diff --git a/README.MD b/README.MD
index 81dd5e5c9..55cccd8dc 100644
--- a/README.MD
+++ b/README.MD
@@ -44,15 +44,15 @@ first thing that all hackers claim.*
 # Easy Run ( For non-developers )
 
 Every successful build of the WebGoat Lessons Container and the WebGoat Lessons in our Continuous Integration Server
-creates an "Easy Run" Executable JAR file, which contains the WebGoat Lessons Server, the lessons and a embedded Tomcat server.
+creates an "Easy Run" Executable WAR file, which contains the WebGoat Lessons Server, the lessons and a embedded Tomcat server.
 
-You can check for the "Last Modified" date of our "Easy Run" jar file [HERE](http://webgoat-war.s3-website-us-east-1.amazonaws.com/)
+You can check for the "Last Modified" date of our "Easy Run" war file [HERE](http://webgoat-war.s3-website-us-east-1.amazonaws.com/)
 
 The "Easy Run" JAR file offers a no hassle approach to testing and running WebGoat. Follow these instructions if you
 wish to simply try/test/run the current development version of WebGoat
 
 ### Prerequisites:
-* Java VM >= 1.6 installed ( JDK 1.7 recommended)
+* Java VM 1.8 installed
 
 ## Easy Run Instructions:
 
@@ -65,7 +65,7 @@ https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0.1-war-exec.jar
 Open a command shell/window, browse to where you downloaded the easy run jar and type:
 
 ```Shell
-java -jar webgoat-container-7.0.1-war-exec.jar
+java -jar webgoat-container-7.0.1.war
 ```
 
 #### 3. Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !
@@ -82,8 +82,8 @@ Follow these instructions if you wish to run Webgoat and modify the source code
 
 ### Prerequisites:
 
-* Java >= 1.6 ( JDK 1.7 recommended )
-* Maven > 2.0.9
+* Java 8
+* Maven > 3.2.1
 * Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed.
 * Git, or Git support in your IDE
 
@@ -136,19 +136,19 @@ The __maven tomcat7:run-war__ goal runs the project in an embedded tomcat:
 
 ```Shell
 cd WebGoat
-mvn -pl webgoat-container tomcat7:run-war
+mvn -pl webgoat-container spring-boot:run
 ```
 
 Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !
 
 #### Option #2: Java executable JAR
-The __maven package__ goal generates an executable .jar file:
+The __maven install__ goal generates an executable .war file:
 
 ```Shell
 cd WebGoat
 mvn package
 cd webgoat-container/target
-java -jar webgoat-container-7.1-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat
+java -jar webgoat-container-7.1-SNAPSHOT.war
 ```
 
 Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !
@@ -168,18 +168,10 @@ Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and hap
 
 ## Reloading plugins and lessons
 
-If you want to __reload all the plugin and lessons__, open a new browser tab and visit the following url:
-
-[http://localhost:8080/WebGoat/service/reloadplugins.mvc](http://localhost:8080/WebGoat/service/reloadplugins.mvc)
-
-After the plugin reload is complete, _reloading a message_ will appear and you can refresh the __main WebGoat browser tab__.
+If you want to __reload all the plugin and lessons__, open up the developer tools available from the info menu. This will
+show an extra set of links below the cookie overview.
 
 ## Debugging label properties
 
-To be able to see which labels are loaded through a property file, open a new browser tab and visit the following url:
-
-[http://localhost:8080/WebGoat/service/debug/labels.mvc](http://localhost:8080/WebGoat/service/debug/labels.mvc)
-
-Switch back to the main WebGoat broswer tab and __reload the main WebGoat browser tab__.
-
-After the reload is complete, all labels which where loaded from a property file will be __marked green__.
+To be able to see which labels are loaded through a property file, open up the developer tools avalailable from the info menu
+After the reload is complete, all labels which are loaded from a property file will be __marked green__.
diff --git a/pom.xml b/pom.xml
index 7f843de09..c13bbf892 100644
--- a/pom.xml
+++ b/pom.xml
@@ -152,7 +152,6 @@
         <maven-release-plugin.version>2.5.2</maven-release-plugin.version>
         <maven-source-plugin.version>2.4</maven-source-plugin.version>
         <maven-surefire-plugin.version>2.19</maven-surefire-plugin.version>
-        <maven-war-plugin.version>2.6</maven-war-plugin.version>
         <nexus-staging-maven-plugin.version>1.6.6</nexus-staging-maven-plugin.version>
         <sauce_junit.version>2.1.20</sauce_junit.version>
         <selenium-java.version>2.48.2</selenium-java.version>
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
index 908811556..9446836d5 100644
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@@ -39,7 +39,7 @@
                             <attachArtifactClassifier>exec</attachArtifactClassifier>
                             <contextReloadable>true</contextReloadable>
                             <useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader>
-                            <contextFile>${project.basedir}/src/main/webapp/WEB-INF/context.xml</contextFile>
+                            <contextFile>${project.basedir}/src/main/old/WEB-INF/context.xml</contextFile>
                         </configuration>
                         <dependencies>
                             <dependency>
@@ -147,77 +147,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-war-plugin</artifactId>
-                <version>${maven-war-plugin.version}</version>
-                <configuration>
-                    <!--  archiving the classes breaks the admin screen loads in course.java
-                          the legacy lesson loader does not look in jar files for lessons  -->
-                    <archiveClasses>false</archiveClasses>
-                    <archive>
-                        <manifest>
-                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
-                        </manifest>
-                        <manifestEntries>
-                            <Specification-Title>${project.name}</Specification-Title>
-                            <Specification-Version>${project.version}</Specification-Version>
-                            <Implementation-Version>${build.number}</Implementation-Version>
-                        </manifestEntries>
-                    </archive>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>build-helper-maven-plugin</artifactId>
-                <version>${build-helper-maven-plugin.version}</version>
-                <executions>
-                    <execution>
-                        <id>attach-artifacts</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>attach-artifact</goal>
-                        </goals>
-                        <configuration>
-                            <artifacts>
-                                <artifact>
-                                    <file>${project.build.directory}/webgoat-container-${project.version}.jar</file>
-                                </artifact>
-                            </artifacts>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.tomcat.maven</groupId>
-                <artifactId>tomcat7-maven-plugin</artifactId>
-                <version>2.3-SNAPSHOT</version>
-                <configuration>
-                    <server>local_tomcat</server>
-                    <url>http://localhost:8080/manager/text</url>
-                    <path>/WebGoat</path>
-                    <attachArtifactClassifier>exec</attachArtifactClassifier>
-                    <contextReloadable>true</contextReloadable>
-                    <useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader>
-                    <contextFile>${project.basedir}/src/main/webapp/WEB-INF/context.xml</contextFile>
-                </configuration>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.owasp.webgoat</groupId>
-                        <artifactId>webgoat-container</artifactId>
-                        <version>${project.version}</version>
-                    </dependency>
-                </dependencies>
-                <executions>
-                    <execution>
-                        <id>tomcat-run</id>
-                        <goals>
-                            <goal>exec-war-only</goal>
-                        </goals>
-                        <phase>package</phase>
-                    </execution>
-                </executions>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
@@ -276,11 +205,6 @@
             <artifactId>thymeleaf-extras-springsecurity4</artifactId>
             <version>2.1.2.RELEASE</version>
         </dependency>
-        <dependency>
-            <groupId>org.xeustechnologies</groupId>
-            <artifactId>jcl-core</artifactId>
-            <version>2.7</version>
-        </dependency>
         <dependency>
             <groupId>javax.activation</groupId>
             <artifactId>activation</artifactId>
@@ -311,52 +235,6 @@
             <artifactId>axis-ant</artifactId>
             <version>${axis-ant.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <version>${commons-lang3.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>${commons-io.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <version>${commons-collections.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-digester</groupId>
-            <artifactId>commons-digester</artifactId>
-            <version>${commons-digester.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>xml-apis</groupId>
-                    <artifactId>xml-apis</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <!--<dependency>-->
-            <!--<groupId>commons-logging</groupId>-->
-            <!--<artifactId>commons-logging</artifactId>-->
-            <!--<version>${commons-logging.version}</version>-->
-        <!--</dependency>-->
-        <!--<dependency>-->
-            <!--<groupId>org.slf4j</groupId>-->
-            <!--<artifactId>jcl-over-slf4j</artifactId>-->
-            <!--<version>${jcl-over-slf4j.version}</version>-->
-        <!--</dependency>-->
-        <dependency>
-            <groupId>commons-discovery</groupId>
-            <artifactId>commons-discovery</artifactId>
-            <version>${commons-discovery.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>javax.mail</groupId>
-            <artifactId>javax.mail-api</artifactId>
-            <version>${mail-api.version}</version>
-        </dependency>
         <dependency>
             <groupId>hsqldb</groupId>
             <artifactId>hsqldb</artifactId>
@@ -367,11 +245,6 @@
             <artifactId>wsdl4j</artifactId>
             <version>${wsdl4j.version}</version>
         </dependency>
-        <dependency>
-            <groupId>java2html</groupId>
-            <artifactId>j2h</artifactId>
-            <version>${j2h.version}</version>
-        </dependency>
         <dependency>
             <groupId>ecs</groupId>
             <artifactId>ecs</artifactId>
@@ -382,39 +255,6 @@
             <artifactId>javax.transaction-api</artifactId>
             <version>${javax.transaction-api.version}</version>
         </dependency>
-        <dependency>
-            <groupId>net.sourceforge.jtds</groupId>
-            <artifactId>jtds</artifactId>
-            <version>${jtds.version}</version>
-        </dependency>
-        <!--<dependency>-->
-            <!--<groupId>org.apache.tomcat</groupId>-->
-            <!--<artifactId>tomcat-catalina</artifactId>-->
-            <!--<version>${tomcat-catalina.version}</version>-->
-            <!--<scope>provided</scope>-->
-        <!--</dependency>-->
-
-
-        <!-- ************* spring MVC and related dependencies ************** -->
-
-        <!-- servlet API -->
-        <!--<dependency>-->
-            <!--<groupId>javax</groupId>-->
-            <!--<artifactId>javaee-api</artifactId>-->
-            <!--<version>${javaee-api.version}</version>-->
-            <!--<scope>provided</scope>-->
-        <!--</dependency>-->
-
-
-        <!-- Jackson -->
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-        </dependency>
 
         <!-- Apache Commons Upload -->
         <dependency>
@@ -429,56 +269,7 @@
             <version>${guava.version}</version>
         </dependency>
 
-        <!-- JSTL -->
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>jstl</artifactId>
-            <version>${jstl.version}</version>
-        </dependency>
 
-        <dependency>
-            <groupId>taglibs</groupId>
-            <artifactId>standard</artifactId>
-            <version>${standard.version}</version>
-        </dependency>
-
-        <!--<dependency>-->
-            <!--<groupId>log4j</groupId>-->
-            <!--<artifactId>log4j</artifactId>-->
-            <!--<version>${log4j.version}</version>-->
-            <!--<exclusions>-->
-                <!--<exclusion>-->
-                    <!--<groupId>javax.jms</groupId>-->
-                    <!--<artifactId>jms</artifactId>-->
-                <!--</exclusion>-->
-                <!--<exclusion>-->
-                    <!--<groupId>com.sun.jdmk</groupId>-->
-                    <!--<artifactId>jmxtools</artifactId>-->
-                <!--</exclusion>-->
-                <!--<exclusion>-->
-                    <!--<groupId>com.sun.jmx</groupId>-->
-                    <!--<artifactId>jmxri</artifactId>-->
-                <!--</exclusion>-->
-            <!--</exclusions>-->
-        <!--</dependency>-->
-        <dependency>
-            <groupId>org.apache.tiles</groupId>
-            <artifactId>tiles-core</artifactId>
-            <version>${tiles.version}</version>
-            <type>jar</type>
-        </dependency>
-        <!--<dependency>-->
-            <!--<groupId>org.slf4j</groupId>-->
-            <!--<artifactId>slf4j-api</artifactId>-->
-            <!--<version>${slf4j-api.version}</version>-->
-            <!--<type>jar</type>-->
-        <!--</dependency>-->
-        <!--<dependency>-->
-            <!--<groupId>org.slf4j</groupId>-->
-            <!--<artifactId>slf4j-log4j12</artifactId>-->
-            <!--<version>${slf4j-log4j12.version}</version>-->
-            <!--<type>jar</type>-->
-        <!--</dependency>-->
         <!-- ************* END spring MVC and related dependencies ************** -->
         <!-- ************* START: Dependencies for Unit and Integration Testing ************** -->
         <dependency>
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
index f5b53eae8..b30beed67 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
@@ -69,7 +69,7 @@ public class PluginReloadService extends BaseService {
         String pluginPath = session.getServletContext().getRealPath("plugin_lessons");
         String targetPath = session.getServletContext().getRealPath("plugin_extracted");
         //new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars();
-        webSession.getCourse().loadLessonFromPlugin(session.getServletContext());
+        webSession.getCourse().loadLessonFromPlugin();
 
         Map<String, Object> result = new HashMap<String, Object>();
         result.put("success", true);
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/servlets/Controller.java b/webgoat-container/src/main/java/org/owasp/webgoat/servlets/Controller.java
deleted file mode 100644
index 9cd7f284e..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/servlets/Controller.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package org.owasp.webgoat.servlets;
-
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project
- * utility. For details, please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option) any later
- * version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
- * for free software projects.
- *
- * @version $Id: $Id
- * @author dm
- */
-public class Controller extends HttpServlet {
-
-    private static final long serialVersionUID = 1L;
-
-    /** {@inheritDoc} */
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
-        doPost(request, response);
-
-    }
-
-    /** {@inheritDoc} */
-    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
-            IOException {
-
-        String userAgent = request.getHeader("user-agent");
-
-        String clientBrowser = "Not known!";
-
-        if (userAgent != null) {
-
-            clientBrowser = userAgent;
-
-        }
-
-        request.setAttribute("client.browser", clientBrowser);
-
-        request.getRequestDispatcher("/view.jsp").forward(request, response);
-
-    }
-
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
index 0a23f9fab..ca98dbf45 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
@@ -321,10 +321,8 @@ public class Course {
 
     /**
      * <p>loadLessonFromPlugin.</p>
-     *
-     * @param context a {@link javax.servlet.ServletContext} object.
      */
-    public void loadLessonFromPlugin(ServletContext context) {
+    public void loadLessonFromPlugin() {
         Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt");
         String pluginPath = null;
         String targetPath = null;
@@ -380,7 +378,7 @@ public class Course {
     public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
         logger.info("Loading courses: " + path);
         this.webgoatContext = webgoatContext;
-        loadLessonFromPlugin(context);
+        loadLessonFromPlugin();
         LegacyLoader loader = new LegacyLoader();
         lessons.addAll(loader.loadLessons(webgoatContext, context, path, properties));        
     }
diff --git a/webgoat-container/src/main/webapp/META-INF/MANIFEST.MF b/webgoat-container/src/main/old/META-INF/MANIFEST.MF
similarity index 100%
rename from webgoat-container/src/main/webapp/META-INF/MANIFEST.MF
rename to webgoat-container/src/main/old/META-INF/MANIFEST.MF
diff --git a/webgoat-container/src/main/webapp/META-INF/context.xml b/webgoat-container/src/main/old/META-INF/context.xml
similarity index 100%
rename from webgoat-container/src/main/webapp/META-INF/context.xml
rename to webgoat-container/src/main/old/META-INF/context.xml
diff --git a/webgoat-container/src/main/webapp/WEB-INF/context.xml b/webgoat-container/src/main/old/WEB-INF/context.xml
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/context.xml
rename to webgoat-container/src/main/old/WEB-INF/context.xml
diff --git a/webgoat-container/src/main/webapp/WEB-INF/mvc-dispatcher-servlet.xmlold b/webgoat-container/src/main/old/WEB-INF/mvc-dispatcher-servlet.xmlold
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/mvc-dispatcher-servlet.xmlold
rename to webgoat-container/src/main/old/WEB-INF/mvc-dispatcher-servlet.xmlold
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/about.jsp b/webgoat-container/src/main/old/WEB-INF/pages/about.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/pages/about.jsp
rename to webgoat-container/src/main/old/WEB-INF/pages/about.jsp
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/login.jsp b/webgoat-container/src/main/old/WEB-INF/pages/login.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/pages/login.jsp
rename to webgoat-container/src/main/old/WEB-INF/pages/login.jsp
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/logout.jsp b/webgoat-container/src/main/old/WEB-INF/pages/logout.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/pages/logout.jsp
rename to webgoat-container/src/main/old/WEB-INF/pages/logout.jsp
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp b/webgoat-container/src/main/old/WEB-INF/pages/main_new.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/pages/main_new.jsp
rename to webgoat-container/src/main/old/WEB-INF/pages/main_new.jsp
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/widgets/cookies_and_params.jsp b/webgoat-container/src/main/old/WEB-INF/pages/widgets/cookies_and_params.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/pages/widgets/cookies_and_params.jsp
rename to webgoat-container/src/main/old/WEB-INF/pages/widgets/cookies_and_params.jsp
diff --git a/webgoat-container/src/main/webapp/WEB-INF/pages/widgets/hints.jsp b/webgoat-container/src/main/old/WEB-INF/pages/widgets/hints.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/pages/widgets/hints.jsp
rename to webgoat-container/src/main/old/WEB-INF/pages/widgets/hints.jsp
diff --git a/webgoat-container/src/main/webapp/WEB-INF/server-config.wsdd b/webgoat-container/src/main/old/WEB-INF/server-config.wsdd
similarity index 97%
rename from webgoat-container/src/main/webapp/WEB-INF/server-config.wsdd
rename to webgoat-container/src/main/old/WEB-INF/server-config.wsdd
index 667abb2df..a32f6c661 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/server-config.wsdd
+++ b/webgoat-container/src/main/old/WEB-INF/server-config.wsdd
@@ -1,69 +1,69 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
- <globalConfiguration>
-  <parameter name="sendMultiRefs" value="true"/>
-  <parameter name="disablePrettyXML" value="true"/>
-  <parameter name="adminPassword" value="admin"/>
-<!--
-  <parameter name="attachments.Directory" value="C:\webgoat\tomcat\webapps\WebGoat\WEB-INF\attachments"/>
--->
-  <parameter name="dotNetSoapEncFix" value="true"/>
-  <parameter name="enableNamespacePrefixOptimization" value="true"/>
-  <parameter name="sendXMLDeclaration" value="true"/>
-<!--
-  <parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
--->
-  <parameter name="sendXsiTypes" value="true"/>
-  <requestFlow>
-   <handler type="java:org.apache.axis.handlers.JWSHandler">
-    <parameter name="scope" value="session"/>
-   </handler>
-   <handler type="java:org.apache.axis.handlers.JWSHandler">
-    <parameter name="scope" value="request"/>
-    <parameter name="extension" value=".jwr"/>
-   </handler>
-  </requestFlow>
- </globalConfiguration>
- <handler name="LocalResponder" type="java:org.apache.axis.transport.local.LocalResponder"/>
- <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
- <handler name="Authenticate" type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
- <service name="WSDLScanning" provider="java:RPC">
-  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
-  <parameter name="className" value="org.owasp.webgoat.plugin.WSDLScanning"/>
- </service>
- <service name="SoapRequest" provider="java:RPC">
-  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
-  <parameter name="className" value="org.owasp.webgoat.plugin.SoapRequest"/>
- </service>
- <service name="AdminService" provider="java:MSG">
-  <parameter name="allowedMethods" value="AdminService"/>
-  <parameter name="enableRemoteAdmin" value="false"/>
-  <parameter name="className" value="org.apache.axis.utils.Admin"/>
-  <namespace>http://xml.apache.org/axis/wsdd/</namespace>
- </service>
- <service name="Version" provider="java:RPC">
-  <parameter name="allowedMethods" value="getVersion"/>
-  <parameter name="className" value="org.apache.axis.Version"/>
- </service>
- <service name="WsSqlInjection" provider="java:RPC">
-  <parameter name="allowedMethods" value="getCreditCard"/>
-  <parameter name="className" value="org.owasp.webgoat.plugin.WsSqlInjection"/>
- </service>
- <transport name="http">
-  <requestFlow>
-   <handler type="URLMapper"/>
-   <handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
-  </requestFlow>
-  <parameter name="qs:list" value="org.apache.axis.transport.http.QSListHandler"/>
-  <parameter name="qs:wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
-  <parameter name="qs.list" value="org.apache.axis.transport.http.QSListHandler"/>
-  <parameter name="qs.method" value="org.apache.axis.transport.http.QSMethodHandler"/>
-  <parameter name="qs:method" value="org.apache.axis.transport.http.QSMethodHandler"/>
-  <parameter name="qs.wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
- </transport>
- <transport name="local">
-  <responseFlow>
-   <handler type="LocalResponder"/>
-  </responseFlow>
- </transport>
-</deployment>
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+ <globalConfiguration>
+  <parameter name="sendMultiRefs" value="true"/>
+  <parameter name="disablePrettyXML" value="true"/>
+  <parameter name="adminPassword" value="admin"/>
+<!--
+  <parameter name="attachments.Directory" value="C:\webgoat\tomcat\webapps\WebGoat\WEB-INF\attachments"/>
+-->
+  <parameter name="dotNetSoapEncFix" value="true"/>
+  <parameter name="enableNamespacePrefixOptimization" value="true"/>
+  <parameter name="sendXMLDeclaration" value="true"/>
+<!--
+  <parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
+-->
+  <parameter name="sendXsiTypes" value="true"/>
+  <requestFlow>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="session"/>
+   </handler>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="request"/>
+    <parameter name="extension" value=".jwr"/>
+   </handler>
+  </requestFlow>
+ </globalConfiguration>
+ <handler name="LocalResponder" type="java:org.apache.axis.transport.local.LocalResponder"/>
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="Authenticate" type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
+ <service name="WSDLScanning" provider="java:RPC">
+  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
+  <parameter name="className" value="org.owasp.webgoat.plugin.WSDLScanning"/>
+ </service>
+ <service name="SoapRequest" provider="java:RPC">
+  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
+  <parameter name="className" value="org.owasp.webgoat.plugin.SoapRequest"/>
+ </service>
+ <service name="AdminService" provider="java:MSG">
+  <parameter name="allowedMethods" value="AdminService"/>
+  <parameter name="enableRemoteAdmin" value="false"/>
+  <parameter name="className" value="org.apache.axis.utils.Admin"/>
+  <namespace>http://xml.apache.org/axis/wsdd/</namespace>
+ </service>
+ <service name="Version" provider="java:RPC">
+  <parameter name="allowedMethods" value="getVersion"/>
+  <parameter name="className" value="org.apache.axis.Version"/>
+ </service>
+ <service name="WsSqlInjection" provider="java:RPC">
+  <parameter name="allowedMethods" value="getCreditCard"/>
+  <parameter name="className" value="org.owasp.webgoat.plugin.WsSqlInjection"/>
+ </service>
+ <transport name="http">
+  <requestFlow>
+   <handler type="URLMapper"/>
+   <handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+  </requestFlow>
+  <parameter name="qs:list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs:wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+  <parameter name="qs.list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs.method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+  <parameter name="qs:method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+  <parameter name="qs.wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+ </transport>
+ <transport name="local">
+  <responseFlow>
+   <handler type="LocalResponder"/>
+  </responseFlow>
+ </transport>
+</deployment>
diff --git a/webgoat-container/src/main/webapp/WEB-INF/spring-security.xmlold b/webgoat-container/src/main/old/WEB-INF/spring-security.xmlold
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/spring-security.xmlold
rename to webgoat-container/src/main/old/WEB-INF/spring-security.xmlold
diff --git a/webgoat-container/src/main/webapp/WEB-INF/web.xmlold b/webgoat-container/src/main/old/WEB-INF/web.xmlold
similarity index 100%
rename from webgoat-container/src/main/webapp/WEB-INF/web.xmlold
rename to webgoat-container/src/main/old/WEB-INF/web.xmlold
diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat-class.properties b/webgoat-container/src/main/old/WEB-INF/webgoat-class.properties
similarity index 96%
rename from webgoat-container/src/main/webapp/WEB-INF/webgoat-class.properties
rename to webgoat-container/src/main/old/WEB-INF/webgoat-class.properties
index 088a6334d..52818894f 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat-class.properties
+++ b/webgoat-container/src/main/old/WEB-INF/webgoat-class.properties
@@ -1,60 +1,60 @@
-category.General.ranking=11
-lesson.HttpBasics.ranking=10
-lesson.HttpSplitting.ranking=20
-lesson.ThreadSafetyProblem.ranking=30
-
-category.Broken\ Authentication\ and\ Session\ Management.ranking=21
-lesson.BasicAuthentication.ranking=10
-lesson.WeakAuthenticationCookie.ranking=20
-
-category.Broken\ Access\ Control.ranking=31
-lesson.AccessControlMatrix.ranking=10
-lesson.PathBasedAccessControl.ranking=20
-lesson.RoleBasedAccessControl.hidden=true
-
-category.Cross-Site\ Scripting\ (XSS).ranking=41
-lesson.StoredXss.ranking=10
-lesson.ReflectedXSS.ranking=20
-lesson.CSRF.ranking=30
-lesson.CsrfPromptByPass.ranking=40
-lesson.CsrfTokenByPass.ranking=50
-lesson.CrossSiteScripting.hidden=true
-
-category.Unvalidated\ Parameters.ranking=51
-lesson.HiddenFieldTampering.ranking=10
-lesson.JavaScriptValidation.ranking=20
-lesson.UncheckedEmail.ranking=30
-
-category.Insecure\ Storage.ranking=61
-lesson.Encoding.ranking=10
-
-category.Injection\ Flaws.ranking=71
-lesson.SqlNumericInjection.ranking=10
-lesson.SqlStringInjection.ranking=20
-lesson.CommandInjection.ranking=30
-lesson.LogSpoofing.ranking=40
-lesson.SQLInjection.hidden=true
-
-category.Improper\ Error\ Handling.ranking=81
-lesson.FailOpenAuthentication.ranking=10
-
-category.Code\ Quality.ranking=91
-lesson.HtmlClues.ranking=10
-
-category.Web\ Services.category.ranking=101
-lesson.SoapRequest.ranking=10
-lesson.WSDLScanning.ranking=20
-lesson.WsSqlInjection.ranking=30
-
-category.New\ Lesson.category.ranking=111
-lesson.HowToAddNewLesson.ranking=10
-
-lesson.WeakSessionID.hidden=true
-lesson.BufferOverflow.hidden=true
-lesson.BlindSqlInjection.hidden=true
-lesson.DOS_Login.hidden=true
-lesson.ForcedBrowsing.hidden=true
-lesson.ForgotPassword.hidden=true
-lesson.ParameterInjection.hidden=true
-lesson.RemoteAdminFlaw.hidden=true
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+lesson.RoleBasedAccessControl.hidden=true
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
+lesson.CsrfPromptByPass.ranking=40
+lesson.CsrfTokenByPass.ranking=50
+lesson.CrossSiteScripting.hidden=true
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
+lesson.SQLInjection.hidden=true
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+category.New\ Lesson.category.ranking=111
+lesson.HowToAddNewLesson.ranking=10
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
 lesson.ChallengeScreen.hidden=true
\ No newline at end of file
diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat-lab.properties b/webgoat-container/src/main/old/WEB-INF/webgoat-lab.properties
similarity index 96%
rename from webgoat-container/src/main/webapp/WEB-INF/webgoat-lab.properties
rename to webgoat-container/src/main/old/WEB-INF/webgoat-lab.properties
index abd6385d7..1e37e2b27 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat-lab.properties
+++ b/webgoat-container/src/main/old/WEB-INF/webgoat-lab.properties
@@ -1,57 +1,57 @@
-category.General.ranking=11
-lesson.HttpBasics.ranking=10
-lesson.HttpSplitting.ranking=20
-lesson.ThreadSafetyProblem.ranking=30
-
-category.Broken\ Authentication\ and\ Session\ Management.ranking=21
-lesson.BasicAuthentication.ranking=10
-lesson.WeakAuthenticationCookie.ranking=20
-
-category.Broken\ Access\ Control.ranking=31
-lesson.AccessControlMatrix.ranking=10
-lesson.PathBasedAccessControl.ranking=20
-
-category.Cross-Site\ Scripting\ (XSS).ranking=41
-lesson.StoredXss.ranking=10
-lesson.ReflectedXSS.ranking=20
-lesson.CSRF.ranking=30
-lesson.CsrfPromptByPass.ranking=40
-lesson.CsrfTokenByPass.ranking=50
-
-category.Unvalidated\ Parameters.ranking=51
-lesson.HiddenFieldTampering.ranking=10
-lesson.JavaScriptValidation.ranking=20
-lesson.UncheckedEmail.ranking=30
-
-category.Insecure\ Storage.ranking=61
-lesson.Encoding.ranking=10
-
-category.Injection\ Flaws.ranking=71
-lesson.SqlNumericInjection.ranking=10
-lesson.SqlStringInjection.ranking=20
-lesson.CommandInjection.ranking=30
-lesson.LogSpoofing.ranking=40
-
-category.Improper\ Error\ Handling.ranking=81
-lesson.FailOpenAuthentication.ranking=10
-
-category.Code\ Quality.ranking=91
-lesson.HtmlClues.ranking=10
-
-category.Web\ Services.category.ranking=101
-lesson.SoapRequest.ranking=10
-lesson.WSDLScanning.ranking=20
-lesson.WsSqlInjection.ranking=30
-
-category.New\ Lesson.category.ranking=111
-lesson.HowToAddNewLesson.ranking=10
-
-lesson.WeakSessionID.hidden=true
-lesson.BufferOverflow.hidden=true
-lesson.BlindSqlInjection.hidden=true
-lesson.DOS_Login.hidden=true
-lesson.ForcedBrowsing.hidden=true
-lesson.ForgotPassword.hidden=true
-lesson.ParameterInjection.hidden=true
-lesson.RemoteAdminFlaw.hidden=true
-lesson.ChallengeScreen.hidden=true
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
+lesson.CsrfPromptByPass.ranking=40
+lesson.CsrfTokenByPass.ranking=50
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+category.New\ Lesson.category.ranking=111
+lesson.HowToAddNewLesson.ranking=10
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
+lesson.ChallengeScreen.hidden=true
diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat-owasp.properties b/webgoat-container/src/main/old/WEB-INF/webgoat-owasp.properties
similarity index 97%
rename from webgoat-container/src/main/webapp/WEB-INF/webgoat-owasp.properties
rename to webgoat-container/src/main/old/WEB-INF/webgoat-owasp.properties
index 3fb9410b1..c572d25ca 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat-owasp.properties
+++ b/webgoat-container/src/main/old/WEB-INF/webgoat-owasp.properties
@@ -1,2 +1,2 @@
-#lesson.BufferOverflow.hidden=true
-lesson.BlindScript.hidden=true
+#lesson.BufferOverflow.hidden=true
+lesson.BlindScript.hidden=true
diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat_oracle.sql b/webgoat-container/src/main/old/WEB-INF/webgoat_oracle.sql
similarity index 96%
rename from webgoat-container/src/main/webapp/WEB-INF/webgoat_oracle.sql
rename to webgoat-container/src/main/old/WEB-INF/webgoat_oracle.sql
index 9894eb2a7..932998e58 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat_oracle.sql
+++ b/webgoat-container/src/main/old/WEB-INF/webgoat_oracle.sql
@@ -1,132 +1,132 @@
-DROP USER webgoat_guest CASCADE;
-CREATE USER webgoat_guest IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
-GRANT CONNECT, RESOURCE TO webgoat_guest;
-GRANT CREATE PROCEDURE TO webgoat_guest;
-
-CREATE TABLE WEBGOAT_guest.EMPLOYEE (
-    userid INT NOT NULL PRIMARY KEY,
-    first_name VARCHAR(20),
-    last_name VARCHAR(20),
-    ssn VARCHAR(12),
-    password VARCHAR(10),
-    title VARCHAR(20),
-    phone VARCHAR(13),
-    address1 VARCHAR(80),
-    address2 VARCHAR(80),
-    manager INT,
-    start_date CHAR(8),
-    salary INT,
-    ccn VARCHAR(30),
-    ccn_limit INT,
-    disciplined_date CHAR(8),
-    disciplined_notes VARCHAR(60),
-    personal_description VARCHAR(60)
-);
-
-
-CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
-    stmt VARCHAR(32767);cnt NUMBER;
-BEGIN
-    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
-    EXECUTE IMMEDIATE stmt INTO cnt;
-    RETURN cnt;
-END;
-/
-
-CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
-    stmt VARCHAR(32767);cnt NUMBER;
-BEGIN
-    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
-    EXECUTE IMMEDIATE stmt INTO cnt;
-    RETURN cnt;
-END;
-/
-
-CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE(
-    v_userid IN employee.userid%type, 
-    v_first_name IN employee.first_name%type, 
-    v_last_name IN employee.last_name%type, 
-    v_ssn IN employee.ssn%type, 
-    v_title IN employee.title%type, 
-    v_phone IN employee.phone%type, 
-    v_address1 IN employee.address1%type, 
-    v_address2 IN employee.address2%type, 
-    v_manager IN employee.manager%type, 
-    v_start_date IN employee.start_date%type, 
-    v_salary IN employee.salary%type, 
-    v_ccn IN employee.ccn%type, 
-    v_ccn_limit IN employee.ccn_limit%type, 
-    v_disciplined_date IN employee.disciplined_date%type, 
-    v_disciplined_notes IN employee.disciplined_notes%type, 
-    v_personal_description IN employee.personal_description%type
-)
-AS 
-BEGIN
-    UPDATE EMPLOYEE
-    SET
-        first_name = v_first_name, 
-        last_name = v_last_name, 
-        ssn = v_ssn, 
-        title = v_title, 
-        phone = v_phone, 
-        address1 = v_address1, 
-        address2 = v_address2, 
-        manager = v_manager, 
-        start_date = v_Start_date,
-        salary = v_salary, 
-        ccn = v_ccn, 
-        ccn_limit = v_ccn_limit, 
-        disciplined_date = v_disciplined_date, 
-        disciplined_notes = v_disciplined_notes, 
-        personal_description = v_personal_description
-    WHERE
-        userid = v_userid;
-END;
-/
-
-CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE_BACKUP(
-    v_userid IN employee.userid%type, 
-    v_first_name IN employee.first_name%type, 
-    v_last_name IN employee.last_name%type, 
-    v_ssn IN employee.ssn%type, 
-    v_title IN employee.title%type, 
-    v_phone IN employee.phone%type, 
-    v_address1 IN employee.address1%type, 
-    v_address2 IN employee.address2%type, 
-    v_manager IN employee.manager%type, 
-    v_start_date IN employee.start_date%type, 
-    v_salary IN employee.salary%type, 
-    v_ccn IN employee.ccn%type, 
-    v_ccn_limit IN employee.ccn_limit%type, 
-    v_disciplined_date IN employee.disciplined_date%type, 
-    v_disciplined_notes IN employee.disciplined_notes%type, 
-    v_personal_description IN employee.personal_description%type
-)
-AS 
-BEGIN
-    UPDATE EMPLOYEE
-    SET
-        first_name = v_first_name, 
-        last_name = v_last_name, 
-        ssn = v_ssn, 
-        title = v_title, 
-        phone = v_phone, 
-        address1 = v_address1, 
-        address2 = v_address2, 
-        manager = v_manager, 
-        start_date = v_Start_date,
-        salary = v_salary, 
-        ccn = v_ccn, 
-        ccn_limit = v_ccn_limit, 
-        disciplined_date = v_disciplined_date, 
-        disciplined_notes = v_disciplined_notes, 
-        personal_description = v_personal_description
-    WHERE
-        userid = v_userid;
-END;
-/
-
-
-exit;
-
-
+DROP USER webgoat_guest CASCADE;
+CREATE USER webgoat_guest IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
+GRANT CONNECT, RESOURCE TO webgoat_guest;
+GRANT CREATE PROCEDURE TO webgoat_guest;
+
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
+    userid INT NOT NULL PRIMARY KEY,
+    first_name VARCHAR(20),
+    last_name VARCHAR(20),
+    ssn VARCHAR(12),
+    password VARCHAR(10),
+    title VARCHAR(20),
+    phone VARCHAR(13),
+    address1 VARCHAR(80),
+    address2 VARCHAR(80),
+    manager INT,
+    start_date CHAR(8),
+    salary INT,
+    ccn VARCHAR(30),
+    ccn_limit INT,
+    disciplined_date CHAR(8),
+    disciplined_notes VARCHAR(60),
+    personal_description VARCHAR(60)
+);
+
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767);cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO cnt;
+    RETURN cnt;
+END;
+/
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767);cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO cnt;
+    RETURN cnt;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+BEGIN
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE_BACKUP(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+BEGIN
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+
+exit;
+
+
diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat_sqlserver.sql b/webgoat-container/src/main/old/WEB-INF/webgoat_sqlserver.sql
similarity index 95%
rename from webgoat-container/src/main/webapp/WEB-INF/webgoat_sqlserver.sql
rename to webgoat-container/src/main/old/WEB-INF/webgoat_sqlserver.sql
index 49c32b79a..7be4b17a7 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat_sqlserver.sql
+++ b/webgoat-container/src/main/old/WEB-INF/webgoat_sqlserver.sql
@@ -1,226 +1,226 @@
-EXEC sp_configure 'clr enabled', 1
-GO
-
-RECONFIGURE
-GO
-
-USE master;
-
-go
-
-DROP LOGIN webgoat_guest;
-
-go
-
-DROP database webgoat;
-
-go
-
-
-CREATE database webgoat;
-
-go
-
-USE webgoat;
-
-go
-
-CREATE SCHEMA webgoat_guest;
-
-go
-
-CREATE LOGIN webgoat_guest with password = '_webgoat';
-
-go
-
-CREATE USER webgoat_guest with default_schema = webgoat_guest;
-
-go
-
-GRANT CONTROL TO webgoat_guest;
-
-go
-
-
-CREATE TABLE WEBGOAT_guest.EMPLOYEE (
-    userid INT NOT NULL PRIMARY KEY,
-    first_name VARCHAR(20),
-    last_name VARCHAR(20),
-    ssn VARCHAR(12),
-    password VARCHAR(10),
-    title VARCHAR(20),
-    phone VARCHAR(13),
-    address1 VARCHAR(80),
-    address2 VARCHAR(80),
-    manager INT,
-    start_date CHAR(8),
-    salary INT,
-    ccn VARCHAR(30),
-    ccn_limit INT,
-    disciplined_date CHAR(8),
-    disciplined_notes VARCHAR(60),
-    personal_description VARCHAR(60)
-);
-
-go
-
-IF EXISTS
-(
-	SELECT	1
-	FROM	INFORMATION_SCHEMA.ROUTINES
-	WHERE		ROUTINE_NAME 	= 'UPDATE_EMPLOYEE'
-		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
-		AND	ROUTINE_TYPE	= 'PROCEDURE'
-)
-BEGIN
-	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
-	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
-END
-GO
-
-CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
-    @v_userid INT,
-    @v_first_name VARCHAR(20),
-    @v_last_name VARCHAR(20),
-    @v_ssn VARCHAR(12),
-    @v_title VARCHAR(20),
-    @v_phone VARCHAR(13),
-    @v_address1 VARCHAR(80),
-    @v_address2 VARCHAR(80),
-    @v_manager INT,
-    @v_start_date CHAR(8),
-    @v_salary INT,
-    @v_ccn VARCHAR(30),
-    @v_ccn_limit INT,
-    @v_disciplined_date CHAR(8),
-    @v_disciplined_notes VARCHAR(60),
-    @v_personal_description VARCHAR(60)
-AS
-    UPDATE EMPLOYEE
-    SET
-        first_name = @v_first_name, 
-        last_name = @v_last_name, 
-        ssn = @v_ssn, 
-        title = @v_title, 
-        phone = @v_phone, 
-        address1 = @v_address1, 
-        address2 = @v_address2, 
-        manager = @v_manager, 
-        start_date = @v_Start_date,
-        salary = @v_salary, 
-        ccn = @v_ccn, 
-        ccn_limit = @v_ccn_limit, 
-        disciplined_date = @v_disciplined_date, 
-        disciplined_notes = @v_disciplined_notes, 
-        personal_description = @v_personal_description
-    WHERE
-        userid = @v_userid;
-
-go
-
-CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
-    @v_userid INT,
-    @v_first_name VARCHAR(20),
-    @v_last_name VARCHAR(20),
-    @v_ssn VARCHAR(12),
-    @v_title VARCHAR(20),
-    @v_phone VARCHAR(13),
-    @v_address1 VARCHAR(80),
-    @v_address2 VARCHAR(80),
-    @v_manager INT,
-    @v_start_date CHAR(8),
-    @v_salary INT,
-    @v_ccn VARCHAR(30),
-    @v_ccn_limit INT,
-    @v_disciplined_date CHAR(8),
-    @v_disciplined_notes VARCHAR(60),
-    @v_personal_description VARCHAR(60)
-AS
-    UPDATE EMPLOYEE
-    SET
-        first_name = @v_first_name, 
-        last_name = @v_last_name, 
-        ssn = @v_ssn, 
-        title = @v_title, 
-        phone = @v_phone, 
-        address1 = @v_address1, 
-        address2 = @v_address2, 
-        manager = @v_manager, 
-        start_date = @v_Start_date,
-        salary = @v_salary, 
-        ccn = @v_ccn, 
-        ccn_limit = @v_ccn_limit, 
-        disciplined_date = @v_disciplined_date, 
-        disciplined_notes = @v_disciplined_notes, 
-        personal_description = @v_personal_description
-    WHERE
-        userid = @v_userid;
-
-go
-
-IF EXISTS
-(
-	SELECT	1
-	FROM	INFORMATION_SCHEMA.ROUTINES
-	WHERE		ROUTINE_NAME 	= 'EMPLOYEE_LOGIN'
-		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
-		AND	ROUTINE_TYPE	= 'FUNCTION'
-)
-BEGIN
-	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN
-	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP
-END
-GO
-
-CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN (
-    @v_id INT,
-    @v_password VARCHAR(100)
-) RETURNS INTEGER
-AS
-    BEGIN
-        DECLARE @sql nvarchar(4000), @count int
-        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
-        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
-        return @count
-    END
-GO
-
-CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP (
-    @v_id INT,
-    @v_password VARCHAR(100)
-) RETURNS INTEGER
-AS
-    BEGIN
-        DECLARE @sql nvarchar(4000), @count int
-        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
-        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
-        return @count
-    END
-GO
-
-IF EXISTS
-(
-	SELECT	1
-	FROM	INFORMATION_SCHEMA.ROUTINES
-	WHERE		ROUTINE_NAME 	= 'RegexMatch'
-		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
-		AND	ROUTINE_TYPE	= 'FUNCTION'
-)
-BEGIN
-	DROP FUNCTION webgoat_guest.RegexMatch
-END
-GO
-
-IF EXISTS (SELECT name FROM sys.assemblies WHERE name = N'RegexMatch') 
-	DROP ASSEMBLY RegexMatch;
-GO
-
-CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\tomcat\webapps\WebGoat\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
-GO
-
-CREATE FUNCTION webgoat_guest.RegexMatch (
-@input NVARCHAR(MAX),
-@pattern NVARCHAR(MAX)
-) RETURNS BIT
-AS EXTERNAL NAME  RegexMatch.[UserDefinedFunctions].RegexMatch;
-GO
+EXEC sp_configure 'clr enabled', 1
+GO
+
+RECONFIGURE
+GO
+
+USE master;
+
+go
+
+DROP LOGIN webgoat_guest;
+
+go
+
+DROP database webgoat;
+
+go
+
+
+CREATE database webgoat;
+
+go
+
+USE webgoat;
+
+go
+
+CREATE SCHEMA webgoat_guest;
+
+go
+
+CREATE LOGIN webgoat_guest with password = '_webgoat';
+
+go
+
+CREATE USER webgoat_guest with default_schema = webgoat_guest;
+
+go
+
+GRANT CONTROL TO webgoat_guest;
+
+go
+
+
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
+    userid INT NOT NULL PRIMARY KEY,
+    first_name VARCHAR(20),
+    last_name VARCHAR(20),
+    ssn VARCHAR(12),
+    password VARCHAR(10),
+    title VARCHAR(20),
+    phone VARCHAR(13),
+    address1 VARCHAR(80),
+    address2 VARCHAR(80),
+    manager INT,
+    start_date CHAR(8),
+    salary INT,
+    ccn VARCHAR(30),
+    ccn_limit INT,
+    disciplined_date CHAR(8),
+    disciplined_notes VARCHAR(60),
+    personal_description VARCHAR(60)
+);
+
+go
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'UPDATE_EMPLOYEE'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'PROCEDURE'
+)
+BEGIN
+	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
+END
+GO
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+
+go
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+
+go
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'EMPLOYEE_LOGIN'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'FUNCTION'
+)
+BEGIN
+	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN
+	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP
+END
+GO
+
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @sql nvarchar(4000), @count int
+        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
+        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
+        return @count
+    END
+GO
+
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @sql nvarchar(4000), @count int
+        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
+        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
+        return @count
+    END
+GO
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'RegexMatch'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'FUNCTION'
+)
+BEGIN
+	DROP FUNCTION webgoat_guest.RegexMatch
+END
+GO
+
+IF EXISTS (SELECT name FROM sys.assemblies WHERE name = N'RegexMatch') 
+	DROP ASSEMBLY RegexMatch;
+GO
+
+CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\tomcat\webapps\WebGoat\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
+GO
+
+CREATE FUNCTION webgoat_guest.RegexMatch (
+@input NVARCHAR(MAX),
+@pattern NVARCHAR(MAX)
+) RETURNS BIT
+AS EXTERNAL NAME  RegexMatch.[UserDefinedFunctions].RegexMatch;
+GO
diff --git a/webgoat-container/src/main/webapp/database/database.prp b/webgoat-container/src/main/old/database/database.prp
similarity index 96%
rename from webgoat-container/src/main/webapp/database/database.prp
rename to webgoat-container/src/main/old/database/database.prp
index 70115d276..5767d09ff 100644
--- a/webgoat-container/src/main/webapp/database/database.prp
+++ b/webgoat-container/src/main/old/database/database.prp
@@ -1,365 +1,365 @@
-!---------------------------------------------------------------------
-!
-! BASIC PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! Path where index tables are held. Can be absolute or relative 
-! to the properties file. Defaults to tablePath.
-!
-indexPath=./indexes
-!
-! Path where system tables are held. Can be absolute or relative to 
-! the properties file. Defaults to tablePath.
-!
-systemPath=./system
-!
-! Path where database tables are held. Can be absolute or relative 
-! to the properties file. Defaults to "current" directory.
-!
-tablePath=./tables
-!
-! Path where results set tables are held. Can be absolute or relative 
-! to the properties file. Defaults to tablePath.
-!
-tmpPath=./tmp
-!
-! Non-zero means paths are relative to the properties file. 
-! Default is absolute paths for files.
-!
-relativeToProperties=1
-!
-! Alternative partitions can be defined so that tables can be placed
-! in multiple locations. Each partition is numbered: 1, 2, 3,... Tables
-! can be created on partitions using the syntax 
-!
-!   CREATE TABLE <name> ON PARTITION <number>...
-!
-! The partition count has to be supplied.
-!
-!partitionCount=2
-!
-! The locations of each partition must be supplied. These are always
-! absolute path names.
-!
-!partition1=d:/petes
-!partition2=c:/temp
-
-
-!---------------------------------------------------------------------
-!
-! TUNING PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! The amount of each column to cache, expressed either as an absolute 
-! number of rows or as a percentage figure. Defaults to 256 or 10 respectively.
-!
-! This value applies only when tables are first created. It has no effect
-! when a table is being re-opened.
-!
-cacheAmount=512
-!
-! CACHE_ROWS Must be one of CACHE_ROWS or CACHE_PERCENT. Determines whether 
-! to cache columns in tables based on an absolute number of rows, or the 
-! percentage number of rows in the table. 
-!
-! This value applies only when tables are first created. It has no effect
-! when a table is being re-opened.
-!
-cacheCondition=CACHE_ROWS
-!
-! The amount of the system tables to be cached. Defaults to 100.
-!
-! This value applies only when tables are first created. It has no effect
-! when a table is being re-opened.
-!
-!systemCacheSize=10
-!
-! Similar to cacheCondition, but applies only to the system tables.
-!
-! This value applies only when tables are first created. It has no effect
-! when a table is being re-opened.
-!
-!systemCacheCondition=CACHE_ROWS
-!
-! The percentage cache hit improvement required in order to move the 
-! cache to a new location in a column. 
-!
-! (Currently not implemented).
-!
-cacheResetPercent=10
-!
-! Non-zero means that database changes do not get written to the 
-! database immediately. See tuning.html. 
-!
-fastUpdate=0
-!
-! Percentage of free space in an index that must be present before 
-! the index reorganises itself. High values means frequent index
-! reorganisation. Low values means slow index inserts.
-!
-indexLoad=5
-!
-! The number of cache misses to include in calculations of the next 
-! base for the cache. 
-!
-! (Currently not implemented).
-!
-missesInCacheStats=100
-!
-! Non-zero means that results sets get instantiated on disk. By default
-! InstantDB holds results sets emtirely in memory (apart from Binary
-! columns). For large results sets this can be a problem. This property
-! forces all results sets to be held on disk.
-!
-resultsOnDisk=0
-!
-! Similar to cacheCondition but applies only to disk based
-! results sets. Default is CACHE_ROWS.
-!
-resultsSetCache=CACHE_ROWS
-!
-! Similar to cacheAmount but applies only to disk based
-! results sets. Default is 100.
-!
-resultsSetCacheAmount=100
-!
-! Number of rows to read into the disk read ahead buffer. 
-! Recommended to be set somewhere around 128 to 256. 
-! Default is 20.
-!
-rowCacheSize=128
-!
-! The read ahead buffer is effective at speeding up full
-! table scans. However for indexed lookups or multiple
-! simultaneous scans it is better to read a single row at
-! a time. Each table holds a small number of single row
-! buffers to improve such operations. Default is 8.
-!
-!singleRowCount=4
-!
-! Sometimes the look ahead buffer can be held by a single
-! thread even though it is not retrieveing many values from it.
-! If too many lookups retrieve data from the single row
-! buffers then it is better to flush the look ahead buffer and
-! make it available for re-use. Default is 128.
-!
-!flushAfterCacheMisses=64
-!
-! Number of rows to read ahead for system tables. By default
-! system tables cache everything, so it is wasteful to have large
-! read ahead buffers since they will very rarely be used. This
-! allows the size of the system read ahead buffers to be reduced
-! if necessary. Defaults to rowCacheSize.
-!
-!systemRows=20
-!
-! The control column in all tables normally has a large cache
-! since this speeds up all operation on that table. This can be
-! varied to either improve performance or to reduce space.
-! default is 8192.
-!
-! This value applies only when tables are first created. It has no effect
-! when a table is being re-opened.
-!
-!controlColCacheSize=512
-!
-! By default, InstantDB only does a cursory search for deleted rows during 
-! UPDATE statements. Setting searchDeletes=1 causes more detailed searches 
-! for deleted rows. This slows down UPDATE executions, but reults in more 
-! compact tables.  Default is 0.
-!
-searchDeletes=0
-!
-! The interval, in milliseconds, between checks for statement execution
-! timeouts. Default is 5000.
-!
-!timerCheck=5000
-!
-! The number of statements between checks on available memory. If set
-! to 100 (say), then every 100 statements, InstantDB will check to
-! see how much memory is still free. If too little is avilable (see
-! below) then java.lang.System.gc() is called.
-!
-! If set to zero (the default) then no memory checking takes place.
-!
-!garbageCollectStatements=100
-!
-! If InstantDB is performing period memory checks (see above) then
-! this is the value in percent of available memory that must be
-! used before System.gc() gets called.
-!
-!garbageCollectPercent=70
-
-!---------------------------------------------------------------------
-!
-! LOGGING AND DEBUGGING PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! Non-zero means include SQL statements in the export file. 
-!
-exportSQL=0
-!
-! Non-zero means trace output also directed to console. 
-! Defaults to 0.
-!
-traceConsole=1
-!
-! Relative or absolute path where exporting and tracing goes.
-!
-! NOTE - A relative path is relative to the current Java
-! runtime directory. It is *not* relative to this properties
-! file. This is regardless of the relativeToProperties
-! setting above.
-!
-traceFile=./trace.log
-!
-! Bitmap of various items that can be traced. See debug.html. 
-! Defaults to 0.
-!
-traceLevel=2
-
-!---------------------------------------------------------------------
-!
-! TRANSACTION AND RECOVERY PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! 0 means do not perform recovery on startup.
-! 1 means perform automatic recovery
-! 2 (default) means prompt the user using standard in 
-!
-recoveryPolicy=1
-!
-! Sets the level of transaction journalling. See trans.html.
-! Defaults to 1.
-!
-! 0 - No journalling takes place.
-! 1 - Normal journalling (default).
-! 2 - Full journalling.
-!
-transLevel=1
-!
-! When doing an import, defines the number of rows imported 
-! before the transaction is committed. Recommended value 8192.
-! defaults to 100.
-!
-transImports=100
-!
-! Sets the default transaction isolation level. This is a complex
-! topic, but basically, the higher the level, the more locking
-! goes on. The allowed values are:
-!
-!   TRANSACTION_READ_UNCOMMITTED = 1
-!   TRANSACTION_READ_COMMITTED   = 2
-!   TRANSACTION_REPEATABLE_READ  = 4
-!   TRANSACTION_SERIALIZABLE     = 8 (default)
-!
-! SERIALIZABLE means that InstantDB takes exclusive access to all
-! tables in a transaction until the transaction completes. Even if
-! the transaction only performs reads.
-!
-! REPEATABLE_READ transactions takes read locks for SELECTs and
-! write locks for everything else. All locks released on transaction
-! completion.
-!
-! READ_COMMITTED transactions are the same as REPEATABLE_READ 
-! except that read locks get freed on statement completion.
-!
-! READ_UNCOMMITTED transactions do not take read locks. A result
-! set can include data being modified by another transaction.
-!
-!defaultIsolationLevel=2
-
-!---------------------------------------------------------------------
-!
-! DATE, TIME AND CURRENCY PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! Number of digits after decimal point in currency outputs. Defaults to 2.
-!
-currencyDecimal=2
-!
-! Currency symbol used in currency outputs. Defaults to $.
-!
-currencySymbol=$
-!
-! Default format for date columns. Defaults to "yyyy-mm-dd".
-!
-!dateFormat=yyyy-mm-dd
-!
-! Default format for timestamp columns. Defaults to "yyyy-mm-dd hh:nn:ss.lll".
-!
-!dateTimeFormat=yyyy-mm-dd hh:nn:ss.lll
-!
-! Default format for time columns. Defaults to "hh:nn:ss.lll".
-!
-!timeFormat=hh:nn:ss.lll
-!
-! If set, then all two digit dates less than its value are interpreted 
-! as 21st century dates. 
-!
-!milleniumBoundary=50
-!
-! Set to 1 causes the date string "now" to store a full timestamp. 
-! Default is to store only the date for fields with now hour in the 
-! format string.
-!
-nowMeansTime=0
-
-!---------------------------------------------------------------------
-!
-! STRING HANDLING PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! If set to 1 then String hashes use the JDK Object.hashCode() function.
-! By default, uses InstantDB's String hashing.
-!
-altStringHashing=0
-!
-! Set to 1 to cause LIKE clauses to always perform case insensitive 
-! comparisons. 
-!
-likeIgnoreCase=0
-!
-! Same as SET LITERAL STRICT_ON. Prevents string literals being interpreted
-! as column names or numbers. Default is 0.
-!
-strictLiterals=0
-!
-! Set this value to 1 (one) if you would like PreparedStatement.setString()
-! to ignore "\" (backslash) characters when proceesing string constants.
-! When set, InstantDB will not attempt to interpret \ as the start of an
-! escape sequence. Default is 0.
-!
-!prepareIgnoresEscapes=1
-
-!---------------------------------------------------------------------
-!
-! MISCELLANEOUS PROPERTIES
-!
-!---------------------------------------------------------------------
-
-!
-! Allows selected InstantDB keywords to be un-reserved. 
-! e.g. ignoreKeywords=url,quote would allow the keywords 
-! url and quote to be used as table or column names. 
-!
-! This faciliy is provided for compatatbility reasons only.
-! It's use is not recommended AND IS NOT SUPPORTED.
-!
-!ignoreKeywords
-!
-! Non-zero means database is opened in read only mode.
-!
-readOnly=0
+!---------------------------------------------------------------------
+!
+! BASIC PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Path where index tables are held. Can be absolute or relative 
+! to the properties file. Defaults to tablePath.
+!
+indexPath=./indexes
+!
+! Path where system tables are held. Can be absolute or relative to 
+! the properties file. Defaults to tablePath.
+!
+systemPath=./system
+!
+! Path where database tables are held. Can be absolute or relative 
+! to the properties file. Defaults to "current" directory.
+!
+tablePath=./tables
+!
+! Path where results set tables are held. Can be absolute or relative 
+! to the properties file. Defaults to tablePath.
+!
+tmpPath=./tmp
+!
+! Non-zero means paths are relative to the properties file. 
+! Default is absolute paths for files.
+!
+relativeToProperties=1
+!
+! Alternative partitions can be defined so that tables can be placed
+! in multiple locations. Each partition is numbered: 1, 2, 3,... Tables
+! can be created on partitions using the syntax 
+!
+!   CREATE TABLE <name> ON PARTITION <number>...
+!
+! The partition count has to be supplied.
+!
+!partitionCount=2
+!
+! The locations of each partition must be supplied. These are always
+! absolute path names.
+!
+!partition1=d:/petes
+!partition2=c:/temp
+
+
+!---------------------------------------------------------------------
+!
+! TUNING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! The amount of each column to cache, expressed either as an absolute 
+! number of rows or as a percentage figure. Defaults to 256 or 10 respectively.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+cacheAmount=512
+!
+! CACHE_ROWS Must be one of CACHE_ROWS or CACHE_PERCENT. Determines whether 
+! to cache columns in tables based on an absolute number of rows, or the 
+! percentage number of rows in the table. 
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+cacheCondition=CACHE_ROWS
+!
+! The amount of the system tables to be cached. Defaults to 100.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!systemCacheSize=10
+!
+! Similar to cacheCondition, but applies only to the system tables.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!systemCacheCondition=CACHE_ROWS
+!
+! The percentage cache hit improvement required in order to move the 
+! cache to a new location in a column. 
+!
+! (Currently not implemented).
+!
+cacheResetPercent=10
+!
+! Non-zero means that database changes do not get written to the 
+! database immediately. See tuning.html. 
+!
+fastUpdate=0
+!
+! Percentage of free space in an index that must be present before 
+! the index reorganises itself. High values means frequent index
+! reorganisation. Low values means slow index inserts.
+!
+indexLoad=5
+!
+! The number of cache misses to include in calculations of the next 
+! base for the cache. 
+!
+! (Currently not implemented).
+!
+missesInCacheStats=100
+!
+! Non-zero means that results sets get instantiated on disk. By default
+! InstantDB holds results sets emtirely in memory (apart from Binary
+! columns). For large results sets this can be a problem. This property
+! forces all results sets to be held on disk.
+!
+resultsOnDisk=0
+!
+! Similar to cacheCondition but applies only to disk based
+! results sets. Default is CACHE_ROWS.
+!
+resultsSetCache=CACHE_ROWS
+!
+! Similar to cacheAmount but applies only to disk based
+! results sets. Default is 100.
+!
+resultsSetCacheAmount=100
+!
+! Number of rows to read into the disk read ahead buffer. 
+! Recommended to be set somewhere around 128 to 256. 
+! Default is 20.
+!
+rowCacheSize=128
+!
+! The read ahead buffer is effective at speeding up full
+! table scans. However for indexed lookups or multiple
+! simultaneous scans it is better to read a single row at
+! a time. Each table holds a small number of single row
+! buffers to improve such operations. Default is 8.
+!
+!singleRowCount=4
+!
+! Sometimes the look ahead buffer can be held by a single
+! thread even though it is not retrieveing many values from it.
+! If too many lookups retrieve data from the single row
+! buffers then it is better to flush the look ahead buffer and
+! make it available for re-use. Default is 128.
+!
+!flushAfterCacheMisses=64
+!
+! Number of rows to read ahead for system tables. By default
+! system tables cache everything, so it is wasteful to have large
+! read ahead buffers since they will very rarely be used. This
+! allows the size of the system read ahead buffers to be reduced
+! if necessary. Defaults to rowCacheSize.
+!
+!systemRows=20
+!
+! The control column in all tables normally has a large cache
+! since this speeds up all operation on that table. This can be
+! varied to either improve performance or to reduce space.
+! default is 8192.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!controlColCacheSize=512
+!
+! By default, InstantDB only does a cursory search for deleted rows during 
+! UPDATE statements. Setting searchDeletes=1 causes more detailed searches 
+! for deleted rows. This slows down UPDATE executions, but reults in more 
+! compact tables.  Default is 0.
+!
+searchDeletes=0
+!
+! The interval, in milliseconds, between checks for statement execution
+! timeouts. Default is 5000.
+!
+!timerCheck=5000
+!
+! The number of statements between checks on available memory. If set
+! to 100 (say), then every 100 statements, InstantDB will check to
+! see how much memory is still free. If too little is avilable (see
+! below) then java.lang.System.gc() is called.
+!
+! If set to zero (the default) then no memory checking takes place.
+!
+!garbageCollectStatements=100
+!
+! If InstantDB is performing period memory checks (see above) then
+! this is the value in percent of available memory that must be
+! used before System.gc() gets called.
+!
+!garbageCollectPercent=70
+
+!---------------------------------------------------------------------
+!
+! LOGGING AND DEBUGGING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Non-zero means include SQL statements in the export file. 
+!
+exportSQL=0
+!
+! Non-zero means trace output also directed to console. 
+! Defaults to 0.
+!
+traceConsole=1
+!
+! Relative or absolute path where exporting and tracing goes.
+!
+! NOTE - A relative path is relative to the current Java
+! runtime directory. It is *not* relative to this properties
+! file. This is regardless of the relativeToProperties
+! setting above.
+!
+traceFile=./trace.log
+!
+! Bitmap of various items that can be traced. See debug.html. 
+! Defaults to 0.
+!
+traceLevel=2
+
+!---------------------------------------------------------------------
+!
+! TRANSACTION AND RECOVERY PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! 0 means do not perform recovery on startup.
+! 1 means perform automatic recovery
+! 2 (default) means prompt the user using standard in 
+!
+recoveryPolicy=1
+!
+! Sets the level of transaction journalling. See trans.html.
+! Defaults to 1.
+!
+! 0 - No journalling takes place.
+! 1 - Normal journalling (default).
+! 2 - Full journalling.
+!
+transLevel=1
+!
+! When doing an import, defines the number of rows imported 
+! before the transaction is committed. Recommended value 8192.
+! defaults to 100.
+!
+transImports=100
+!
+! Sets the default transaction isolation level. This is a complex
+! topic, but basically, the higher the level, the more locking
+! goes on. The allowed values are:
+!
+!   TRANSACTION_READ_UNCOMMITTED = 1
+!   TRANSACTION_READ_COMMITTED   = 2
+!   TRANSACTION_REPEATABLE_READ  = 4
+!   TRANSACTION_SERIALIZABLE     = 8 (default)
+!
+! SERIALIZABLE means that InstantDB takes exclusive access to all
+! tables in a transaction until the transaction completes. Even if
+! the transaction only performs reads.
+!
+! REPEATABLE_READ transactions takes read locks for SELECTs and
+! write locks for everything else. All locks released on transaction
+! completion.
+!
+! READ_COMMITTED transactions are the same as REPEATABLE_READ 
+! except that read locks get freed on statement completion.
+!
+! READ_UNCOMMITTED transactions do not take read locks. A result
+! set can include data being modified by another transaction.
+!
+!defaultIsolationLevel=2
+
+!---------------------------------------------------------------------
+!
+! DATE, TIME AND CURRENCY PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Number of digits after decimal point in currency outputs. Defaults to 2.
+!
+currencyDecimal=2
+!
+! Currency symbol used in currency outputs. Defaults to $.
+!
+currencySymbol=$
+!
+! Default format for date columns. Defaults to "yyyy-mm-dd".
+!
+!dateFormat=yyyy-mm-dd
+!
+! Default format for timestamp columns. Defaults to "yyyy-mm-dd hh:nn:ss.lll".
+!
+!dateTimeFormat=yyyy-mm-dd hh:nn:ss.lll
+!
+! Default format for time columns. Defaults to "hh:nn:ss.lll".
+!
+!timeFormat=hh:nn:ss.lll
+!
+! If set, then all two digit dates less than its value are interpreted 
+! as 21st century dates. 
+!
+!milleniumBoundary=50
+!
+! Set to 1 causes the date string "now" to store a full timestamp. 
+! Default is to store only the date for fields with now hour in the 
+! format string.
+!
+nowMeansTime=0
+
+!---------------------------------------------------------------------
+!
+! STRING HANDLING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! If set to 1 then String hashes use the JDK Object.hashCode() function.
+! By default, uses InstantDB's String hashing.
+!
+altStringHashing=0
+!
+! Set to 1 to cause LIKE clauses to always perform case insensitive 
+! comparisons. 
+!
+likeIgnoreCase=0
+!
+! Same as SET LITERAL STRICT_ON. Prevents string literals being interpreted
+! as column names or numbers. Default is 0.
+!
+strictLiterals=0
+!
+! Set this value to 1 (one) if you would like PreparedStatement.setString()
+! to ignore "\" (backslash) characters when proceesing string constants.
+! When set, InstantDB will not attempt to interpret \ as the start of an
+! escape sequence. Default is 0.
+!
+!prepareIgnoresEscapes=1
+
+!---------------------------------------------------------------------
+!
+! MISCELLANEOUS PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Allows selected InstantDB keywords to be un-reserved. 
+! e.g. ignoreKeywords=url,quote would allow the keywords 
+! url and quote to be used as table or column names. 
+!
+! This faciliy is provided for compatatbility reasons only.
+! It's use is not recommended AND IS NOT SUPPORTED.
+!
+!ignoreKeywords
+!
+! Non-zero means database is opened in read only mode.
+!
+readOnly=0
diff --git a/webgoat-container/src/main/webapp/index.jsp b/webgoat-container/src/main/old/index.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/index.jsp
rename to webgoat-container/src/main/old/index.jsp
diff --git a/webgoat-container/src/main/webapp/lesson_content.jsp b/webgoat-container/src/main/old/lesson_content.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/lesson_content.jsp
rename to webgoat-container/src/main/old/lesson_content.jsp
diff --git a/webgoat-container/src/main/webapp/lessons/ConfManagement/config.jsp b/webgoat-container/src/main/old/lessons/ConfManagement/config.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/lessons/ConfManagement/config.jsp
rename to webgoat-container/src/main/old/lessons/ConfManagement/config.jsp
diff --git a/webgoat-container/src/main/webapp/main.jsp b/webgoat-container/src/main/old/main.jsp
similarity index 98%
rename from webgoat-container/src/main/webapp/main.jsp
rename to webgoat-container/src/main/old/main.jsp
index 7d21b84ca..e66d05858 100644
--- a/webgoat-container/src/main/webapp/main.jsp
+++ b/webgoat-container/src/main/old/main.jsp
@@ -1,292 +1,292 @@
-<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
-         import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*" 
-         errorPage=""  %>
-<%
-    WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION));
-    Course course = webSession.getCourse();
-    AbstractLesson currentLesson = webSession.getCurrentLesson();
-    LabelManager labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
-%>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
-<html xmlns="http://www.w3.org/1999/xhtml">
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-        <title><%=currentLesson.getTitle()%></title>
-        <link rel="stylesheet" href="css/webgoat.css" type="text/css" />
-        <link rel="stylesheet" href="css/lesson.css" type="text/css" />
-        <link rel="stylesheet" href="css/menu.css" type="text/css" />
-        <link rel="stylesheet" href="css/layers.css" type="text/css" />
-        <script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
-        <script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
-        <script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
-        <script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
-        <script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
-    </head>
-    <%
-        final String menuPrefix = WebSession.MENU;
-        final String submenuPrefix = "submenu";
-        final String mbutPrefix = "mbut";
-        String printHint = "";
-        String printParameters = "";
-        String printCookies = "";
-        String lessonComplete = "<img src=\"images/buttons/lessonComplete.jpg\">";
-
-        List categories = course.getCategories();
-
-        StringBuffer buildList = new StringBuffer();
-
-        Iterator iter1 = categories.iterator();
-        while (iter1.hasNext()) {
-            Category category = (Category) iter1.next();
-
-            buildList.append("'");
-            buildList.append(menuPrefix);
-            buildList.append(category.getRanking());
-            buildList.append("','");
-            buildList.append(submenuPrefix);
-            buildList.append(category.getRanking());
-            buildList.append("','");
-            buildList.append(mbutPrefix);
-            buildList.append(category.getRanking());
-            buildList.append("'");
-
-            if (iter1.hasNext()) {
-                buildList.append(",");
-            }
-        }%>
-    <body class="page" onload="setMenuMagic1(10, 40, 10, 'menubottom',<%=buildList%>);
-        trigMM1url('<%= menuPrefix%>', 1);
-        MM_preloadImages('images/buttons/hintLeftOver.jpg', 'images/buttons/hintOver.jpg', 'images/buttons/hintRightOver.jpg', 'images/buttons/paramsOver.jpg', 'images/buttons/htmlOver.jpg', 'images/buttons/cookiesOver.jpg', 'images/buttons/javaOver.jpg', 'images/buttons/plansOver.jpg', 'images/buttons/logout.jpg', 'images/buttons/helpOver.jpg');
-        initIframe();">
-
-        <div id="wrap">
-            <%
-                int topCord = 140;
-                int zIndex = 105;
-
-                Iterator iter2 = categories.iterator();
-                while (iter2.hasNext()) {
-                    Category category = (Category) iter2.next();
-            %>
-            <div id="<%=menuPrefix + category.getRanking()%>" style="position:absolute; left:30px; top:<%=topCord%>px; width:160px; z-index:<%=zIndex%>"><a href="javascript:;" onclick="trigMenuMagic1('<%=menuPrefix + category.getRanking()%>', 1);
-                        return false" onfocus="if (this.blur)
-                                    this.blur()"><img src="images/menu_images/1x1.gif" width="1" height=1"20" name="mbut<%=category.getRanking()%>" border="0" alt=""/><%=category.getName()%></a></div>
-                <%
-                        topCord = topCord + 30;
-                        zIndex = zIndex + 1;
-                    }
-
-                    int topSubMenu = 72;
-
-                    Iterator iter3 = categories.iterator();
-                    while (iter3.hasNext()) {
-                        Category category = (Category) iter3.next();
-                        List lessons = webSession.getLessons(category);
-                        Iterator iter4 = lessons.iterator();
-                %>    
-            <div id="submenu<%=category.getRanking()%>" class="pviimenudiv" style="position:absolute; left:200px; top:<%=topSubMenu%>px; width:150px; visibility: hidden; z-index:<%=zIndex%>">
-                <table width="150" border="0" cellspacing="6" cellpadding="0"><%
-
-                    topSubMenu = topSubMenu + 30;
-                    zIndex = zIndex + 1;
-
-                    while (iter4.hasNext()) {
-                        AbstractLesson lesson = (AbstractLesson) iter4.next();
-
-                    %><tr>
-                        <td><%=(lesson.isCompleted(webSession) ? lessonComplete : "")%><a href="<%=lesson.getLink()%>"><%=lesson.getTitle()%></a></td>
-                    </tr>
-                    <% if (lesson instanceof RandomLessonAdapter) {
-                            RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
-                            String[] stages = rla.getStages();
-                            if (stages != null)
-                                for (int i = 0; i < stages.length; i++) {
-                    %>
-                    <tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "/" + (i + 1)%>">Stage <%=i + 1%>: <%=stages[i]%></a>
-                        </td></tr>
-                        <%
-                                    }
-                            }
-                        %>
-                        <%
-                            }
-                        %>
-                </table>
-            </div><%
-                    }%>
-            <div id="top"></div>
-            <div id="topLeft">
-                <div align="left">
-                    <% if (currentLesson.getAvailableLanguages().size() != 0) {
-                    %>
-                    <form method="get" action="attack" style="display: inline;">
-                        Choose another language: <select name="language" size="1"
-                                                         onChange="changeLanguage();">
-                            <%
-                                for (String lang : currentLesson.getAvailableLanguages()) {
-                            %>
-                            <option value="<%=lang%>"
-                                    <% if (webSession.getCurrrentLanguage().equals(lang)) {
-                                        out.println("selected");
-                                    }%>><%=lang%>
-                            </option>
-                            <%
-
-                                }
-                            %>
-                        </select></form>
-                        <%
-                        } else {
-                        %>
-                    Internationalization is not available for this lesson
-                    <%
-                        }
-                    %>
-                </div></div>
-            <div align="right" id="topRight">
-                <a href="j_spring_security_logout" onmouseout="MM_swapImgRestore()"
-                   onmouseover="MM_swapImage('logout', '', 'images/buttons/logoutOver.jpg', 1)"><img
-                        src="images/buttons/logout.jpg" alt="LogOut" name="logout" width="45"
-                        height="22" border="0" id="logout" /></a> <a href="#getFAQ()"
-                                                             onmouseout="MM_swapImgRestore()"
-                                                             onmouseover="MM_swapImage('help', '', 'images/buttons/helpOver.jpg', 1)"><img
-                        src="images/buttons/help.jpg" alt="Help" name="help" width="22"
-                        height="22" border="0" id="help" /></a>
-            </div>
-            <div id="lessonTitle" align="right"><%=currentLesson.getTitle()%></div>
-            <div id="hMenuBar">
-                <%
-                    if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWHINTS)) {
-                %>
-                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=PreviousHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintLeft', '', 1)" 
-                   onmouseover="MM_nbGroup('over', 'hintLeft', 'images/buttons/hintLeftOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/hintLeft.jpg" alt="Previous Hint" name="hintLeft" width="20" height="20" border="0" id="hintLeft"/>
-                </a>
-                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hint', '', 1)" 
-                   onmouseover="MM_nbGroup('over', 'hint', 'images/buttons/hintOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/hint.jpg" alt="Hints" name="hint" width="35" height="20" border="0" id="hint"/>
-                </a>
-                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintRight', '', 1)" 
-                   onmouseover="MM_nbGroup('over', 'hintRight', 'images/buttons/hintRightOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/hintRight.jpg" alt="Next Hint" name="hintRight" width="20" height="20" border="0" id="hintRight"/>
-                </a>
-                <%}%>
-                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=Params" target="_top" onclick="MM_nbGroup('down', 'group1', 'params', '', 1)" 
-                   onmouseover="MM_nbGroup('over', 'params', 'images/buttons/paramsOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink()%>&show=Params" width="87" height="20" border="0" id="params"/>
-                </a>
-                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=Cookies" target="_top" onclick="MM_nbGroup('down', 'group1', 'cookies', '', 1)" 
-                   onmouseover="MM_nbGroup('over', 'cookies', 'images/buttons/cookiesOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/cookies.jpg" alt="Show Cookies" name="cookies" width="99" height="20" border="0" id="cookies"/>
-                </a>
-                <a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)" 
-                   onmouseover="MM_nbGroup('over', 'plans', 'images/buttons/plansOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/plans.jpg" alt="Lesson Plans" width="89" height="20" border="0" id="plans"/>
-                </a>
-                <%
-                    if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWSOURCE)) {
-                %>
-                <a href="source" onclick="makeWindow(this.href + '?source=true', 'Java Source');
-                                        return false;" target="javaWin"
-                   onmouseover="MM_nbGroup('over', 'java', 'images/buttons/javaOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/java.jpg" alt="Show Java" name="java" width="75" height="20" border="0" id="java"/>
-                </a>
-                <a href="source" onclick="makeWindow(this.href + '?solution=true', 'Java Solution');
-                                        return false;" target="javaWin"
-                   onmouseover="MM_nbGroup('over', 'solutions', 'images/buttons/solutionsOver.jpg', '', 1)" 
-                   onmouseout="MM_nbGroup('out')">
-                    <img src="images/buttons/solutions.jpg" alt="Show Solution" name="solutions" width="73" height="20" border="0" id="solutions"/>
-                </a>
-                <%}%>
-
-            </div>
-            <div id="twoCol">
-                <div id="menuSpacer"></div>
-                <div id="lessonAreaTop">
-                    <%
-                        if (currentLesson != null) {
-                    %>
-                    <div id="training_wrap">
-                        <div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=labelManager.get("SolutionVideos")%></a></div>
-                        <div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=labelManager.get("RestartLesson")%></a></div>
-                    </div>
-                    <%
-                        }
-                    %>
-                </div>
-                <div id="lessonArea">
-                    <%
-                        if (webSession.getHint() != null) {
-                            printHint = "<div id=\"hint\" class=\"info\">" + webSession.getHint() + "</div><br>";
-                            out.println(printHint);
-                        }
-
-                        if (webSession.getParams() != null) {
-                            Iterator i = webSession.getParams().iterator();
-                            while (i.hasNext()) {
-                                Parameter p = (Parameter) i.next();
-                                printParameters = "<div id=\"parameter\" class=\"info\">" + p.getName() + "=" + p.getValue() + "</div><br>";
-                                out.println(printParameters);
-                            }
-                        }
-
-                        if (webSession.getCookies() != null) {
-                            Iterator i = webSession.getCookies().iterator();
-                            while (i.hasNext()) {
-                                Cookie c = (Cookie) i.next();
-                                printCookies = "<div id=\"cookie\" class=\"info\">" + c.getName() + " <img src=\"images/icons/rightArrow.jpg\" alt=\"\"> " + c.getValue() + "</div><br>";
-                                out.println(printCookies);
-                                }
-                            }%>
-                    <div id="lessonPlans" style="visibility:hidden; height:1px; position:absolute; left:260px; top:130px; width:425px; z-index:105;"><%=currentLesson.getLessonPlan(webSession)%>
-                        <br/>
-                        <br/>
-                        <a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)">Close this Window</a>
-                    </div>
-                    <div id="lessonContent">
-                        <%
-                            AbstractLesson lesson = webSession.getCurrentLesson();
-                            if (lesson instanceof RandomLessonAdapter) {
-                                RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
-                        %>
-                        <div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1%></div>
-                        <%
-                            }
-                        %>
-                        <%=webSession.getInstructions()%></div>
-                    <div id="message" class="info"><%=webSession.getMessage()%></div>
-
-                    <%
-                        if (currentLesson.getTemplatePage(webSession) != null) {
-                            //System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
-                            //System.out.println("         - template Page: " + currentLesson.getTemplatePage(webSession));
-%>
-                    <jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
-                    <%
-                    } else {
-                    %>
-                    <div id="lessonContent"><%=currentLesson.getContent()%></div>
-                    <%
-                        }
-                    %>
-                </div>
-            </div>
-
-            <div id="bottom">
-                <div align="center"><a href="http://www.owasp.org">OWASP Foundation</a> | 
-                    <a href="http://www.owasp.org/index.php/OWASP_WebGoat_Project">Project WebGoat</a> | 
-                    <a href="reportBug.jsp">Report Bug</a>
-                </div>
-            </div>
-        </div>
-    </body>
-</html>
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+         import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*" 
+         errorPage=""  %>
+<%
+    WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION));
+    Course course = webSession.getCourse();
+    AbstractLesson currentLesson = webSession.getCurrentLesson();
+    LabelManager labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
+<html xmlns="http://www.w3.org/1999/xhtml">
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+        <title><%=currentLesson.getTitle()%></title>
+        <link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+        <link rel="stylesheet" href="css/lesson.css" type="text/css" />
+        <link rel="stylesheet" href="css/menu.css" type="text/css" />
+        <link rel="stylesheet" href="css/layers.css" type="text/css" />
+        <script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
+        <script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
+        <script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
+        <script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
+        <script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
+    </head>
+    <%
+        final String menuPrefix = WebSession.MENU;
+        final String submenuPrefix = "submenu";
+        final String mbutPrefix = "mbut";
+        String printHint = "";
+        String printParameters = "";
+        String printCookies = "";
+        String lessonComplete = "<img src=\"images/buttons/lessonComplete.jpg\">";
+
+        List categories = course.getCategories();
+
+        StringBuffer buildList = new StringBuffer();
+
+        Iterator iter1 = categories.iterator();
+        while (iter1.hasNext()) {
+            Category category = (Category) iter1.next();
+
+            buildList.append("'");
+            buildList.append(menuPrefix);
+            buildList.append(category.getRanking());
+            buildList.append("','");
+            buildList.append(submenuPrefix);
+            buildList.append(category.getRanking());
+            buildList.append("','");
+            buildList.append(mbutPrefix);
+            buildList.append(category.getRanking());
+            buildList.append("'");
+
+            if (iter1.hasNext()) {
+                buildList.append(",");
+            }
+        }%>
+    <body class="page" onload="setMenuMagic1(10, 40, 10, 'menubottom',<%=buildList%>);
+        trigMM1url('<%= menuPrefix%>', 1);
+        MM_preloadImages('images/buttons/hintLeftOver.jpg', 'images/buttons/hintOver.jpg', 'images/buttons/hintRightOver.jpg', 'images/buttons/paramsOver.jpg', 'images/buttons/htmlOver.jpg', 'images/buttons/cookiesOver.jpg', 'images/buttons/javaOver.jpg', 'images/buttons/plansOver.jpg', 'images/buttons/logout.jpg', 'images/buttons/helpOver.jpg');
+        initIframe();">
+
+        <div id="wrap">
+            <%
+                int topCord = 140;
+                int zIndex = 105;
+
+                Iterator iter2 = categories.iterator();
+                while (iter2.hasNext()) {
+                    Category category = (Category) iter2.next();
+            %>
+            <div id="<%=menuPrefix + category.getRanking()%>" style="position:absolute; left:30px; top:<%=topCord%>px; width:160px; z-index:<%=zIndex%>"><a href="javascript:;" onclick="trigMenuMagic1('<%=menuPrefix + category.getRanking()%>', 1);
+                        return false" onfocus="if (this.blur)
+                                    this.blur()"><img src="images/menu_images/1x1.gif" width="1" height=1"20" name="mbut<%=category.getRanking()%>" border="0" alt=""/><%=category.getName()%></a></div>
+                <%
+                        topCord = topCord + 30;
+                        zIndex = zIndex + 1;
+                    }
+
+                    int topSubMenu = 72;
+
+                    Iterator iter3 = categories.iterator();
+                    while (iter3.hasNext()) {
+                        Category category = (Category) iter3.next();
+                        List lessons = webSession.getLessons(category);
+                        Iterator iter4 = lessons.iterator();
+                %>    
+            <div id="submenu<%=category.getRanking()%>" class="pviimenudiv" style="position:absolute; left:200px; top:<%=topSubMenu%>px; width:150px; visibility: hidden; z-index:<%=zIndex%>">
+                <table width="150" border="0" cellspacing="6" cellpadding="0"><%
+
+                    topSubMenu = topSubMenu + 30;
+                    zIndex = zIndex + 1;
+
+                    while (iter4.hasNext()) {
+                        AbstractLesson lesson = (AbstractLesson) iter4.next();
+
+                    %><tr>
+                        <td><%=(lesson.isCompleted(webSession) ? lessonComplete : "")%><a href="<%=lesson.getLink()%>"><%=lesson.getTitle()%></a></td>
+                    </tr>
+                    <% if (lesson instanceof RandomLessonAdapter) {
+                            RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
+                            String[] stages = rla.getStages();
+                            if (stages != null)
+                                for (int i = 0; i < stages.length; i++) {
+                    %>
+                    <tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "/" + (i + 1)%>">Stage <%=i + 1%>: <%=stages[i]%></a>
+                        </td></tr>
+                        <%
+                                    }
+                            }
+                        %>
+                        <%
+                            }
+                        %>
+                </table>
+            </div><%
+                    }%>
+            <div id="top"></div>
+            <div id="topLeft">
+                <div align="left">
+                    <% if (currentLesson.getAvailableLanguages().size() != 0) {
+                    %>
+                    <form method="get" action="attack" style="display: inline;">
+                        Choose another language: <select name="language" size="1"
+                                                         onChange="changeLanguage();">
+                            <%
+                                for (String lang : currentLesson.getAvailableLanguages()) {
+                            %>
+                            <option value="<%=lang%>"
+                                    <% if (webSession.getCurrrentLanguage().equals(lang)) {
+                                        out.println("selected");
+                                    }%>><%=lang%>
+                            </option>
+                            <%
+
+                                }
+                            %>
+                        </select></form>
+                        <%
+                        } else {
+                        %>
+                    Internationalization is not available for this lesson
+                    <%
+                        }
+                    %>
+                </div></div>
+            <div align="right" id="topRight">
+                <a href="j_spring_security_logout" onmouseout="MM_swapImgRestore()"
+                   onmouseover="MM_swapImage('logout', '', 'images/buttons/logoutOver.jpg', 1)"><img
+                        src="images/buttons/logout.jpg" alt="LogOut" name="logout" width="45"
+                        height="22" border="0" id="logout" /></a> <a href="#getFAQ()"
+                                                             onmouseout="MM_swapImgRestore()"
+                                                             onmouseover="MM_swapImage('help', '', 'images/buttons/helpOver.jpg', 1)"><img
+                        src="images/buttons/help.jpg" alt="Help" name="help" width="22"
+                        height="22" border="0" id="help" /></a>
+            </div>
+            <div id="lessonTitle" align="right"><%=currentLesson.getTitle()%></div>
+            <div id="hMenuBar">
+                <%
+                    if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWHINTS)) {
+                %>
+                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=PreviousHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintLeft', '', 1)" 
+                   onmouseover="MM_nbGroup('over', 'hintLeft', 'images/buttons/hintLeftOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/hintLeft.jpg" alt="Previous Hint" name="hintLeft" width="20" height="20" border="0" id="hintLeft"/>
+                </a>
+                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hint', '', 1)" 
+                   onmouseover="MM_nbGroup('over', 'hint', 'images/buttons/hintOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/hint.jpg" alt="Hints" name="hint" width="35" height="20" border="0" id="hint"/>
+                </a>
+                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintRight', '', 1)" 
+                   onmouseover="MM_nbGroup('over', 'hintRight', 'images/buttons/hintRightOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/hintRight.jpg" alt="Next Hint" name="hintRight" width="20" height="20" border="0" id="hintRight"/>
+                </a>
+                <%}%>
+                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=Params" target="_top" onclick="MM_nbGroup('down', 'group1', 'params', '', 1)" 
+                   onmouseover="MM_nbGroup('over', 'params', 'images/buttons/paramsOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink()%>&show=Params" width="87" height="20" border="0" id="params"/>
+                </a>
+                <a href="<%= webSession.getCurrentLesson().getLink()%>&show=Cookies" target="_top" onclick="MM_nbGroup('down', 'group1', 'cookies', '', 1)" 
+                   onmouseover="MM_nbGroup('over', 'cookies', 'images/buttons/cookiesOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/cookies.jpg" alt="Show Cookies" name="cookies" width="99" height="20" border="0" id="cookies"/>
+                </a>
+                <a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)" 
+                   onmouseover="MM_nbGroup('over', 'plans', 'images/buttons/plansOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/plans.jpg" alt="Lesson Plans" width="89" height="20" border="0" id="plans"/>
+                </a>
+                <%
+                    if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWSOURCE)) {
+                %>
+                <a href="source" onclick="makeWindow(this.href + '?source=true', 'Java Source');
+                                        return false;" target="javaWin"
+                   onmouseover="MM_nbGroup('over', 'java', 'images/buttons/javaOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/java.jpg" alt="Show Java" name="java" width="75" height="20" border="0" id="java"/>
+                </a>
+                <a href="source" onclick="makeWindow(this.href + '?solution=true', 'Java Solution');
+                                        return false;" target="javaWin"
+                   onmouseover="MM_nbGroup('over', 'solutions', 'images/buttons/solutionsOver.jpg', '', 1)" 
+                   onmouseout="MM_nbGroup('out')">
+                    <img src="images/buttons/solutions.jpg" alt="Show Solution" name="solutions" width="73" height="20" border="0" id="solutions"/>
+                </a>
+                <%}%>
+
+            </div>
+            <div id="twoCol">
+                <div id="menuSpacer"></div>
+                <div id="lessonAreaTop">
+                    <%
+                        if (currentLesson != null) {
+                    %>
+                    <div id="training_wrap">
+                        <div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=labelManager.get("SolutionVideos")%></a></div>
+                        <div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=labelManager.get("RestartLesson")%></a></div>
+                    </div>
+                    <%
+                        }
+                    %>
+                </div>
+                <div id="lessonArea">
+                    <%
+                        if (webSession.getHint() != null) {
+                            printHint = "<div id=\"hint\" class=\"info\">" + webSession.getHint() + "</div><br>";
+                            out.println(printHint);
+                        }
+
+                        if (webSession.getParams() != null) {
+                            Iterator i = webSession.getParams().iterator();
+                            while (i.hasNext()) {
+                                Parameter p = (Parameter) i.next();
+                                printParameters = "<div id=\"parameter\" class=\"info\">" + p.getName() + "=" + p.getValue() + "</div><br>";
+                                out.println(printParameters);
+                            }
+                        }
+
+                        if (webSession.getCookies() != null) {
+                            Iterator i = webSession.getCookies().iterator();
+                            while (i.hasNext()) {
+                                Cookie c = (Cookie) i.next();
+                                printCookies = "<div id=\"cookie\" class=\"info\">" + c.getName() + " <img src=\"images/icons/rightArrow.jpg\" alt=\"\"> " + c.getValue() + "</div><br>";
+                                out.println(printCookies);
+                                }
+                            }%>
+                    <div id="lessonPlans" style="visibility:hidden; height:1px; position:absolute; left:260px; top:130px; width:425px; z-index:105;"><%=currentLesson.getLessonPlan(webSession)%>
+                        <br/>
+                        <br/>
+                        <a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)">Close this Window</a>
+                    </div>
+                    <div id="lessonContent">
+                        <%
+                            AbstractLesson lesson = webSession.getCurrentLesson();
+                            if (lesson instanceof RandomLessonAdapter) {
+                                RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
+                        %>
+                        <div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1%></div>
+                        <%
+                            }
+                        %>
+                        <%=webSession.getInstructions()%></div>
+                    <div id="message" class="info"><%=webSession.getMessage()%></div>
+
+                    <%
+                        if (currentLesson.getTemplatePage(webSession) != null) {
+                            //System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
+                            //System.out.println("         - template Page: " + currentLesson.getTemplatePage(webSession));
+%>
+                    <jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
+                    <%
+                    } else {
+                    %>
+                    <div id="lessonContent"><%=currentLesson.getContent()%></div>
+                    <%
+                        }
+                    %>
+                </div>
+            </div>
+
+            <div id="bottom">
+                <div align="center"><a href="http://www.owasp.org">OWASP Foundation</a> | 
+                    <a href="http://www.owasp.org/index.php/OWASP_WebGoat_Project">Project WebGoat</a> | 
+                    <a href="reportBug.jsp">Report Bug</a>
+                </div>
+            </div>
+        </div>
+    </body>
+</html>
diff --git a/webgoat-container/src/main/webapp/plugin_lessons/ReadMe.txt b/webgoat-container/src/main/old/plugin_lessons/ReadMe.txt
similarity index 100%
rename from webgoat-container/src/main/webapp/plugin_lessons/ReadMe.txt
rename to webgoat-container/src/main/old/plugin_lessons/ReadMe.txt
diff --git a/webgoat-container/src/main/old/plugin_lessons/command-injection-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/command-injection-1.0.jar
new file mode 100644
index 000000000..0dfd22c05
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/command-injection-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/common-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/common-1.0.jar
new file mode 100644
index 000000000..7ef3bbfa3
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/common-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/cross-site-scripting-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/cross-site-scripting-1.0.jar
new file mode 100644
index 000000000..04cb8aa8c
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/cross-site-scripting-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/csrf-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/csrf-1.0.jar
new file mode 100644
index 000000000..690e67704
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/csrf-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/csrf-prompt-by-pass-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/csrf-prompt-by-pass-1.0.jar
new file mode 100644
index 000000000..29f77c5cd
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/csrf-prompt-by-pass-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/goat-hills-financial-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/goat-hills-financial-1.0.jar
new file mode 100644
index 000000000..2ec2f5017
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/goat-hills-financial-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/soap-request-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/soap-request-1.0.jar
new file mode 100644
index 000000000..21b0f4b5e
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/soap-request-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/ws-sql-injection-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/ws-sql-injection-1.0.jar
new file mode 100644
index 000000000..764a2d7c1
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/ws-sql-injection-1.0.jar differ
diff --git a/webgoat-container/src/main/old/plugin_lessons/wsdl-scanning-1.0.jar b/webgoat-container/src/main/old/plugin_lessons/wsdl-scanning-1.0.jar
new file mode 100644
index 000000000..79685c461
Binary files /dev/null and b/webgoat-container/src/main/old/plugin_lessons/wsdl-scanning-1.0.jar differ
diff --git a/webgoat-container/src/main/webapp/reportBug.jsp b/webgoat-container/src/main/old/reportBug.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/reportBug.jsp
rename to webgoat-container/src/main/old/reportBug.jsp
diff --git a/webgoat-container/src/main/webapp/sideWindow.jsp b/webgoat-container/src/main/old/sideWindow.jsp
similarity index 96%
rename from webgoat-container/src/main/webapp/sideWindow.jsp
rename to webgoat-container/src/main/old/sideWindow.jsp
index b9766a0a6..e52657514 100644
--- a/webgoat-container/src/main/webapp/sideWindow.jsp
+++ b/webgoat-container/src/main/old/sideWindow.jsp
@@ -1,28 +1,28 @@
-<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
-	import="org.owasp.webgoat.session.WebSession" 
-	errorPage="" %>
-
-<%
-WebSession webSession = ((WebSession)session.getAttribute("websession"));
-%>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-<title>Untitled Document</title>
-<link href="css/webgoat.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-	<div id=#wrap>
-	<%
-			String source = webSession.getSource();
-			if (source != null)
-			{
-				String printSource = "<div id=\"source\">" + source + "</div><br>";
-				out.println(printSource);
-			}
-	%>
-	</div>
-</body>
-</html>
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.WebSession" 
+	errorPage="" %>
+
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Untitled Document</title>
+<link href="css/webgoat.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+	<div id=#wrap>
+	<%
+			String source = webSession.getSource();
+			if (source != null)
+			{
+				String printSource = "<div id=\"source\">" + source + "</div><br>";
+				out.println(printSource);
+			}
+	%>
+	</div>
+</body>
+</html>
diff --git a/webgoat-container/src/main/webapp/users/ReadMe.txt b/webgoat-container/src/main/old/users/ReadMe.txt
similarity index 100%
rename from webgoat-container/src/main/webapp/users/ReadMe.txt
rename to webgoat-container/src/main/old/users/ReadMe.txt
diff --git a/webgoat-container/src/main/webapp/webgoat.jsp b/webgoat-container/src/main/old/webgoat.jsp
similarity index 100%
rename from webgoat-container/src/main/webapp/webgoat.jsp
rename to webgoat-container/src/main/old/webgoat.jsp
diff --git a/webgoat-container/src/main/webapp/webgoat_challenge.jsp b/webgoat-container/src/main/old/webgoat_challenge.jsp
similarity index 97%
rename from webgoat-container/src/main/webapp/webgoat_challenge.jsp
rename to webgoat-container/src/main/old/webgoat_challenge.jsp
index ac437dab9..65b61ee55 100644
--- a/webgoat-container/src/main/webapp/webgoat_challenge.jsp
+++ b/webgoat-container/src/main/old/webgoat_challenge.jsp
@@ -1,100 +1,100 @@
-<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
-         errorPage=""%>
-
-<!-- This modal content is included into the main_new.jsp -->
-
-<div class="modal-content">
-    <div class="modal-header">       
-        <h3 class="modal-title" id="myModalLabel">About WebGoat - Provided by the OWASP Foundation</h3>
-    </div>
-    <div class="modal-body modal-scroll">
-        <p>Thanks for hacking The Goat!</p> 
-        <p>WebGoat is a demonstration of common web application flaws. The
-            associated exercises are intended to provide hands-on experience with
-            techniques aimed at demonstrating and testing application penetration.
-        </p>
-        <p>From the entire WebGoat team, we appreciate your interest and efforts
-            in making applications not just better, but safer and more secure for
-            everyone. We, as well as our sacrificial goat, thank you.</p>
-        <p>
-            Version: ${version},&nbsp;Build: ${build}
-        </p>
-
-        <div class="row">
-            <div class="col-md-6">
-                <p>Contact us:
-                <ul>
-                    <li>WebGoat mailing list: ${emailList}</li>
-                    <li>Bruce Mayhew:  ${contactEmail}</li>
-                </ul>
-                </p>
-            </div>
-        </div>       
-        <div class="row">
-            <div class="col-md-6">
-                <p>WebGoat Authors
-                <ul>
-                    <li>Bruce Mayhew (Project Lead)</li>
-                    <li>Jeff Williams (Original Idea)</li>
-                    <li>Richard Lawson (Architect)</li>
-                    <li>Jason White (Architect)</li>
-                </ul>
-                </p>
-            </div>
-            <div class="col-md-6">
-                <p>WebGoat Design Team
-                <ul>
-                    <li>Richard Lawson</li>
-                    <li>Bruce Mayhew</li>
-                    <li>Jason White</li>
-                    <li>Ali Looney (User Interface)</li>
-                    <li>Jeff Wayman (Website and Docs)</li>
-                </ul>
-                </p>
-            </div>
-        </div>
-        <div class="row">
-            <div class="col-md-6">
-                <p>Active Contributors
-                <ul>
-                    <li>Nanne Baars (Developer)</li>
-                    <li>Dave Cowden (Everything)</li>
-                    <li>Keith Gasser (Survey/Security)</li>
-                    <li>Devin Mayhew (Setup/Admin)</li>
-                    <li>Li Simon (Developer)</li>
-                </ul>
-                </p>
-            </div>
-            <div class="col-md-6">
-                <p>Past Contributors
-                <ul>
-                    <li>David Anderson (Developer/Design)</li>
-                    <li>Christopher Blum (Lessons)</li>
-                    <li>Laurence Casey (Graphics)</li>
-                    <li>Brian Ciomei (Bug fixes)</li>
-                    <li>Rogan Dawes (Lessons)</li>
-                    <li>Erwin Geirnaert (Solutions)</li>
-                    <li>Aung Knant (Documentation)</li>
-                    <li>Ryan Knell (Lessons)</li>
-                    <li>Christine Koppeit (Build)</li>
-                    <li>Sherif Kousa (Lessons/Documentation)</li>
-                    <li>Reto Lippuner (Lessons)</li>
-                    <li>PartNet (Lessons)</li>
-                    <li>Yiannis Pavlosoglou (Lessons)</li>
-                    <li>Eric Sheridan (Lessons)</li>
-                    <li>Alex Smolen (Lessons)</li>
-                    <li>Chuck Willis (Lessons)</li>
-                    <li>Marcel Wirth (Lessons)</li>
-                </ul>
-                </p>
-                <p>Did we miss you? Our sincere apologies, as we know there have
-                    been many contributors over the years. If your name does not
-                    appear in any of the lists above, please send us a note. We'll
-                    get you added with no further sacrifices required.</p>
-            </div>
-        </div>
-    </div>
-    <div class="modal-footer">
-        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
-    </div>
-</div>
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+         errorPage=""%>
+
+<!-- This modal content is included into the main_new.jsp -->
+
+<div class="modal-content">
+    <div class="modal-header">       
+        <h3 class="modal-title" id="myModalLabel">About WebGoat - Provided by the OWASP Foundation</h3>
+    </div>
+    <div class="modal-body modal-scroll">
+        <p>Thanks for hacking The Goat!</p> 
+        <p>WebGoat is a demonstration of common web application flaws. The
+            associated exercises are intended to provide hands-on experience with
+            techniques aimed at demonstrating and testing application penetration.
+        </p>
+        <p>From the entire WebGoat team, we appreciate your interest and efforts
+            in making applications not just better, but safer and more secure for
+            everyone. We, as well as our sacrificial goat, thank you.</p>
+        <p>
+            Version: ${version},&nbsp;Build: ${build}
+        </p>
+
+        <div class="row">
+            <div class="col-md-6">
+                <p>Contact us:
+                <ul>
+                    <li>WebGoat mailing list: ${emailList}</li>
+                    <li>Bruce Mayhew:  ${contactEmail}</li>
+                </ul>
+                </p>
+            </div>
+        </div>       
+        <div class="row">
+            <div class="col-md-6">
+                <p>WebGoat Authors
+                <ul>
+                    <li>Bruce Mayhew (Project Lead)</li>
+                    <li>Jeff Williams (Original Idea)</li>
+                    <li>Richard Lawson (Architect)</li>
+                    <li>Jason White (Architect)</li>
+                </ul>
+                </p>
+            </div>
+            <div class="col-md-6">
+                <p>WebGoat Design Team
+                <ul>
+                    <li>Richard Lawson</li>
+                    <li>Bruce Mayhew</li>
+                    <li>Jason White</li>
+                    <li>Ali Looney (User Interface)</li>
+                    <li>Jeff Wayman (Website and Docs)</li>
+                </ul>
+                </p>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-6">
+                <p>Active Contributors
+                <ul>
+                    <li>Nanne Baars (Developer)</li>
+                    <li>Dave Cowden (Everything)</li>
+                    <li>Keith Gasser (Survey/Security)</li>
+                    <li>Devin Mayhew (Setup/Admin)</li>
+                    <li>Li Simon (Developer)</li>
+                </ul>
+                </p>
+            </div>
+            <div class="col-md-6">
+                <p>Past Contributors
+                <ul>
+                    <li>David Anderson (Developer/Design)</li>
+                    <li>Christopher Blum (Lessons)</li>
+                    <li>Laurence Casey (Graphics)</li>
+                    <li>Brian Ciomei (Bug fixes)</li>
+                    <li>Rogan Dawes (Lessons)</li>
+                    <li>Erwin Geirnaert (Solutions)</li>
+                    <li>Aung Knant (Documentation)</li>
+                    <li>Ryan Knell (Lessons)</li>
+                    <li>Christine Koppeit (Build)</li>
+                    <li>Sherif Kousa (Lessons/Documentation)</li>
+                    <li>Reto Lippuner (Lessons)</li>
+                    <li>PartNet (Lessons)</li>
+                    <li>Yiannis Pavlosoglou (Lessons)</li>
+                    <li>Eric Sheridan (Lessons)</li>
+                    <li>Alex Smolen (Lessons)</li>
+                    <li>Chuck Willis (Lessons)</li>
+                    <li>Marcel Wirth (Lessons)</li>
+                </ul>
+                </p>
+                <p>Did we miss you? Our sincere apologies, as we know there have
+                    been many contributors over the years. If your name does not
+                    appear in any of the lists above, please send us a note. We'll
+                    get you added with no further sacrifices required.</p>
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
+    </div>
+</div>
diff --git a/webgoat-container/src/main/webapp/WEB-INF/lib/placeholder.txt b/webgoat-container/src/main/webapp/WEB-INF/lib/placeholder.txt
deleted file mode 100644
index e69de29bb..000000000
diff --git a/webgoat_developer_bootstrap.sh b/webgoat_developer_bootstrap.sh
index 3a6762c6c..45d52e3bf 100755
--- a/webgoat_developer_bootstrap.sh
+++ b/webgoat_developer_bootstrap.sh
@@ -164,7 +164,7 @@ developer_bootstrap() {
     horizontal_rule
     echo "$COL_MAGENTA"
     echo "$COL_CYAN ***** Starting WebGoat using the embedded Tomcat ***** $COL_RESET"
-    echo " Please be patient.... The startup of the server can take from 30s to 3 minutes."
+    echo " Please be patient.... The startup of the server takes about 5 seconds..."
     echo " WebGoat will be ready for you when you see the following message on the command prompt:"
     echo "$COL_YELLOW INFO: Starting ProtocolHandler ["http-bio-8080"] $COL_RESET"
     echo "$COL_CYAN When you see the message above, open a web browser and navigate to http://localhost:8080/WebGoat/ $COL_RESET"
@@ -179,7 +179,7 @@ developer_bootstrap() {
     sleep 5
 
     # Starting WebGoat
-    mvn -q -DskipTests -file WebGoat/pom.xml -pl webgoat-container tomcat7:run-war
+    mvn -q -pl webgoat-container spring-boot:run
 }
 
 # Start main script