From 87a7521dcde2e60e4357c6b3c29ae905971d23a2 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Thu, 2 Nov 2017 14:28:20 +0100
Subject: [PATCH] Adding introduction to WebGoat as the web interface opens
 with WebWolf which is confusing because people thought you needed to download
 WebWolf and start it directly. Feedback received during workshops

---
 webgoat-lessons/pom.xml                       |   1 +
 webgoat-lessons/webgoat-introduction/pom.xml  |  11 +++
 .../pom.xml.versionsBackup                    |  11 +++
 .../webgoat/plugin/WebGoatIntroduction.java   |  63 ++++++++++++++++++
 .../resources/html/WebGoatIntroduction.html   |   8 +++
 .../resources/i18n/WebGoatLabels.properties   |   1 +
 .../src/main/resources/images/wg_logo.png     | Bin 0 -> 4371 bytes
 .../lessonPlans/en/Introduction.adoc          |  21 ++++++
 .../resources/html/WebWolfIntroduction.html   |   2 +-
 ...oduction.adoc => IntroductionWebWolf.adoc} |   3 +
 webgoat-server/pom.xml                        |   5 ++
 11 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 webgoat-lessons/webgoat-introduction/pom.xml
 create mode 100644 webgoat-lessons/webgoat-introduction/pom.xml.versionsBackup
 create mode 100644 webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/plugin/WebGoatIntroduction.java
 create mode 100644 webgoat-lessons/webgoat-introduction/src/main/resources/html/WebGoatIntroduction.html
 create mode 100644 webgoat-lessons/webgoat-introduction/src/main/resources/i18n/WebGoatLabels.properties
 create mode 100644 webgoat-lessons/webgoat-introduction/src/main/resources/images/wg_logo.png
 create mode 100644 webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/en/Introduction.adoc
 rename webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/{Introduction.adoc => IntroductionWebWolf.adoc} (89%)

diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml
index c51ddc0dd..49d9988e7 100644
--- a/webgoat-lessons/pom.xml
+++ b/webgoat-lessons/pom.xml
@@ -27,6 +27,7 @@
         <module>xxe</module>
         <module>idor</module>
         <module>vulnerable-components</module>
+        <module>webgoat-introduction</module>
         <module>webwolf-introduction</module>
 	    <module>auth-bypass</module>
         <module>missing-function-ac</module>
diff --git a/webgoat-lessons/webgoat-introduction/pom.xml b/webgoat-lessons/webgoat-introduction/pom.xml
new file mode 100644
index 000000000..a7ce360f7
--- /dev/null
+++ b/webgoat-lessons/webgoat-introduction/pom.xml
@@ -0,0 +1,11 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>webgoat-introduction</artifactId>
+    <packaging>jar</packaging>
+    <parent>
+        <groupId>org.owasp.webgoat.lesson</groupId>
+        <artifactId>webgoat-lessons-parent</artifactId>
+        <version>8.0.0.M2</version>
+    </parent>
+</project>
\ No newline at end of file
diff --git a/webgoat-lessons/webgoat-introduction/pom.xml.versionsBackup b/webgoat-lessons/webgoat-introduction/pom.xml.versionsBackup
new file mode 100644
index 000000000..f196aca19
--- /dev/null
+++ b/webgoat-lessons/webgoat-introduction/pom.xml.versionsBackup
@@ -0,0 +1,11 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>webwolf-introduction</artifactId>
+    <packaging>jar</packaging>
+    <parent>
+        <groupId>org.owasp.webgoat.lesson</groupId>
+        <artifactId>webgoat-lessons-parent</artifactId>
+        <version>8.0-SNAPSHOT</version>
+    </parent>
+</project>
\ No newline at end of file
diff --git a/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/plugin/WebGoatIntroduction.java b/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/plugin/WebGoatIntroduction.java
new file mode 100644
index 000000000..89d6482a5
--- /dev/null
+++ b/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/plugin/WebGoatIntroduction.java
@@ -0,0 +1,63 @@
+package org.owasp.webgoat.plugin;
+
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.NewLesson;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * ************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ *
+ * @author WebGoat
+ * @version $Id: $Id
+ * @since October 12, 2016
+ */
+public class WebGoatIntroduction extends NewLesson {
+    @Override
+    public Category getDefaultCategory() {
+        return Category.INTRODUCTION;
+    }
+
+    @Override
+    public List<String> getHints() {
+        return new ArrayList();
+    }
+
+    @Override
+    public Integer getDefaultRanking() {
+        return 1;
+    }
+
+    @Override
+    public String getTitle() {
+        return "webgoat.title";
+    }
+
+    @Override
+    public String getId() {
+        return "WebGoatIntroduction";
+    }
+}
diff --git a/webgoat-lessons/webgoat-introduction/src/main/resources/html/WebGoatIntroduction.html b/webgoat-lessons/webgoat-introduction/src/main/resources/html/WebGoatIntroduction.html
new file mode 100644
index 000000000..74cc173b4
--- /dev/null
+++ b/webgoat-lessons/webgoat-introduction/src/main/resources/html/WebGoatIntroduction.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:Introduction.adoc"></div>
+</div>
+
+</html>
diff --git a/webgoat-lessons/webgoat-introduction/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/webgoat-introduction/src/main/resources/i18n/WebGoatLabels.properties
new file mode 100644
index 000000000..f08d83cf4
--- /dev/null
+++ b/webgoat-lessons/webgoat-introduction/src/main/resources/i18n/WebGoatLabels.properties
@@ -0,0 +1 @@
+webgoat.title=WebGoat
\ No newline at end of file
diff --git a/webgoat-lessons/webgoat-introduction/src/main/resources/images/wg_logo.png b/webgoat-lessons/webgoat-introduction/src/main/resources/images/wg_logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..dcf0e039869c1efc98fcdc5a06f8e4bcf31e94ed
GIT binary patch
literal 4371
zcmd6r=Q|q?_r^o0(XZK>4N6g?sJ(@X5_`2MRbtN?C04B3)JS90NcmRm9h=%Eh*7N;
z5u<30BB)LMJa2w~!1L;Pan5=1xz2U&clULlL}Np3I$BOz002M-)q$8^&)w@XpuTb4
z4U461t_PXFsrDm4%{XWS0AL)0LNv^S$hM!~{QA_4GaSD5lu2v-Uw-HYU-pg&CfAr<
z5ZY*pFYKE_#-yZ6Vui+Xraw8paeaJG)D#(G0<#$*{!3WYVvF@leDyQ<=<gAH{8T*R
zGNNU79r69F8#|#E`W`zGI*wi3QtPH^Z=!}k6$?Q+AgU35?*S#dwMf4nKlR>9iD<vO
zMId96;Gf=&x=bLgErJRKq*;rMmM>y3jIX{Xo66T~LR7aqX%Ie2p4Y@;k!(%<kz(PJ
z!TRej_M+G1j9!R}d4!De<s+Vadh2U44Odr8H>MW~x^=enYUY~Mb^%ACVy+M7O;VNi
zKfNZ0T*mbLC?M@ZjG6*h^M9o5M*g=_jJ@BdcJ$fv8RRC)fb~|_9Uv7yUJ|qUJob)>
z&KXMg+uL`W6FRSIa8nXKVNJMyueQI~Z+*%H#`ch5js7~2YY@&wGE%#lPM1_O<o}8`
zut!$;l<8Ck@};FEAC!zk`BX!6C+j`h7dmD19OpFwr!5;wVnS3$_vwElNX_mNQb9Ry
z>-5yvtQdqtZ}WR6%Q2gm3B{QnVcscpvGzbtlZ~{pmeL@M4BbZLx~}O(sIJ2h9d{iE
zfwi9S!KjZ63;ylN`1fqO`q6FYyZj0mx0FNH9Ex4z$b<X?2s*frtMn_k?9=F#tvLkt
z_N|^CQ5YgXTd@x8W4HTSeq{R2ZXNUYiZN8rZudREFx8nh?GIgELiXi+;FF=c`(ziS
zV$#XF37>=^Lz)Lvv5v>bZZS&UX^7RM#Z=^&XVu(uZqU3|H6brwyjRuX_q_(w_C>Ap
z-j%tr7Rw#=3=!=lbEQX)(qUA0<P$tEiyYa6f$v=oS0E!<EW*!3_D7qMhsV{U7Pn`Q
zus9=Y#2asTPZWY`f$N_K2nCEF;W9(B01^61wuS4krLo<srakDp*J9#TF9lh-Q3wK!
zyX^OpJo-`rG(YX=uK+I!>~AJ7cS+D`APA}6FZ-34z-=iJwCF<zMCH6Sc{#j=G*d``
zDD}3n-Meu4CiYOY>+<nxo&n!(r|`a%3@X3_R^1RtjWm3yIll8igLq~YzYS?+q#v;Q
zqLtOpKdiMz&)D``Btx2z@U={s>{!G3PGpCBEH3XrOE3*?ho1&xYlb;;610=8p78q_
zOyECwcQ2}E+}sC^5;a!`|B~K?A$MJWY)N{t3Ox^R!Ziwy%Y~D;X$CJe@jhikjjv0u
z2xOU?jV+mJP_hsUZ>lNPLMo6Wr`$NAq$K^ssgKkebtC;&CtY4K;T;28>@O+7=R8jb
z^=^2<Vu<UqUxw%_`TM##)5BWPMN~YU$ZVIAya8IeB@1@HQi_~H{Lu@LWl~nJ8}+Xx
zrc5ndztSPU!WB&NW#<jjU`R*79Q7hGES{pth!M+T%Dk-H&&VwxzF8c|MI+v3gWnK?
zaI^C^z@Vvb9nAwayhWooWk2Ol{lk<1m*TX8iwR<kz$xE(Ue!@h-_PZV=uz;~m#Mm9
zF<Xvq38VD*KJxZ$m8u7qSr{Xnfv({BA4urGAqKy`)x@N-u3(^1@?~Mg>=MhDvaMcW
z&t5V3Zl)l(V?%gAR<fQgC&W6C@Vjk-R(M=R4itQavbsfRDbz6Vx%+j2dXmOR`s8WG
zgjzHOUY%QmY=c$(qip9yJYe6(^ejOHW=Kh5{m9Z$LR9=`^YAhvz=RC_dTG9qcY!_^
z*=C<ZAvVE$(6gv@L;YEJhwy@6yG1=xXS5lnX7fPf^<%#0;}diX9A;W4Y?$1kWECl^
z)zRr3R81oHti(tWwQwV$;GolAN3!|6cJ^C`rz)P!HYtc?Z>%cpR*-}vAysck{1G>C
z-q-FoTPdydLs6jom}rHnE1b)E)1xIvC@JI$xvmKGvk?|Y2?1$4mOZ6sIo#U=Hs7g`
z5-24NMf?!m3ObZmUC5VazC36)-X1whX=Cg9#e&b@1tP(b#XIYzkmi2q^|~QyG%H_a
zmqX;nvRZS~-UaEOS&Si(UjguT67L36J7@R(d&FnHof(LW>Z6o^b;L=?Uxfs+0@E5O
zH!z3-i1P`xV+i@Y%6N9--ix?@b@lFiOR~a>{5F6xVgy}Ej;p-Zk8{z>dftRW-;hP0
z=wT|<t4dSWX3Zzh=`#cN2To|p$hFG}vCMWqBr7eP@Ap6mEEY9!&`J-6GQuP)_iG4U
zomi^f!LvK;h~kjy3o%|duZ|X0OR%QTq(<G4^!E7$@%Y!h*qgR$nN-?IJ%5?wP(LR$
z9}TMG*RlBr@m7`rTWw(SW(#n=NMLQ(dh1O{z@%9Tan#(<s20D6@tjs9w@pM#{H_nx
zn|2?Z$QIt17^Kk7{ev4<&ag=%wU|hYwpBZLy8N~joO}>8eK?#ye_?f}N5UA}jI%x{
z7(gFKH+{lj^KuZ<#GgL_ud2ueoejzA{1*FtioXU7v#Xgyrh}#T-)Hy=7*A9w#ShSR
zII)koIA#7ha(zFwLry8{o>(-}M#=pg+42$?6ygFFB_B$`lyQYodmgUXB?pf<?9TOP
z(rc@96uji{PR?>7RF!`q^R)RQgCR54oh}peGpT*`LbK`EY^D=!S6cGqGL7wg4*4>z
zdgrXlvi$%N%v0<xJ1=+8f?dJlq2(KQz9)B{XHk?kF`6AaW=s@47F}CYw||}8?_6_$
zH6zkNxO5t;ubpEfLyQ1)WbwMw|6;~OO8f`j?<0H%?mJ+j>B5NFeH3JyrlrHb7Spi#
zE0?b_?naO#u&lhqnQK5XJHa>?()pQL^~E4{^t1K;;rp-gx6+bSBzZr`H6=?@-s2ew
z#&@b%JO0RN)!iDpxP*_R$7cQSi>L+(o4~Wa)%uGe7G1%HeqKrmr<`x;1ZwY}C{Zk7
zlEfWYI?-Zn&9QX0x)wa*BeEgiOq9;QLKoxQk0`U9zMrpr^5SjN|Lj-h-(({i`8is?
z;tYX8+VR|_SjEsj(qZjndP0c45Y>76QRC|k5dfop&Pj+vkd`jo)OUqFev-hu_FVa@
zqg`h;3w)xQG4jMlF=U72y2Bg=js94m#nrCsL*j*@BOX)OSITHi%UKtiG^tuUstA@>
zgG(6Pc*mpqfD)K3n!_Kb6MK@oL20I2YC&i=y#LaIZ(7jJ61Nc2H}EGekNF3lE8CVe
zF`HpEmGK5b6XX<Ksvd}rI+rTPE;8IgsPa=6corh#`7aNE=>fTU;8ao0{F3=i#szzv
zkOH<T$Jw|%o{ssH`qs^1J>BMEZM-`y?smDSqAR<PH<P-_TzYN{eJ!Y3tm}8}#`$CG
zQvF*Uq!{6P6WC0d;tpn8k<Z`sm{YaJX*8;jTmod&YZt?@!`1AO7C#lVT8$&$<S8-B
zT1`m?2nD%{@ow}?4GS~+55=Qq#?3Bo0E{^@Zf%`&W><3UIAv!^Xjc6h|9u8?|3~2W
zj7dFf$x0jZd{ADsL-SiVy7IN&^EHtz3R)3v&X&awF0EZgt=hHwt-{w<8!Qp#u9aOY
z9=L^_{#KPDuUynckzc6Mo6Z!NcThSSOuLYu;+q)@wAHb>X*0<9Yho1aSTS(=ZO_zQ
z+A00jq1^+&vaJz;OUwYjj?h@Eenwzb3ztQWI=zoBEw4sz<&0c8a7r<u;yw4Oz{hYX
zVWL2|WMcX$Y_4XEuSnEc%{N$J<#WI?E_8Pci6%A;@!JV+rVu{A>pbdXe1bCNcoMf<
z6t)?r_kc;YjVX-A=dYy8GvQ?5wIE$6bMMes+-Yqqf6CMC716ky^d83)8iz+TxNy=#
z=~$#=KlFlA8(JK*{qAh`qA6!h&y%*W+HFx$CAXYbBJR(jgd4$dBe2BPYW_%{XBJ3V
z(eQajyx22koe_qsmJhOdMuPE4*(j(t%`5+cu?^4g?pog+O+qYKv2#OoKQwOf|BT<=
z1I7P(L0!+}@Ue<V<%+mhr5%6Sg!&2i(@9?R*np_c&J634>epm2@=M<PpjqrsJ2hJ)
z1hcKbA0{^>=%@c~wNF=UZiW#Fw)wHmr}M(7nsCbednTa*KUcPyBGWD76s>}=lV_!l
z`SL8uCKQ`odS(`ZUUrKJi)MddM_qOXk7H|*ftWcC%KU<M?{m8F-G-wVfOU37`8a>0
zdk9~r8Ro#MvCa@L@9?FD!{iAK;-dIeQL>KvvStvoSO##(JBkq`DtPuJg>bcs9P|I=
zu^c5wp)hS)F=DX@pwhl`?DVD$Ym<6lkTb0(8a#|VCY$2Uw){zvX==z>F=bM>FLZQ@
zlvKIx<5o~w0C+jMZZ0{Y-jCxStUd2p7}b!Am^~IYljF{M6nfrw>!AtEa{K*?Rt*qG
zMI@IlWKwCHw9(C_N@dK_=+mAgZ^Oa+Z(U?}H1r##FrLgi*93)3xoK`JPo@ftp?8{3
z!`r$DgJF5e8tBH(Bh#*|b1%elBz(Q8KHjcZhaksBR2#t<?6X^NGM(tB@yo{l`7lrt
zGRC5V5r|9^eMt@&cw5BAE)tMJ4fuB85R9hYF96gwmHX?ktf+SX4dbxxrjYnBhvAS)
z-t;OPekXI_CTT-@XqQfr@cPbxW$cmil`GtIyX19Zv#;8ZkMyS>bMi9oznRQ=M?!TR
zV_GA0p-RVf4MIXMde?-(5BbzI)QQc3o}Z;MjMQ-O%sO=9!%|sz1vXlKRj<NaVd)M1
z8xB+c3irm~${(@&^)?~Jya9CJXG4Lgn$Ob^)F6Pl*GTH9<u-T`cyckwTA+g7Cqqst
zklW6UTHQVVHB(@%&n!3J$Vx9PcxaRdii`7m?lSJ5?tJr;P1MOYl$0ucPb?&2-Jwoy
z=I%F<SAuK*W{yI<IV1D;yK;oAmFv)7C!1wbhRJiBm$xkS_t^m-#lquih{V6YIrh%N
zLSNqfIodRWw_Ev<rkZ&Vy?aJ!`ywZKZzCA3z#>8BX<gB8lfNWz@WF^M{n&YgpDoGW
z5DOjzxl}z$3TGJ2|6b9<)2jyJhP6lEHXaQ0q7?#@t81G=6PD{8Dv}>orX+GHKdUoF
z`g;&yijk#HBO!@58+r;JvhtL5%+N6(p|1Rj1KcIw@#$WqvUF{EVz%o-wE|^rL8`~K
z_4tR(76RL}OjSB8Pv*`+Li(g=22{J8CnVq<+Mz^Q{1WdcB$lx^JzQm3lUAL2BM1?^
zd+?;T3^cO>5>oy#z<KZJ<cY37*__f%+o*mZ+9Iq(pa<sHKhZR~pfx{P^#B=pT6>Zk
zW5p1!S7OobYUNf_fj|Khm(}g(I@@NnLz}M-#a9w-SJ4H;zH?i|^R1|vESWzUTT0JL
zK|0h_NT970N)i(8Nay?b%1d<A<vnZpk^#=6w11upq{A8nAL80lL;<^*>3h0si$T|E
xIO94E^Q*~nVf_IA$=x3R^SS%~UjTm@^mUIFw=%cyUw=6OP%T49%_F<${{wF>WvT!G

literal 0
HcmV?d00001

diff --git a/webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/en/Introduction.adoc b/webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/en/Introduction.adoc
new file mode 100644
index 000000000..2af6d0a0d
--- /dev/null
+++ b/webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/en/Introduction.adoc
@@ -0,0 +1,21 @@
+== Introducing WebGoat
+
+
+---
+What is WebGoat?
+
+WebGoat is a deliberately insecure application that allows interested developers just like you to _test vulnerabilities_
+commonly found in Java-based applications that use common and popular open source components.
+
+Now, while we in no way condone causing intentional harm to any animal, goat or otherwise, we think learning everything
+you can about security vulnerabilities is essential to understanding just what happens when even a small bit of
+unintended code gets into your applications.
+
+What better way to do that than with your very own scapegoat?
+
+Feel free to do what you will with Hack. Poke, prod and if it makes you feel better, scare him until your heart’s content.
+Go ahead, and Hack the goat. We promise he likes it.
+
+Thanks for your interest!
+
+*The WebGoat Team*
diff --git a/webgoat-lessons/webwolf-introduction/src/main/resources/html/WebWolfIntroduction.html b/webgoat-lessons/webwolf-introduction/src/main/resources/html/WebWolfIntroduction.html
index 1657bade0..3e95b703f 100644
--- a/webgoat-lessons/webwolf-introduction/src/main/resources/html/WebWolfIntroduction.html
+++ b/webgoat-lessons/webwolf-introduction/src/main/resources/html/WebWolfIntroduction.html
@@ -2,7 +2,7 @@
 <html xmlns:th="http://www.thymeleaf.org">
 
 <div class="lesson-page-wrapper">
-    <div class="adoc-content" th:replace="doc:Introduction.adoc"></div>
+    <div class="adoc-content" th:replace="doc:IntroductionWebWolf.adoc"></div>
 </div>
 
 <div class="lesson-page-wrapper">
diff --git a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/Introduction.adoc b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
similarity index 89%
rename from webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/Introduction.adoc
rename to webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
index d3af4cc71..16f5bafc2 100644
--- a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/Introduction.adoc
+++ b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
@@ -1,5 +1,8 @@
 == Introducing WebWolf
 
+NOTE: You only need WebWolf if you a lesson specifies you can use it. For a lot of lessons you use WebGoat without
+starting WebWolf.
+
 WebWolf is a separate web application which simulates an attackers machine. It makes it possible for us to
 make a clear distinction between what takes place on the attacked website and the actions you need to do as
 an "attacker". WebWolf was introduced after a couple of workshops where we received feedback about the fact there
diff --git a/webgoat-server/pom.xml b/webgoat-server/pom.xml
index 881ffbf90..a808f480f 100644
--- a/webgoat-server/pom.xml
+++ b/webgoat-server/pom.xml
@@ -174,6 +174,11 @@
             <artifactId>auth-bypass</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.owasp.webgoat.lesson</groupId>
+            <artifactId>webgoat-introduction</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.owasp.webgoat.lesson</groupId>
             <artifactId>webwolf-introduction</artifactId>