diff --git a/java/org/owasp/webgoat/HammerHead.java b/java/org/owasp/webgoat/HammerHead.java
index 941e1dd4e..a39287b2c 100644
--- a/java/org/owasp/webgoat/HammerHead.java
+++ b/java/org/owasp/webgoat/HammerHead.java
@@ -134,6 +134,12 @@ public class HammerHead extends HttpServlet {
                 return;
             }
 
+            if ("true".equals(request.getParameter("start"))) {
+                logger.warn("Redirecting to start controller");
+                response.sendRedirect("start.mvc");
+                return;
+            }
+
             // Note: For the lesson to track the status, we need to update
             // the lesson tracker object
             // from the screen.createContent() method. The create content is
@@ -176,8 +182,9 @@ public class HammerHead extends HttpServlet {
                 clientBrowser = userAgent;
             }
             request.setAttribute("client.browser", clientBrowser);
-            request.getSession().setAttribute("websession", mySession);
-            request.getSession().setAttribute("course", mySession.getCourse());
+            request.getSession().setAttribute(WebSession.SESSION, mySession);
+            // not sure why this is being set in the session?
+            request.getSession().setAttribute(WebSession.COURSE, mySession.getCourse());
             String viewPage = getViewPage(mySession);
             logger.debug("Forwarding to view: " + viewPage);
             logger.debug("Screen: " + screen);
@@ -199,18 +206,9 @@ public class HammerHead extends HttpServlet {
     }
 
     private String getViewPage(WebSession webSession) {
-        String page;
-
-        // If this session has not seen the landing page yet, go there instead.
-        HttpSession session = webSession.getRequest().getSession();
-        if (session.getAttribute(WELCOMED) == null) {
-            session.setAttribute(WELCOMED, "true");
-            page = "/webgoat.jsp";
-        } else {
-            //page = "/main.jsp";
-            page = "/lesson_content.jsp";
-        }
-
+        // now always display the lesson content
+        String page = "/lesson_content.jsp";
+        //page = "/main.jsp";
         return page;
     }
 
@@ -378,7 +376,7 @@ public class HammerHead extends HttpServlet {
         HttpSession hs;
         hs = request.getSession(true);
 
-        // System.out.println( "HH Entering Session_id: " + hs.getId() );
+        logger.debug("HH Entering Session_id: " + hs.getId());
         // dumpSession( hs );
         // Get our session object out of the HTTP session
         WebSession session = null;
@@ -388,7 +386,7 @@ public class HammerHead extends HttpServlet {
             session = (WebSession) o;
         } else {
             // Create new custom session and save it in the HTTP session
-            // System.out.println( "HH Creating new WebSession: " );
+            logger.warn("HH Creating new WebSession");
             session = new WebSession(webgoatContext, context);
             // Ensure splash screen shows on any restart
             // rlawson - removed this since we show splash screen at login now
@@ -405,8 +403,8 @@ public class HammerHead extends HttpServlet {
         session.update(request, response, this.getServletName());
 
         // to authenticate
-        // System.out.println( "HH Leaving Session_id: " + hs.getId() );
-        // dumpSession( hs );
+        logger.debug("HH Leaving Session_id: " + hs.getId());
+        //dumpSession( hs );
         return (session);
     }
 
diff --git a/java/org/owasp/webgoat/controller/Start.java b/java/org/owasp/webgoat/controller/Start.java
index 8b0f5843c..86789eb9f 100644
--- a/java/org/owasp/webgoat/controller/Start.java
+++ b/java/org/owasp/webgoat/controller/Start.java
@@ -6,7 +6,6 @@
 package org.owasp.webgoat.controller;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
diff --git a/java/org/owasp/webgoat/controller/Welcome.java b/java/org/owasp/webgoat/controller/Welcome.java
index 60c9db003..5d2f9e93b 100644
--- a/java/org/owasp/webgoat/controller/Welcome.java
+++ b/java/org/owasp/webgoat/controller/Welcome.java
@@ -7,6 +7,8 @@ package org.owasp.webgoat.controller;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -19,9 +21,10 @@ import org.springframework.web.servlet.ModelAndView;
  */
 @Controller
 public class Welcome {
-
+    
+    final Logger logger = LoggerFactory.getLogger(Welcome.class);
     private static final String WELCOMED = "welcomed";
-
+    
     @RequestMapping(value = "welcome.mvc", method = RequestMethod.GET)
     public ModelAndView welcome(HttpServletRequest request,
             @RequestParam(value = "error", required = false) String error,
@@ -34,11 +37,13 @@ public class Welcome {
         if (session.getAttribute(WELCOMED) == null) {
             session.setAttribute(WELCOMED, "true");
         }
-        //@TODO put stuff here the welcome page needs to access
+        
+        //go ahead and send them to webgoat (skip the welcome page)
         ModelAndView model = new ModelAndView();
-        model.setViewName("welcome");
-
+        //model.setViewName("welcome");
+        //model.setViewName("main_new");
+        model.setViewName("forward:/attack?start=true");
         return model;
-
     }
+    
 }
diff --git a/java/org/owasp/webgoat/lessons/HttpBasicsController.java b/java/org/owasp/webgoat/lessons/HttpBasicsController.java
deleted file mode 100644
index 406bebdbd..000000000
--- a/java/org/owasp/webgoat/lessons/HttpBasicsController.java
+++ /dev/null
@@ -1,107 +0,0 @@
-package org.owasp.webgoat.lessons;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-import org.owasp.webgoat.lessons.model.HttpBasicsModel;
-import org.owasp.webgoat.session.WebSession;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.ModelMap;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.servlet.ModelAndView;
-
-/**
- * <p>
- * Handles the "HTTP Basics" lesson.  Contains all 
- * mapping methods for that lesson as well as all helper methods
- * used by those mappers.
- * </p>
- * 
- */
-@Controller
-public class HttpBasicsController extends LessonAdapter {
-
-	protected static Logger logger = Logger.getLogger("controller");
-	
-	// [url] path used by this lesson 
-	private final String PAGE_PATH = "httpBasics.do";
-
-	// The (apache) tile used by this lesson, as specified in tiles-definitions.xml 
-	private String TILE_NAME = "http-basics";
-	
-	// ID attribute associated with the JSP's form.
-	private String FORM_NAME = "command";
-	
-	
-	/**
-	 * @see {@link org.owasp.webgoat.lessons.AbstractLesson#getPath()}
-	 * @see {@link org.owasp.webgoat.lessons.AbstractLesson#getLink()}
-	 */
-	protected String getPath() {
-		return PAGE_PATH;
-	}
-	   
-	/**
-	 * Handles GET requests for this lesson.
-	 * @return
-	 */
-    @RequestMapping(value = PAGE_PATH, method = RequestMethod.GET)
-    public ModelAndView displayPage() {
-    	return new ModelAndView(TILE_NAME, FORM_NAME, new HttpBasicsModel());
-    }
-    
-    /**
-     * Handles POST requests for this lesson.  Takes the user's name and displays 
-     * a reversed copy of it.
-     * 
-     * @param httpBasicsModel
-     * @param model
-     * @return
-     */
-    @RequestMapping(value = PAGE_PATH, method = RequestMethod.POST)
-    public ModelAndView processSubmit(
-    		@ModelAttribute("")HttpBasicsModel httpBasicsModel, ModelMap model) {
-    	
-    	StringBuffer personName = new StringBuffer(httpBasicsModel.getPersonName());
-    	httpBasicsModel.setPersonName(personName.reverse().toString());
-    	
-    	return new ModelAndView(TILE_NAME, FORM_NAME, httpBasicsModel);
-    }    
-    
-    
-	public Category getCategory()
-	{
-		return Category.GENERAL;
-	}
-
-	/**
-	 * Gets the hints attribute of the HelloScreen object
-	 * 
-	 * @return The hints value
-	 */
-	public List<String> getHints(WebSession s)
-	{
-		List<String> hints = new ArrayList<String>();
-		hints.add("Type in your name and press 'go'");
-		hints.add("Turn on Show Parameters or other features");
-		hints.add("Try to intercept the request with WebScarab");
-		hints.add("Press the Show Lesson Plan button to view a lesson summary");
-		hints.add("Press the Show Solution button to view a lesson solution");
-
-		return hints;
-	}
-
-	protected String getInstructions()
-	{
-		return null;
-	}
-
-	public String getTitle()
-	{
-		// TODO: GET RID OF THE "(Spring MVC)" BELOW LATER!!!!"
-		return "HTTP Basics (Spring MVC)";
-	}    
-}
diff --git a/java/org/owasp/webgoat/service/BaseService.java b/java/org/owasp/webgoat/service/BaseService.java
index 88df27767..ea067cfaa 100644
--- a/java/org/owasp/webgoat/service/BaseService.java
+++ b/java/org/owasp/webgoat/service/BaseService.java
@@ -1,35 +1,41 @@
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
  * Copyright (c) 2002 - 2007 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
  * Getting Source ==============
- * 
- * Source for this application is maintained at code.google.com, a repository for free software
- * projects.
- * 
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
  * For details, please see http://code.google.com/p/webgoat/
  */
 package org.owasp.webgoat.service;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
+import org.owasp.webgoat.controller.Welcome;
 import org.owasp.webgoat.session.WebSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -43,23 +49,26 @@ import org.springframework.web.bind.annotation.ResponseStatus;
 @RequestMapping("/service")
 public abstract class BaseService {
 
+    final Logger logger = LoggerFactory.getLogger(BaseService.class);
+
     @ExceptionHandler(Exception.class)
     @ResponseStatus(value = HttpStatus.I_AM_A_TEAPOT)
     public @ResponseBody
     ExceptionInfo handleException(HttpServletRequest request, Exception ex) {
-
+        String url = request.getRequestURL().toString();
+        logger.error("Exception handler for service caught exception when processing: " + url, ex);
         ExceptionInfo response = new ExceptionInfo();
-        response.setUrl(request.getRequestURL().toString());
-        response.setMessage(ex.getMessage());
+        response.setUrl(url);
+        response.setMessage(ex.toString());
 
         return response;
     }
 
-    public WebSession getWebSesion(HttpSession session) {
+    public WebSession getWebSession(HttpSession session) {
         WebSession ws;
         Object o = session.getAttribute(WebSession.SESSION);
         if (o == null || !(o instanceof WebSession)) {
-            throw new IllegalArgumentException("No valid session object found, has session timed out?");
+            throw new IllegalArgumentException("No valid session object found, has session timed out? [" + session.getId() + "]");
         }
         ws = (WebSession) o;
         return ws;
diff --git a/java/org/owasp/webgoat/service/CookieService.java b/java/org/owasp/webgoat/service/CookieService.java
index d37632319..c113763dc 100644
--- a/java/org/owasp/webgoat/service/CookieService.java
+++ b/java/org/owasp/webgoat/service/CookieService.java
@@ -54,7 +54,7 @@ public class CookieService extends BaseService {
     @RequestMapping(value = "/cookie.mvc", produces = "application/json")
     public @ResponseBody
     List<Cookie> showCookies(HttpSession session) {
-        WebSession ws = getWebSesion(session);
+        WebSession ws = getWebSession(session);
         List<Cookie> cookies = ws.getCookiesOnLastRequest();
         return cookies;
     }
diff --git a/java/org/owasp/webgoat/service/HintService.java b/java/org/owasp/webgoat/service/HintService.java
index 5cbb48679..0a8e0e2c2 100644
--- a/java/org/owasp/webgoat/service/HintService.java
+++ b/java/org/owasp/webgoat/service/HintService.java
@@ -32,7 +32,7 @@ public class HintService extends BaseService {
     public @ResponseBody
     List<Hint> showHint(HttpSession session) {
         List<Hint> listHints = new ArrayList<Hint>();
-        WebSession ws = getWebSesion(session);
+        WebSession ws = getWebSession(session);
         AbstractLesson l = ws.getCurrentLesson();
         if (l == null) {
             return listHints;
diff --git a/java/org/owasp/webgoat/service/LessonMenuService.java b/java/org/owasp/webgoat/service/LessonMenuService.java
index 30e0f51cd..c15a3ed46 100644
--- a/java/org/owasp/webgoat/service/LessonMenuService.java
+++ b/java/org/owasp/webgoat/service/LessonMenuService.java
@@ -58,9 +58,9 @@ public class LessonMenuService extends BaseService {
     public @ResponseBody
     List<LessonMenuItem> showLeftNav(HttpSession session) {
         List<LessonMenuItem> menu = new ArrayList<LessonMenuItem>();
-        WebSession ws = getWebSesion(session);
+        WebSession ws = getWebSession(session);
         // Get the categories, these are the main menu items
-        Course course = ((Course) session.getAttribute("course"));
+        Course course = ws.getCourse();
         List<Category> categories = course.getCategories();
 
         for (Category category : categories) {
diff --git a/java/org/owasp/webgoat/service/LessonPlanService.java b/java/org/owasp/webgoat/service/LessonPlanService.java
new file mode 100644
index 000000000..582ebcd95
--- /dev/null
+++ b/java/org/owasp/webgoat/service/LessonPlanService.java
@@ -0,0 +1,94 @@
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+package org.owasp.webgoat.service;
+
+import javax.servlet.http.HttpSession;
+import static org.owasp.webgoat.LessonSource.END_SOURCE_SKIP;
+import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.model.SourceListing;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class LessonPlanService extends BaseService {
+
+    /**
+     * Returns source for current attack
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/lessonplan.mvc", produces = "application/json")
+    public @ResponseBody
+    SourceListing showSource(HttpSession session) {
+        WebSession ws = getWebSession(session);
+        String source = getSource(ws);
+        SourceListing sl = new SourceListing();
+        sl.setSource(source);
+        return sl;
+    }
+
+    /**
+     * Description of the Method
+     *
+     * @param s Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected String getSource(WebSession s) {
+
+        String source = null;
+        int scr = s.getCurrentScreen();
+        Course course = s.getCourse();
+
+        if (s.isUser() || s.isChallenge()) {
+
+            AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
+
+            if (lesson != null) {
+                source = lesson.getRawSource(s);
+            }
+        }
+        if (source == null) {
+            return "Source code is not available. Contact "
+                    + s.getWebgoatContext().getFeedbackAddressHTML();
+        }
+        return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
+                "Code Section Deliberately Omitted"));
+    }
+}
diff --git a/java/org/owasp/webgoat/service/ParameterService.java b/java/org/owasp/webgoat/service/ParameterService.java
index a4b54e3b0..26b6c597b 100644
--- a/java/org/owasp/webgoat/service/ParameterService.java
+++ b/java/org/owasp/webgoat/service/ParameterService.java
@@ -62,7 +62,7 @@ public class ParameterService extends BaseService {
     public @ResponseBody
     List<RequestParameter> showParameters(HttpSession session) {
         List<RequestParameter> listParms = new ArrayList<RequestParameter>();
-        WebSession ws = getWebSesion(session);
+        WebSession ws = getWebSession(session);
         listParms = ws.getParmsOnLastRequest();
         Collections.sort(listParms);
         return listParms;
diff --git a/java/org/owasp/webgoat/service/SessionService.java b/java/org/owasp/webgoat/service/SessionService.java
new file mode 100644
index 000000000..6d5810e5b
--- /dev/null
+++ b/java/org/owasp/webgoat/service/SessionService.java
@@ -0,0 +1,57 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.service;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class SessionService extends BaseService {
+
+    /**
+     * Returns hints for current lesson
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/session.mvc", produces = "application/json")
+    public @ResponseBody
+    String showSession(HttpServletRequest request, HttpSession session) {
+        StringBuilder sb = new StringBuilder();
+        sb.append("id").append(" = ").append(session.getId()).append("\n");
+        sb.append("created").append(" = ").append(new Date(session.getCreationTime())).append("\n");
+        sb.append("last access").append(" = ").append(new Date(session.getLastAccessedTime())).append("\n");
+        sb.append("timeout (secs)").append(" = ").append(session.getMaxInactiveInterval()).append("\n");
+        sb.append("session from cookie?").append(" = ").append(request.isRequestedSessionIdFromCookie()).append("\n");
+        sb.append("session from url?").append(" = ").append(request.isRequestedSessionIdFromURL()).append("\n");
+        sb.append("=====================================\n");
+        // get attributes
+        List<String> attributes = new ArrayList<String>();
+        Enumeration keys = session.getAttributeNames();
+        while (keys.hasMoreElements()) {
+            String name = (String) keys.nextElement();
+            attributes.add(name);
+        }
+        Collections.sort(attributes);
+        for (String attribute : attributes) {
+            String value = session.getAttribute(attribute) + "";
+            sb.append(attribute).append(" = ").append(value).append("\n");
+        }
+        return sb.toString();
+    }
+}
diff --git a/java/org/owasp/webgoat/service/SolutionService.java b/java/org/owasp/webgoat/service/SolutionService.java
new file mode 100644
index 000000000..53a72baa0
--- /dev/null
+++ b/java/org/owasp/webgoat/service/SolutionService.java
@@ -0,0 +1,85 @@
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+package org.owasp.webgoat.service;
+
+import javax.servlet.http.HttpSession;
+import static org.owasp.webgoat.LessonSource.END_SOURCE_SKIP;
+import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.model.SourceListing;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class SolutionService extends BaseService {
+
+    /**
+     * Returns solution for current attack
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/solution.mvc", produces = "text/html")
+    public @ResponseBody
+    String showSolution(HttpSession session) {
+        WebSession ws = getWebSession(session);
+        String source = getSolution(ws);
+        return source;
+    }
+
+    protected String getSolution(WebSession s) {
+
+        String source = null;
+        int scr = s.getCurrentScreen();
+        Course course = s.getCourse();
+
+        if (s.isUser() || s.isChallenge()) {
+
+            AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
+
+            if (lesson != null) {
+                source = lesson.getSolution(s);
+            }
+        }
+        if (source == null) {
+            return "Solution  is not available. Contact "
+                    + s.getWebgoatContext().getFeedbackAddressHTML();
+        }
+        return (source);
+    }
+}
diff --git a/java/org/owasp/webgoat/service/SourceService.java b/java/org/owasp/webgoat/service/SourceService.java
index 5b3baf157..8f6b1f3f1 100644
--- a/java/org/owasp/webgoat/service/SourceService.java
+++ b/java/org/owasp/webgoat/service/SourceService.java
@@ -57,7 +57,7 @@ public class SourceService extends BaseService {
     @RequestMapping(value = "/source.mvc", produces = "application/json")
     public @ResponseBody
     SourceListing showSource(HttpSession session) {
-        WebSession ws = getWebSesion(session);
+        WebSession ws = getWebSession(session);
         String source = getSource(ws);
         SourceListing sl = new SourceListing();
         sl.setSource(source);
diff --git a/java/org/owasp/webgoat/session/WebSession.java b/java/org/owasp/webgoat/session/WebSession.java
index da43f4ef5..2cd5e7a91 100644
--- a/java/org/owasp/webgoat/session/WebSession.java
+++ b/java/org/owasp/webgoat/session/WebSession.java
@@ -92,6 +92,8 @@ public class WebSession {
      */
     public final static String COLOR = "color";
 
+    public final static String COURSE = "course";
+
     /**
      * Description of the Field
      */
diff --git a/resources/log4j.properties b/resources/log4j.properties
index 9efb1064a..734eb76c8 100644
--- a/resources/log4j.properties
+++ b/resources/log4j.properties
@@ -1,4 +1,5 @@
-log4j.rootLogger=DEBUG, MAIN_LOG, ERROR_LOG
+log4j.rootLogger=DEBUG, MAIN_LOG
+#log4j.rootLogger=DEBUG, MAIN_LOG, ERROR_LOG
 
 # MAIN - everything gets logged here
 log4j.appender.MAIN_LOG=org.apache.log4j.RollingFileAppender
diff --git a/webapp/WEB-INF/pages/layouts/genericLesson.jsp b/webapp/WEB-INF/pages/layouts/genericLesson.jsp
deleted file mode 100644
index 2c2896489..000000000
--- a/webapp/WEB-INF/pages/layouts/genericLesson.jsp
+++ /dev/null
@@ -1,70 +0,0 @@
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles"%>
-<%@ page 
-	language="java" 
-	contentType="text/html; charset=UTF-8"
-    pageEncoding="UTF-8"
-    import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*" 
-	errorPage=""
-	isELIgnored="false" %>
-	   
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-	<head>
-		<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-		<title><tiles:insertAttribute name="title-content" /></title>
-		<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
-		<link rel="stylesheet" href="css/lesson.css" type="text/css" />
-		<link rel="stylesheet" href="css/menu.css" type="text/css" />
-		<link rel="stylesheet" href="css/layers.css" type="text/css" />
-		<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
-		<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
-		<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
-		<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
-		<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
-	</head>
-	
-	<body>
-		<%
-		Course course = ((Course)session.getAttribute("course"));
-		WebSession webSession = ((WebSession)session.getAttribute("websession"));
-		
-		// pcs 8/29/2012 - HACK  
-		// 
-		// Legacy lessons result in a call to WebSession.update().  Among other things, that call
-		// sets the previous and current screens.  The latter determines the title that is displayed 
-		// in the webgoat banner.  
-		//
-		// The new Spring-MVC jsps, among which is this genericLesson.jsp, are loaded via our dispatcher servlet
-		// and does not pass through the code path that results in that update() call.  
-		// 
-		// As a result, we must call update() explicitly here.  If we refactor away that legacy code as part
-		// of webgoat 6 development, we will need to get rid of the call below.
-		//
-		webSession.update(request, response, "genericLesson");
-		AbstractLesson currentLesson = webSession.getCurrentLesson();
-		%>
-		
-		<div id="header-style"><tiles:insertAttribute name="header-content" /></div>
-		<div><tiles:insertAttribute name="menu-content" /></div>
-		<div id="lessonTitle" align="right"><%= currentLesson.getTitle() %></div>
-		<div id="primary-style"">
-			<div id="lessonArea">			
-				<tiles:insertAttribute name="hints-params-cookies" />
-				<div id="twoCol">
-			 	 	<div id="menuSpacer"></div>
-			 	 	<div id="lessonAreaTop">	 	 	
-					    <div id="training_wrap">
-							<div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=WebGoatI18N.get("SolutionVideos")%></a></div>
-							<div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=WebGoatI18N.get("RestartLesson")%></a></div>
-						</div>
-					</div>
-				</div>	
-				<div id="lessonContent">
-					<tiles:insertAttribute name="primary-content" />
-				</div>
-			</div>
-		</div>	
-		<div id="footer-style"><tiles:insertAttribute name="footer-content" /></div>
-	</body>
-</html>
\ No newline at end of file
diff --git a/webapp/WEB-INF/pages/lessons/httpBasics.jsp b/webapp/WEB-INF/pages/lessons/httpBasics.jsp
deleted file mode 100644
index 4a4284e64..000000000
--- a/webapp/WEB-INF/pages/lessons/httpBasics.jsp
+++ /dev/null
@@ -1,77 +0,0 @@
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles"%>
-<%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
-<%@ page 
-	language="java" 
-	contentType="text/html; charset=UTF-8"
-    pageEncoding="UTF-8"
-    import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.AbstractLesson" 
-	errorPage=""
-	isELIgnored="false" %>
-	 
- <div id="lessonPlans" style="visibility:hidden; height:1px; position:absolute; left:260px; top:130px; width:425px; z-index:105;">
- 	<div align="Center"> 
-		<p><b>Lesson Plan Title:</b> Http Basics </p>
-		</div>
-		<p><b>Concept / Topic To Teach:</b> </p>
-	This lesson presents the basics for understanding the transfer of data between the browser and the web application.<br>
-	
-	<div align="Left"> 
-		<p>
-			<b>How HTTP works:</b>
-		</p>
-		All HTTP transactions follow the same general format. Each client request and server response has three parts:  the request or response line, a header section, and the entity body. The client initiates a transaction as follows: <br>
-		<br>
-		The client contacts the server and sends a document request <br>
-	</div>
-	<br>
-
-	<ul>GET /index.html?param=value HTTP/1.0</ul>
-	Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.<br>
-	<br>
-	<ul>User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*</ul>
-	After sending the request and headers, the client may send additional data. This data is mostly used by CGI programs using the POST method.<br>
-	<p><b>General Goal(s):</b> </p>
-	<%-- Start Instructions --%>	
-	Enter your name in the input field below and press "go" to submit. The server will accept the request, reverse the input, and display it back to the user, illustrating the basics of handling an HTTP request.
-	<br/><br/>
-	The user should become familiar with the features of WebGoat by manipulating the above 
-	buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using WebScarab for the first time.
-	<%-- Stop Instructions --%>
-
-	<br/>
-	<br/>
-	<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down','group1','plans','',1)">Close this Window</a>
-</div>
- 
- 
-<%
-	Course course = ((Course)session.getAttribute("course"));
-	WebSession webSession = ((WebSession)session.getAttribute("websession"));
-%>	 
- 
- <%--
-	This form posts to httpBasics.do.  However, we must append the "menu" request parameter in order
-	for the current submenu to display properly, hence the getLink() call to build the form's 
-	action attribute below. 
-  --%>
- <form:form method="POST" action="<%= webSession.getCurrentLesson().getLink() %>">
- 	<p>
- 		Enter your name in the input field below and press "go" to submit. 
- 		The server will accept the request, reverse the input, and display it back to the user, 
- 		illustrating the basics of handling an HTTP request.
- 	</p> 
-		
-	<p>
-		The user should become familiar with the features of WebGoat by manipulating 
-		the above buttons to view hints, show the HTTP request parameters, 
-		the HTTP request cookies, and the Java source code. 
-		You may also try using WebScarab for the first time.
-	</p>
-
-	<p>
-		Enter your name: 
-		<form:input path="personName" />
-		<input name="SUBMIT" type="SUBMIT" value="Go!"/>
-	</p>
-</form:form>
diff --git a/webapp/WEB-INF/pages/sections/footer.jsp b/webapp/WEB-INF/pages/sections/footer.jsp
deleted file mode 100644
index 4f330d11b..000000000
--- a/webapp/WEB-INF/pages/sections/footer.jsp
+++ /dev/null
@@ -1,7 +0,0 @@
-<div id="bottom">
-	<div align="center">
-		<a href="http://www.owasp.org">OWASP Foundation</a> | 
-		<a href="http://www.owasp.org/index.php/OWASP_WebGoat_Project">Project WebGoat</a> | 
-		<a href="reportBug.jsp">Report Bug</a>
-	</div>
-</div>
\ No newline at end of file
diff --git a/webapp/WEB-INF/pages/sections/header.jsp b/webapp/WEB-INF/pages/sections/header.jsp
deleted file mode 100644
index 68072d255..000000000
--- a/webapp/WEB-INF/pages/sections/header.jsp
+++ /dev/null
@@ -1,2 +0,0 @@
-<div id="top"/>
-<div id="topLeft">
\ No newline at end of file
diff --git a/webapp/WEB-INF/pages/sections/hintsParamsAndCookies.jsp b/webapp/WEB-INF/pages/sections/hintsParamsAndCookies.jsp
deleted file mode 100644
index aaf05658f..000000000
--- a/webapp/WEB-INF/pages/sections/hintsParamsAndCookies.jsp
+++ /dev/null
@@ -1,45 +0,0 @@
-<%@ page 
-	language="java" 
-	contentType="text/html; charset=UTF-8"
-    pageEncoding="UTF-8"
-    import="java.util.Iterator, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*" 
-	errorPage=""
-	isELIgnored="false" %>
-
-<%
-Course course = ((Course)session.getAttribute("course"));
-WebSession webSession = ((WebSession)session.getAttribute("websession"));
-AbstractLesson currentLesson = webSession.getCurrentLesson();
-
-if (webSession.getHint() != null)
-{
-%>
-	<div id="hint" class="info"> <%= webSession.getHint() %> </div><br>
-<%	
-}
-
-if (webSession.getParams() != null)
-{
-	Iterator i = webSession.getParams().iterator();
-	while (i.hasNext())
-	{
-		Parameter p = (Parameter) i.next();
-%>		
-		<div id="parameter" class="info"> <%= p.getName()%> = <%= p.getValue() %></div><br>
-<%		
-	}
-}
-
-
-if (webSession.getCookies() != null)
-{
-	Iterator i = webSession.getCookies().iterator();
-	while (i.hasNext())
-	{
-		Cookie c = (Cookie) i.next();
-%>		
-		<div id="cookie" class="info"> <%= c.getName() %> <img src="images/icons/rightArrow.jpg" alt="\"><%= c.getValue() %></div><br>
-<%
-	}
-}
-%>
\ No newline at end of file
diff --git a/webapp/WEB-INF/pages/sections/menu.jsp b/webapp/WEB-INF/pages/sections/menu.jsp
deleted file mode 100644
index aa192f9cb..000000000
--- a/webapp/WEB-INF/pages/sections/menu.jsp
+++ /dev/null
@@ -1,202 +0,0 @@
-<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
-	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*" 
-	errorPage=""  %>
-<%
-Course course = ((Course)session.getAttribute("course"));
-WebSession webSession = ((WebSession)session.getAttribute("websession"));
-AbstractLesson currentLesson = webSession.getCurrentLesson();
-%>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
-<html xmlns="http://www.w3.org/1999/xhtml">
-
-
-<%
-final String menuPrefix = WebSession.MENU;
-final String submenuPrefix = "submenu";
-final String mbutPrefix = "mbut";
-String printHint = "";
-String printParameters = "";
-String printCookies = "";
-String lessonComplete = "<img src=\"images/buttons/lessonComplete.jpg\">";
-
-List categories = course.getCategories();
-
-StringBuffer buildList = new StringBuffer();
-
-	Iterator iter1 = categories.iterator();
-    while(iter1.hasNext())
-    {
-        Category category = (Category)iter1.next();
-        
-        buildList.append("'");
-        buildList.append(menuPrefix);
-        buildList.append(category.getRanking());
-        buildList.append("','");
-        buildList.append(submenuPrefix);
-        buildList.append(category.getRanking());
-        buildList.append("','");
-        buildList.append(mbutPrefix);
-        buildList.append(category.getRanking());
-        buildList.append("'");
-        
-        if (iter1.hasNext())
-        		buildList.append(",");
-    }%>
-<body class="page" onload="setMenuMagic1(10,40,10,'menubottom',<%=buildList%>);trigMM1url('<%= menuPrefix %>',1);MM_preloadImages('images/buttons/hintLeftOver.jpg','images/buttons/hintOver.jpg','images/buttons/hintRightOver.jpg','images/buttons/paramsOver.jpg','images/buttons/htmlOver.jpg','images/buttons/cookiesOver.jpg','images/buttons/javaOver.jpg','images/buttons/plansOver.jpg','images/buttons/logout.jpg','images/buttons/helpOver.jpg'); initIframe();">
-
-	<div id="wrap">
-	<%
-	int topCord = 140;
-	int zIndex = 105;
-	
-		Iterator iter2 = categories.iterator();
-		while(iter2.hasNext())
-		{
-		    Category category = (Category)iter2.next();
-		%>
-		<div id="<%=menuPrefix + category.getRanking()%>" style="position:absolute; left:30px; top:<%=topCord%>px; width:160px; z-index:<%=zIndex%>"><a href="javascript:;" onclick="trigMenuMagic1('<%=menuPrefix + category.getRanking()%>',1);return false" onfocus="if(this.blur)this.blur()"><img src="images/menu_images/1x1.gif" width="1" height=1"20" name="mbut<%=category.getRanking()%>" border="0" alt=""/><%=category.getName()%></a></div>
-		<%
-		topCord=topCord + 30;
-		zIndex=zIndex + 1;
-		}
-		
-			int topSubMenu = 72;
-		
-			Iterator iter3 = categories.iterator();
-			while(iter3.hasNext())
-			{		    
-			    	Category category = (Category)iter3.next();
-				List lessons = webSession.getLessons(category);
-			    Iterator iter4 = lessons.iterator();
-			%>    
-		<div id="submenu<%=category.getRanking()%>" class="pviimenudiv" style="position:absolute; left:200px; top:<%=topSubMenu%>px; width:150px; visibility: hidden; z-index:<%=zIndex%>">
-	  		<table width="150" border="0" cellspacing="6" cellpadding="0"><%
-
-	  		topSubMenu=topSubMenu+30;
-			zIndex=zIndex + 1;
-			
-		  	while(iter4.hasNext())
-			{		  	    
-		    		AbstractLesson lesson = (AbstractLesson)iter4.next();
-		    
-			%><tr>
-	      		<td><%=(lesson.isCompleted(webSession) ? lessonComplete : "")%><a href="<%=lesson.getLink()%>"><%=lesson.getTitle()%></a></td>
-	    		</tr>
-	    		<% if (lesson instanceof RandomLessonAdapter) {
-					RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
-					String[] stages = rla.getStages();
-					if (stages != null)
-					for (int i=0; i<stages.length; i++) {
-	    		%>
-			    		<tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i+1) %>">Stage <%=i+1%>: <%=stages[i] %></a>
-						</td></tr>
-				<% 
-					}
-				}
-				%>
-			<%
-			}
-			%>
-	  		</table>
-		</div><%
-			}%>
-		<div id="top"></div>
-		<div id="topLeft">
-		<div align="left">
-		<% if (currentLesson.getAvailableLanguages().size() != 0 ) 
-		{
-		%>
-		<form method="get" action="attack" style="display: inline;">
-		Choose another language: <select name="language" size="1"
-			onChange="changeLanguage();">
-			<%
-					  			for(String lang: currentLesson.getAvailableLanguages()){
-					  				%>
-			<option value="<%=lang%>"
-				<% if(webSession.getCurrrentLanguage().equals(lang)) out.println("selected" );%>><%=lang%>
-			</option>
-			<%
-					  					
-					  			}
-			%>
-		</select></form>
-		<%
-		} else {
-		%>
-			Internationalization is not available for this lesson
-		<%
-		}
-		%>
-		</div></div>
-		<div align="right" id="topRight">
-		<a href="attack?action=Logout" onmouseout="MM_swapImgRestore()"
-			onmouseover="MM_swapImage('logout','','images/buttons/logoutOver.jpg',1)"><img
-			src="images/buttons/logout.jpg" alt="LogOut" name="logout" width="45"
-			height="22" border="0" id="logout" /></a> <a href="#getFAQ()"
-			onmouseout="MM_swapImgRestore()"
-			onmouseover="MM_swapImage('help','','images/buttons/helpOver.jpg',1)"><img
-			src="images/buttons/help.jpg" alt="Help" name="help" width="22"
-			height="22" border="0" id="help" /></a>
-		</div>
-			<div id="hMenuBar">
-				<% 
-				if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWHINTS))
-				{
-				%>
-				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=PreviousHint" target="_top" onclick="MM_nbGroup('down','group1','hintLeft','',1)" 
-				onmouseover="MM_nbGroup('over','hintLeft','images/buttons/hintLeftOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/hintLeft.jpg" alt="Previous Hint" name="hintLeft" width="20" height="20" border="0" id="hintLeft"/>
-				</a>
-				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=NextHint" target="_top" onclick="MM_nbGroup('down','group1','hint','',1)" 
-				onmouseover="MM_nbGroup('over','hint','images/buttons/hintOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/hint.jpg" alt="Hints" name="hint" width="35" height="20" border="0" id="hint"/>
-				</a>
-				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=NextHint" target="_top" onclick="MM_nbGroup('down','group1','hintRight','',1)" 
-				onmouseover="MM_nbGroup('over','hintRight','images/buttons/hintRightOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/hintRight.jpg" alt="Next Hint" name="hintRight" width="20" height="20" border="0" id="hintRight"/>
-				</a>
-				<%}%>
-				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Params" target="_top" onclick="MM_nbGroup('down','group1','params','',1)" 
-				onmouseover="MM_nbGroup('over','params','images/buttons/paramsOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink() %>&show=Params" width="87" height="20" border="0" id="params"/>
-				</a>
-				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Cookies" target="_top" onclick="MM_nbGroup('down','group1','cookies','',1)" 
-				onmouseover="MM_nbGroup('over','cookies','images/buttons/cookiesOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/cookies.jpg" alt="Show Cookies" name="cookies" width="99" height="20" border="0" id="cookies"/>
-				</a>
-				<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down','group1','plans','',1)" 
-				onmouseover="MM_nbGroup('over','plans','images/buttons/plansOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/plans.jpg" alt="Lesson Plans" width="89" height="20" border="0" id="plans"/>
-				</a>
-				<% 
-				if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWSOURCE))
-				{
-				%>
-				<a href="source" onclick="makeWindow(this.href+ '?source=true', 'Java Source');return false;" target="javaWin"
-				onmouseover="MM_nbGroup('over','java','images/buttons/javaOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/java.jpg" alt="Show Java" name="java" width="75" height="20" border="0" id="java"/>
-				</a>
-				<a href="source" onclick="makeWindow(this.href + '?solution=true', 'Java Solution');return false;" target="javaWin"
-				onmouseover="MM_nbGroup('over','solutions','images/buttons/solutionsOver.jpg','',1)" 
-				onmouseout="MM_nbGroup('out')">
-				<img src="images/buttons/solutions.jpg" alt="Show Solution" name="solutions" width="73" height="20" border="0" id="solutions"/>
-				</a>
-				<%}%>
-								
-			</div>
-			<div id="twoCol">
-	 	 	<div id="menuSpacer"></div>
-
-	  	</div>
-	</div>
-</body>
-</html>
diff --git a/webapp/WEB-INF/tiles-context.xml b/webapp/WEB-INF/tiles-context.xml
deleted file mode 100644
index c4f1dccc7..000000000
--- a/webapp/WEB-INF/tiles-context.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-	xmlns:p="http://www.springframework.org/schema/p" 
-	xsi:schemaLocation="
-		http://www.springframework.org/schema/beans 
-		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
-
-	<!--
-	Note: 
-		Spring 3.0 requires Tiles 2.1.2 or above, with explicit support for Tiles 2.2. 
-		Tiles 2.1's EL support will be activated by default when running on JSP 2.1 or above 
-		and when the Tiles EL module is present in the classpath. 
-	
-	See: 
-		JIRA report for TilesViewResolver 2: https://jira.springsource.org/browse/SPR-5689
-		Apache Tiles 2: http://tiles.apache.org/
-	-->
-	
-	<!-- Convenience subclass of UrlBasedViewResolver that supports TilesView (i.e. Tiles definitions) and custom subclasses of it. -->
-	<!-- Don't forget to set the order if you declared other ViewResolvers -->
-	<!-- See http://static.springsource.org/spring/docs/3.0.x/javadoc-api/org/springframework/web/servlet/view/tiles2/TilesViewResolver.html  -->
-	<bean id="tilesviewResolver" class="org.springframework.web.servlet.view.tiles2.TilesViewResolver" 
-			p:order="0"/>
-	
-	<!-- Helper class to configure Tiles 2.x for the Spring Framework -->
-	<!-- See http://static.springsource.org/spring/docs/3.0.x/javadoc-api/org/springframework/web/servlet/view/tiles2/TilesConfigurer.html -->
-	<!-- The actual tiles templates are in the tiles-definitions.xml -->
-	<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
-		<property name="definitions">
-			<list>
-				<value>/WEB-INF/tiles-definitions.xml</value>
-			</list>
-		</property>
-	</bean> 
-	
-</beans>
\ No newline at end of file
diff --git a/webapp/WEB-INF/tiles-definitions.xml b/webapp/WEB-INF/tiles-definitions.xml
deleted file mode 100644
index 3f63bb5e7..000000000
--- a/webapp/WEB-INF/tiles-definitions.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE tiles-definitions PUBLIC 
-	"-//Apache Software Foundation//DTD Tiles Configuration 2.1//EN" 
-	"http://tiles.apache.org/dtds/tiles-config_2_1.dtd">       
-<tiles-definitions>
-
-    <!-- template for generic lessons -->
-	<definition name="generic-lesson" template="/WEB-INF/pages/layouts/genericLesson.jsp">
-		<put-attribute name="header-content" value="/WEB-INF/pages/sections/header.jsp" />
-		<put-attribute name="title-content" cascade="true" value="" />
-		<put-attribute name="menu-content" value="/WEB-INF/pages/sections/menu.jsp" />
-		<put-attribute name="hints-params-cookies" value="/WEB-INF/pages/sections/hintsParamsAndCookies.jsp" />
-		<put-attribute name="primary-content" value="" />
-		<put-attribute name="footer-content" value="/WEB-INF/pages/sections/footer.jsp" />
-	</definition>
-	
-	<!-- vulnerability-specific lesson pages -->
-	<definition name="http-basics" extends="generic-lesson">
-		<put-attribute name="title-content" cascade="true" value="HTTP Basics"/>
-		<put-attribute name="primary-content" value="/WEB-INF/pages/lessons/httpBasics.jsp" />
-	</definition>	
-	
-</tiles-definitions>
\ No newline at end of file
diff --git a/webapp/WEB-INF/web.xml b/webapp/WEB-INF/web.xml
index 70357eb93..52ab6756b 100644
--- a/webapp/WEB-INF/web.xml
+++ b/webapp/WEB-INF/web.xml
@@ -156,13 +156,13 @@
       </init-param>
       
       <init-param>
-      		<!-- Specify an address where you would like comments to be sent.  -->
-      		<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
-      		<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For 
-      			 example, replace "<" with "&lt;" and ">" with "&gt;". -->
+            <!-- Specify an address where you would like comments to be sent.  -->
+            <!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
+            <!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For 
+                     example, replace "<" with "&lt;" and ">" with "&gt;". -->
             <param-name>FeedbackAddress</param-name>
             <param-value>
-				&lt;A HREF=mailto:webgoat@owasp.org&gt;webgoat@owasp.org&lt;/A&gt;
+		&lt;A HREF=mailto:webgoat@owasp.org&gt;webgoat@owasp.org&lt;/A&gt;
             </param-value>
       </init-param>
       
@@ -179,15 +179,11 @@
             The string "${USER}" in the connection string will be replaced by the active username
             when making a connection.
              -->
-            <param-value>
-				jdbc:hsqldb:mem:${USER}
-		    </param-value>
+            <param-value>jdbc:hsqldb:mem:${USER}</param-value>
       </init-param>
 
       <!-- Load this servlet at server startup time -->
-
       <load-on-startup>5</load-on-startup>
-
     </servlet>
 
 
@@ -245,8 +241,6 @@
   <!-- end spring security -->
    
 
-    
-    
     <!-- Define mappings that are used by the servlet container to
          translate a particular request URI (context-relative) to a
          particular servlet.  The examples below correspond to the
@@ -318,7 +312,6 @@
          in minutes.  From a servlet or JSP page, you can modify
          the timeout for a particular session dynamically by using
          HttpSession.getMaxInactiveInterval(). -->
-
     <session-config>
     	<!-- 2 days -->
         <session-timeout>2880</session-timeout>
@@ -333,75 +326,5 @@
         <welcome-file>login.mvc</welcome-file>
     </welcome-file-list>
 
-	<!-- Define reference to the user database for looking up roles -->
-        <!--
-	<resource-env-ref>
-	    <description>
-	      Link to the UserDatabase instance from which we request lists of
-	      defined role names.  Typically, this will be connected to the global
-	      user database with a ResourceLink element in server.xml or the context
-	      configuration file for the Manager web application.
-	    </description>
-	    <resource-env-ref-name>users</resource-env-ref-name>
-	    <resource-env-ref-type>
-	      org.apache.catalina.UserDatabase
-	    </resource-env-ref-type>
-	</resource-env-ref>
-	-->
-
-	<!-- Define a Security Constraint on this Application -->
-        <!--
-	<security-constraint>
-	    <web-resource-collection>
-	      <web-resource-name>WebGoat Application</web-resource-name>
-	      <url-pattern>/*</url-pattern>
-	    </web-resource-collection>
-	    <auth-constraint>
-	       <role-name>webgoat_user</role-name>
-	       <role-name>webgoat_admin</role-name>
-	       <role-name>webgoat_challenge</role-name>
-	    </auth-constraint>
-	</security-constraint>
-	
-	<security-constraint>
-	    <web-resource-collection>
-	      <web-resource-name>WebGoat Application Source</web-resource-name>
-	      <url-pattern>/JavaSource/*</url-pattern>
-	    </web-resource-collection>
-	    <auth-constraint>
-	       <role-name>server_admin</role-name>
-	    </auth-constraint>
-	</security-constraint>
-   -->
-	
-	<!-- Login configuration uses BASIC authentication -->
-        <!--
-	<login-config>
-	    <auth-method>BASIC</auth-method>
-	    <realm-name>WebGoat Application</realm-name>
-	</login-config>
-	-->
-	<!-- Security roles referenced by this web application -->
-        <!--
-	<security-role>
-	    <description>The role that is required to administrate WebGoat</description>
-	    <role-name>webgoat_admin</role-name>
-	</security-role>
-	
-	<security-role>
-	    <description>The role that is required to start the challenge log viewer</description>
-	    <role-name>webgoat_challenge</role-name>
-	</security-role>
-
-	<security-role>
-	    <description>The role that is required to use WebGoat</description>
-	    <role-name>webgoat_user</role-name>
-	</security-role>
-
-            <security-role>
-                <description>This role is for admins only</description>
-                <role-name>server_admin</role-name>
-            </security-role>
-    -->
 </web-app>