(i)&&(i=0),b.top=b.top+h,b.left=b.left+i,a.offset.setOffset(e[0],a.extend({using:function(a){e.css({top:Math.round(a.top),left:Math.round(a.left)})}},b),0),e.addClass("in");var j=e[0].offsetWidth,k=e[0].offsetHeight;if("top"==c&&k!=g&&(d=!0,b.top=b.top+g-k),/bottom|top/.test(c)){var l=0;b.left<0&&(l=-2*b.left,b.left=0,e.offset(b),j=e[0].offsetWidth,k=e[0].offsetHeight),this.replaceArrow(l-f+j,j,"left")}else this.replaceArrow(k-g,k,"top");d&&e.offset(b)},b.prototype.replaceArrow=function(a,b,c){this.arrow().css(c,a?50*(1-a/b)+"%":"")},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},b.prototype.hide=function(){function b(){"in"!=c.hoverState&&d.detach(),c.$element.trigger("hidden.bs."+c.type)}var c=this,d=this.tip(),e=a.Event("hide.bs."+this.type);return this.$element.trigger(e),e.isDefaultPrevented()?void 0:(d.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,b).emulateTransitionEnd(150):b(),this.hoverState=null,this)},b.prototype.fixTitle=function(){var a=this.$element;(a.attr("title")||"string"!=typeof a.attr("data-original-title"))&&a.attr("data-original-title",a.attr("title")||"").attr("title","")},b.prototype.hasContent=function(){return this.getTitle()},b.prototype.getPosition=function(){var b=this.$element[0];return a.extend({},"function"==typeof b.getBoundingClientRect?b.getBoundingClientRect():{width:b.offsetWidth,height:b.offsetHeight},this.$element.offset())},b.prototype.getCalculatedOffset=function(a,b,c,d){return"bottom"==a?{top:b.top+b.height,left:b.left+b.width/2-c/2}:"top"==a?{top:b.top-d,left:b.left+b.width/2-c/2}:"left"==a?{top:b.top+b.height/2-d/2,left:b.left-c}:{top:b.top+b.height/2-d/2,left:b.left+b.width}},b.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},b.prototype.tip=function(){return this.$tip=this.$tip||a(this.options.template)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},b.prototype.validate=function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},b.prototype.enable=function(){this.enabled=!0},b.prototype.disable=function(){this.enabled=!1},b.prototype.toggleEnabled=function(){this.enabled=!this.enabled},b.prototype.toggle=function(b){var c=b?a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type):this;c.tip().hasClass("in")?c.leave(c):c.enter(c)},b.prototype.destroy=function(){clearTimeout(this.timeout),this.hide().$element.off("."+this.type).removeData("bs."+this.type)};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tooltip"),f="object"==typeof c&&c;(e||"destroy"!=c)&&(e||d.data("bs.tooltip",e=new b(this,f)),"string"==typeof c&&e[c]())})},a.fn.tooltip.Constructor=b,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(jQuery),+function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");b.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:'<div class="popover"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content"></div></div>'}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;(e||"destroy"!=c)&&(e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]())})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(a(c).is("body")?window:c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);{var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})}},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);if(g&&b<=e[0])return g!=(a=f[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parentsUntil(this.options.target,".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate.bs.scrollspy")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.data("target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=this.pinnedOffset=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(b.RESET).addClass("affix");var a=this.$window.scrollTop(),c=this.$element.offset();return this.pinnedOffset=c.top-a},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"top"==this.affixed&&(e.top+=d),"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top(this.$element)),"function"==typeof h&&(h=f.bottom(this.$element));var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;if(this.affixed!==i){this.unpin&&this.$element.css("top","");var j="affix"+(i?"-"+i:""),k=a.Event(j+".bs.affix");this.$element.trigger(k),k.isDefaultPrevented()||(this.affixed=i,this.unpin="bottom"==i?this.getPinnedOffset():null,this.$element.removeClass(b.RESET).addClass(j).trigger(a.Event(j.replace("affix","affixed"))),"bottom"==i&&this.$element.offset({top:c-h-this.$element.height()}))}}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(jQuery);
\ No newline at end of file
diff --git a/webgoat-lessons/challenge/src/main/resources/js/challenge5.js b/webgoat-lessons/challenge/src/main/resources/js/challenge5.js
new file mode 100644
index 000000000..c028f5a06
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/resources/js/challenge5.js
@@ -0,0 +1,16 @@
+$(document).ready(function () {
+    getVotings()
+})
+
+function login(user) {
+    $.get("votings/login?user=" + user, function (result, status) {
+
+    })
+}
+
+
+function getVotings() {
+    $.get("votings/", function (result, status) {
+
+    })
+}
diff --git a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_5.adoc b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_5.adoc
new file mode 100644
index 000000000..883d4be45
--- /dev/null
+++ b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_5.adoc
@@ -0,0 +1 @@
+Try to change to a different user, maybe you can find the flag?
\ No newline at end of file
diff --git a/webgoat-lessons/challenge/src/main/resources/plugin/Challenge/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/plugin/Challenge/html/Challenge.html
deleted file mode 100644
index 00c0e2c2f..000000000
--- a/webgoat-lessons/challenge/src/main/resources/plugin/Challenge/html/Challenge.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-
-<html xmlns:th="http://www.thymeleaf.org">
-
-<div class="lesson-page-wrapper">
-    <!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
-    <!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
-    which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
-    <div class="adoc-content" th:replace="doc:Challenge_content1.adoc"></div>
-</div>
-
-</html>
\ No newline at end of file
diff --git a/webgoat-lessons/challenge/src/main/resources/plugin/Challenge/lessonPlans/en/Challenge_content1.adoc b/webgoat-lessons/challenge/src/main/resources/plugin/Challenge/lessonPlans/en/Challenge_content1.adoc
deleted file mode 100644
index 987f45684..000000000
--- a/webgoat-lessons/challenge/src/main/resources/plugin/Challenge/lessonPlans/en/Challenge_content1.adoc
+++ /dev/null
@@ -1 +0,0 @@
-This is the challenge
\ No newline at end of file
diff --git a/webgoat-lessons/challenge/src/main/resources/plugin/i18n/WebGoatLabels.properties b/webgoat-lessons/challenge/src/main/resources/plugin/i18n/WebGoatLabels.properties
deleted file mode 100644
index cbae74dcb..000000000
--- a/webgoat-lessons/challenge/src/main/resources/plugin/i18n/WebGoatLabels.properties
+++ /dev/null
@@ -1 +0,0 @@
-challenge.title=WebGoat Challenge