Highlighted important parts of text and expanded the CIA explanations.

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content10.adoc

@@ -1,8 +1,13 @@
 == Compromising Availability
 After successfully compromising confidentiality and integrity in the previous lessons, we now are going to compromise the third element of the CIA-Triad: *availability*.
 
+The are many different ways to violate the ensurement of availability.
+If an account is deleted or the password gets changed, the actual owner cannot access it anymore.
+Attackers could also try to delete parts of the database making it useless or even dropping the whole database.
+Another way to compromise availability would be to per example revoke access-rights from admins or any other users, so that nobody gets access to (specific parts of) the database.
+
 === It's your turn!
-Now you're the top earner in your company.
+Now you are the top earner in your company.
 But do you see that?
-There seems to be a access_log table, where all your actions have been logged to! +
-Better go and delete it quickly before anyone notices.
+There seems to be a *access_log* table, where all your actions have been logged to! +
+Better go and _delete it_ quickly before anyone notices.

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc

@@ -1,22 +1,25 @@
 == Compromising confidentiality with String SQL Injection
 If a system is vulnerable to SQL-Injections it is also easy to compromise aspects of the CIA-Triad.
-In the following three lessons, you will learn how to use simple SQL-Injection attacks to compromise each of the three by using SQL String and Numeric Injections, as well as query chaining.
+In the following three lessons, you will learn how to use simple SQL-Injection attacks to compromise each of the three. Per example by using _SQL String Injections_ or _query chaining_.
 
-This lesson, we will take a look at confidentiality.
+This lesson, we will take a look at *confidentiality*.
+Confidentiality can easily be compromised if an attacker uses SQL Injection to read sensitive data from the database. For example reading credit card numbers or passwords.
 
 === What's String SQL Injection
 If queries are build dynamically in the application by concatenating strings to it, this makes it very susceptible to String SQL injection. +
-If the input takes a string, then you can easily manipulate the build query by using quotation marks to form the string to your specific needs. You could per example end the string parameter with it and input your own SQL after.
+If the input takes a string and that one gets inserted into the query as a string parameter, then you can easily manipulate the build query by using quotation marks to form the string to your specific needs.
+You could per example end the string parameter with it and input your own SQL after that.
 
 === It's your turn!
-You are an employee named 'John Smith' working for a big company. The company has an internal system that allows all employees to see their own internal data like the department they work in and their salary.
+You are an employee named *John Smith* working for a big company.
+The company has an internal system that allows all employees to see their own internal data, like the department they work in and their salary.
 
-The system requires the employees to use a unique authentication TAN to view their data. +
-Your current TAN is '3SL99A'.
+The system requires the employees to use a unique _authentication TAN_ to view their data. +
+Your current TAN is *3SL99A*.
 
-Since you always have the urge to be the most earning employee you want to exploit the system and instead of viewing your own internal data take a look at the data of all your colleagues to check their current salaries.
+Since you always have the urge to be the most earning employee you want to exploit the system and instead of viewing your own internal data _take a look at the data of all your colleagues_ to check their current salaries.
 
-Use the form below and try to retrieve all the employee data from the employees table. You shouldn't need to know any specific names or TANs to get the information you need. +
+Use the form below and try to retrieve all the employee data from the *employees* table. You shouldn't need to know any specific names or TANs to get the information you need. +
 You already found out that the query performing your request looks like that:
 ------------------------------------------------------------
 "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "';

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content9.adoc

@@ -1,5 +1,7 @@
 == Compromising Integrity with Query Chaining
-After compromising the confidentiality of data in the previous lesson, this time we are gonna compromise the integrity of data by using a SQL query chaining.
+After compromising the confidentiality of data in the previous lesson, this time we are gonna compromise the *integrity* of data by using SQL *query chaining*.
+
+The integrity of any data can be compromised, if an attacker per example changes information that he should not even be able to access.
 
 === What is SQL query chaining?
 Query chaining is exactly what it sounds like. When query chaining, you try to append one or more queries to the end of the actual query.
@@ -8,4 +10,4 @@ You can do this by using the *;* metacharacter which marks the end of a query an
 === It's your turn!
 You just found out that Tobi and Bob both seem to earn more money than you!
 Of course you cannot leave it at that. +
-Better go and change your salary so you're at the earner.
+Better go and _change your own salary so you're earning the most!_