diff --git a/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html b/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html
index fa4928b6e..823c4c045 100644
--- a/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html
+++ b/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html
@@ -11,7 +11,7 @@
 	</div>
 
     <div class="lesson-page-wrapper">
-        <div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntro2.adoc"></div>
+        <div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntro1-old-way.adoc"></div>
     </div>
 
     <div class="lesson-page-wrapper">
diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-browser-button.png b/webgoat-lessons/http-proxies/src/main/resources/images/zap-browser-button.png
new file mode 100644
index 000000000..8537a7202
Binary files /dev/null and b/webgoat-lessons/http-proxies/src/main/resources/images/zap-browser-button.png differ
diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-exclude.png b/webgoat-lessons/http-proxies/src/main/resources/images/zap-exclude.png
new file mode 100644
index 000000000..b063d3ab6
Binary files /dev/null and b/webgoat-lessons/http-proxies/src/main/resources/images/zap-exclude.png differ
diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-old-way.adoc
similarity index 69%
rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc
rename to webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-old-way.adoc
index c8e8da6ce..a6fb8f935 100644
--- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc
+++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-old-way.adoc
@@ -1,21 +1,20 @@
-== HTTP Proxy Setup: The Browser
+== Setting up other HTTP Proxy Tools
 
-*Important: Firefox no longer proxies traffic for localhost (127.0.0.1) due to security reasons*.
-The are two options to bypass this restriction:
+=== Configure the proxy tool
+
+Configure the proxy tool to listen on a free port on your localhost.
+
+=== Configure the browser
+
+*It is important to note that the latest versions of Firefox and Chrome no longer proxy traffic from localhost by default.*
+The are a couple of options to bypass this restriction:
 
 - Use the host name of your machine instead of `localhost`, you can find or add a host name in `/etc/hosts` on Linux and MacOSX and `C:\Windows\System32\drivers\etc` on Windows
-- Set the preference `network.proxy.allow_hijacking_localhost` (accessible through the `about:config` page) must be set to `true.
-
-The first option is the preferred one, but it might be that for some reason you are unable to use this option you can fallback to the second one.
-
-{nbsp} +
+- To proxy localhost (and related addresses) with newer Firefox versions (>= 67) the preference network.proxy.allow_hijacking_localhost (accessible through the about:config page) must be set to true.
+- To proxy localhost (and related addresses) with newer Chrome versions (>= 72) the command line argument --proxy-bypass-list=<-loopback> must be provided.
 
 
-There are many plugins to manage this, but this will show you how to do this manually in Firefox and Chrome.
-This will send all of your traffic to the proxy. Since we haven't set up a trusted cert. yet, that may cause issues with any https requests. More on that in a bit though. Let's stick to basics for now:
-
-
-=== Firefox Proxy Config
+==== Firefox Proxy Config
 
 . Go to your Firefox Preferences (Mac, Linux) or Options (Windows) from the menu.`
 . Select _Advanced_ on the left
@@ -28,7 +27,7 @@ This will send all of your traffic to the proxy. Since we haven't set up a trust
 
 image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesson-image"]
 
-=== Chrome Proxy Config
+==== Chrome Proxy Config
 
 . Bring up Chrome's settings form the menu
 . In the _Search settings_ box type in *proxy* and hit Enter/Return. This should bring up the Network heading with a _Change proxy settings_ button.
@@ -59,4 +58,4 @@ or based on URL patterns. Examples include:
 * FoxyProxy for Firefox
 * Proxy Switcher for Firefox
 * Toggle Proxy for Firefox
-* Still looking for suggestions for Chrome ...
\ No newline at end of file
+* Still looking for suggestions for Chrome ..
\ No newline at end of file
diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc
index 04a0c341e..a269e7cad 100644
--- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc
+++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc
@@ -4,32 +4,15 @@
 Since this is an OWASP project, we'll be using ZAP. If you are comfortable using another proxy (e.g. Burp), you can skip this. Otherwise,
 this will show you how to set up ZAP to act as a proxy on your localhost.
 
-=== Setting up ZAP
+=== Setting up ZAP >= 2.8.0
 
-Once you have 'installed' ZAP (you don't really install it, just unpack it and run it locally), we will need to:
+If you use the latest ZAP version (>= 2.8.0) you only need to start ZAP and click the browser button to be able to
+proxy, see image below:
 
-* Start ZAP
-* Configure the local proxy port
-* Point the browser at the proxy
+image::images/zap-browser-button.png[ZAP Start,style="lesson-image"]
 
-=== Start ZAP
-When ZAP starts, you will be presented with a dialog such as the one below ...
+{nbsp}+
 
-image::images/zap-start.png[ZAP Start,548,256,style="lesson-image"]
 
-=== Set ZAP's port (if running WebGoat locally)
-
-*NOTE*: The following proxy set up is only needed if you are running WebGoat locally. If it's on a remote server, or you are running on
-WebGoat (or any application) that is not using port 8080 locally, you can leave ZAP at it's default. and use 8080, instead of
-8090 when setting up your browser to proxy (next page).
-
-If you are setting up ZAP while running WebGoat locally ...
-
-* Open ZAP
-* Go to Tools >> Options in the menu
-* Select 'Local Proxy' on the left
-* Input 8090 for the 'Port'
-
-*Remember*: If you are not running WebGoat locally, leave this setting alone, skip to the next page and use 8080 instead of 8090
-
-image::images/zap-local-proxy-8090.png[ZAP Proxy Config,750,587,style="lesson-image"]
+To setup a different browser continue to the next page and read how to set it up in section: 'Configure the browser'.
+In all other cases you can skip the next page and continue to the page titled 'Confirm it's working' to check whether it is working.
diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc
index 27e03d7e2..9b7be9df5 100644
--- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc
+++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc
@@ -1,24 +1,32 @@
-=== Exclude WebGoat internal requests
+=== Exclude WebGoat internal requests (ZAP >= 2.8.0)
 
 Before we start diving into intercepting requests with ZAP we need to exclude the internal requests from the WebGoat
 framework otherwise ZAP will also stop at all the requests which are only necessary for the internal working of WebGoat.
 
-Right click on one of the links in history tab and select: `Exclude from -> Proxy`, see image below:
+In the main ZAP window click on Filter, see image below
 
-image::images/zap_exclude.png[Select URL from history,style="lesson-image"]
+image::images/zap-exclude.png[Exclude internal APIs from WebGoat,style="lesson-image"]
 
+{nbsp}
 {nbsp}
 
-A new window will open and add the following entries:
+Then in the `URL Inc Regex` box type:
 
-```
-./WebGoat/service/..mvc
-```
+[source]
+----
+http://localhost:8080/WebGoat/.*
+----
 
-Click Ok to close the window, ZAP will now no longer proxy internal WebGoat requests.
+And in the `URL Exc Regex` box type:
+
+[source]
+----
+.*/WebGoat/service/.*mvc
+----
+
+Click 'Apply to close the window, ZAP will now no longer show internal WebGoat requests.
 
 
-image::images/zap_exclude_url.png[Exclude internal APIs from WebGoat,style="lesson-image"]
 
 
 
diff --git a/webgoat-lessons/sql-injection/src/main/resources/js/assignment12.js b/webgoat-lessons/sql-injection/src/main/resources/js/assignment12.js
index b001e4572..6449be24d 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/js/assignment12.js
+++ b/webgoat-lessons/sql-injection/src/main/resources/js/assignment12.js
@@ -40,7 +40,7 @@ var html = '<tr class="STATUS">' +
     '</tr>';
 
 function getServers(column) {
-    $.get("SqlInjection/servers?column=" + column, function (result, status) {
+    $.get("SqlInjectionMitigations/servers?column=" + column, function (result, status) {
         $("#servers").empty();
         for (var i = 0; i < result.length; i++) {
             var server = html.replace('ID', result[i].id);