diff --git a/java/org/owasp/webgoat/HammerHead.java b/java/org/owasp/webgoat/HammerHead.java
index 4b8301af1..9bce10cc7 100644
--- a/java/org/owasp/webgoat/HammerHead.java
+++ b/java/org/owasp/webgoat/HammerHead.java
@@ -390,7 +390,8 @@ public class HammerHead extends HttpServlet {
             // System.out.println( "HH Creating new WebSession: " );
             session = new WebSession(webgoatContext, context);
             // Ensure splash screen shows on any restart
-            hs.removeAttribute(WELCOMED);
+            // rlawson - removed this since we show splash screen at login now
+            //hs.removeAttribute(WELCOMED);
             hs.setAttribute(WebSession.SESSION, session);
             // reset timeout
             hs.setMaxInactiveInterval(sessionTimeoutSeconds);
diff --git a/java/org/owasp/webgoat/controller/Login.java b/java/org/owasp/webgoat/controller/Login.java
index f770caacb..612c1d727 100644
--- a/java/org/owasp/webgoat/controller/Login.java
+++ b/java/org/owasp/webgoat/controller/Login.java
@@ -18,7 +18,7 @@ import org.springframework.web.servlet.ModelAndView;
 @Controller
 public class Login {
 
-    @RequestMapping(value = "login.do", method = RequestMethod.GET)
+    @RequestMapping(value = "login.mvc", method = RequestMethod.GET)
     public ModelAndView login(
             @RequestParam(value = "error", required = false) String error,
             @RequestParam(value = "logout", required = false) String logout) {
diff --git a/java/org/owasp/webgoat/controller/Logout.java b/java/org/owasp/webgoat/controller/Logout.java
index de9b6c3d1..2c2e39a85 100644
--- a/java/org/owasp/webgoat/controller/Logout.java
+++ b/java/org/owasp/webgoat/controller/Logout.java
@@ -22,7 +22,7 @@ public class Logout {
 
     final Logger logger = LoggerFactory.getLogger(Logout.class);
 
-    @RequestMapping(value = "logout.do", method = RequestMethod.GET)
+    @RequestMapping(value = "logout.mvc", method = RequestMethod.GET)
     public ModelAndView logout(
             @RequestParam(value = "error", required = false) String error,
             @RequestParam(value = "logout", required = false) String logout) {
diff --git a/java/org/owasp/webgoat/controller/Welcome.java b/java/org/owasp/webgoat/controller/Welcome.java
new file mode 100644
index 000000000..60c9db003
--- /dev/null
+++ b/java/org/owasp/webgoat/controller/Welcome.java
@@ -0,0 +1,44 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Welcome {
+
+    private static final String WELCOMED = "welcomed";
+
+    @RequestMapping(value = "welcome.mvc", method = RequestMethod.GET)
+    public ModelAndView welcome(HttpServletRequest request,
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+
+        // set the welcome attribute
+        // this is so the attack servlet does not also 
+        // send them to the welcome page
+        HttpSession session = request.getSession();
+        if (session.getAttribute(WELCOMED) == null) {
+            session.setAttribute(WELCOMED, "true");
+        }
+        //@TODO put stuff here the welcome page needs to access
+        ModelAndView model = new ModelAndView();
+        model.setViewName("welcome");
+
+        return model;
+
+    }
+}
diff --git a/java/org/owasp/webgoat/service/DummyService.java b/java/org/owasp/webgoat/service/DummyService.java
index 630c986ba..0d370cae3 100644
--- a/java/org/owasp/webgoat/service/DummyService.java
+++ b/java/org/owasp/webgoat/service/DummyService.java
@@ -18,7 +18,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 @Controller
 public class DummyService extends BaseService{
 
-    @RequestMapping(value = "/first.do", produces = "application/json")
+    @RequestMapping(value = "/first.mvc", produces = "application/json")
     public @ResponseBody
     List<String> firstNames() {
         List<String> test = new ArrayList<String>();
diff --git a/java/org/owasp/webgoat/service/HintService.java b/java/org/owasp/webgoat/service/HintService.java
index a8ca2a719..c97ea8eb5 100644
--- a/java/org/owasp/webgoat/service/HintService.java
+++ b/java/org/owasp/webgoat/service/HintService.java
@@ -28,7 +28,7 @@ public class HintService extends BaseService {
      * @param session
      * @return
      */
-    @RequestMapping(value = "/hint.do", produces = "application/json")
+    @RequestMapping(value = "/hint.mvc", produces = "application/json")
     public @ResponseBody
     List<Hint> showHint(HttpSession session) {
         List<Hint> listHints = new ArrayList<Hint>();
diff --git a/java/org/owasp/webgoat/service/LessonMenuService.java b/java/org/owasp/webgoat/service/LessonMenuService.java
index 1f379442f..e5e46a57d 100644
--- a/java/org/owasp/webgoat/service/LessonMenuService.java
+++ b/java/org/owasp/webgoat/service/LessonMenuService.java
@@ -32,7 +32,7 @@ public class LessonMenuService extends BaseService {
      * @param session
      * @return
      */
-    @RequestMapping(value = "/lessonmenu.do", produces = "application/json")
+    @RequestMapping(value = "/lessonmenu.mvc", produces = "application/json")
     public @ResponseBody
     List<LessonMenuItem> showLeftNav(HttpSession session) {
         //TODO - need Links, rank, title
diff --git a/webapp/WEB-INF/pages/login.jsp b/webapp/WEB-INF/pages/login.jsp
index d2bffa3c5..068c18c3c 100644
--- a/webapp/WEB-INF/pages/login.jsp
+++ b/webapp/WEB-INF/pages/login.jsp
@@ -59,7 +59,7 @@
             </form>
             <div class="panel panel-info" style="max-width: 300px; margin: 0 auto 20px;">
                 <div class="panel-heading">
-                    Logon with one of the following accounts
+                    Login with one of the following accounts
                 </div>
                 <div class="panel-body">
                     <!-- Table -->
diff --git a/webapp/WEB-INF/pages/welcome.jsp b/webapp/WEB-INF/pages/welcome.jsp
new file mode 100644
index 000000000..a9632dc99
--- /dev/null
+++ b/webapp/WEB-INF/pages/welcome.jsp
@@ -0,0 +1,138 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+         errorPage=""%>
+<%@page import="org.owasp.webgoat.session.WebSession"%>
+<%
+    //WebSession webSession = ((WebSession) session.getAttribute("websession"));
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+        <title>WebGoat V5.4</title>
+        <link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+    </head>
+
+    <body>
+
+        <div id="wrap">
+            <div id="top"></div>
+            <div id="start">
+                <p>Thank you for using WebGoat! This program is a demonstration of common web application flaws.
+                    The exercises are intended to provide hands on experience with
+                    application penetration testing techniques. </p>
+                <p>The WebGoat project is led
+                    by Bruce Mayhew. Please send all comments to Bruce at [TODO, session was blowing up here for some reason].</p>
+
+                <div id="team">
+                    <table border="0" align="center" class="lessonText">
+                        <tr>
+                            <td width="50%">
+                                <div align="center"><a href="http://www.owasp.org"><img
+                                            border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
+                                            longdesc="http://www.owasp.org" /></a></div>
+                            </td>
+                            <td width="50%">
+                                <div align="center"><a href="http://www.aspectsecurity.com"><img
+                                            border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
+                                            longdesc="http://www.aspectsecurity.com" /></a></div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td colspan="2">
+                                <div align="center"><span class="style1">
+                                        WebGoat Authors </span></div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td colspan="2">
+                                <div align="center"><span class="style2">
+                                        Bruce Mayhew </span></div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td colspan="2">
+                                <div align="center"><span class="style2">
+                                        Jeff Williams </span></div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td width="50%">
+                                <div align="center"><span class="style1"><br />
+                                        WebGoat Design Team </span></div>
+                            </td>
+                            <td width="50%">
+                                <div align="center"><span class="style1"><br />
+                                        V5.4 Lesson Contributers </span></div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td valign="top">
+                                <div align="center" class="style2">David Anderson</div>
+                                <div align="center" class="style2">Laurence Casey (Graphics)</div>
+                                <div align="center" class="style2">Rogan Dawes</div>
+                                <div align="center" class="style2">Bruce Mayhew</div>
+                            </td>
+                            <td valign="top">
+                                <div align="center" class="style2">Sherif Koussa</div>
+                                <div align="center" class="style2">Yiannis Pavlosoglou</div>
+                                <div align="center" class="style2"></div>
+
+                            </td>
+                        </tr>
+                        <tr>
+                            <td height="25" valign="bottom">
+                                <div align="center"><span class="style1">Special Thanks
+                                        for V5.4</span></div>
+                            </td>
+                            <td height="25" valign="bottom">
+                                <div align="center"><span class="style1">Documentation
+                                        Contributers</span></div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <div align="center" class="style2">Brian Ciomei (Multitude of bug fixes)</div>
+                                <div align="center" class="style2">To all who have sent comments</div>
+
+                            </td>
+                            <td>
+                                <div align="center" class="style2">
+                                    <a href="http://www.zionsecurity.com/" target="_blank">Erwin Geirnaert</a></div>
+                                <div align="center" class="style2">
+                                    <a href="http://yehg.org/" target="_blank">Aung Khant</a></div>
+                                <div align="center" class="style2">
+                                    <a href="http://www.softwaresecured.com" target="blank">Sherif Koussa</a>
+                                </div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td colspan="2">
+                                <div align="center" class="style2">
+                                    <form id="form" name="form" method="post" action="attack"><input
+                                            type="submit" name="start" value="Start WebGoat" /></form>
+                                </div>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <div align="center" class="style2">&nbsp;</div>
+                            </td>
+                        </tr>
+                    </table>
+                </div>
+            </div>
+            <div align="center" class="style2">&nbsp;</div>
+            <div align="center" class="style2">&nbsp;</div>
+            <div align="center" class="style2">&nbsp;</div>
+            <div id="warning">WARNING<br />
+                While running this program, your machine is extremely vulnerable to
+                attack if you are not running on localhost. If you are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
+                <br />
+                <br />
+                This program is for educational purposes only. Use of these techniques
+                without permission could lead to job termination, financial liability,
+                and/or criminal penalties.</div>
+        </div>
+    </body>
+</html>
diff --git a/webapp/WEB-INF/spring-security.xml b/webapp/WEB-INF/spring-security.xml
index 7c899607a..13d343b5e 100644
--- a/webapp/WEB-INF/spring-security.xml
+++ b/webapp/WEB-INF/spring-security.xml
@@ -16,18 +16,18 @@
     <http pattern="/javascript/**" security="none"/>
     <http pattern="/favicon.ico" security="none"/>    
     <http use-expressions="true">  
-        <intercept-url pattern="/login.do" access="permitAll" />
-        <intercept-url pattern="/logout.do" access="permitAll" />   
+        <intercept-url pattern="/login.mvc" access="permitAll" />
+        <intercept-url pattern="/logout.mvc" access="permitAll" />   
         <intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
         <intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />          	
         <intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
         <form-login 
-            login-page="/login.do" 
-            default-target-url="/attack" 
-            authentication-failure-url="/login.do?error" 
+            login-page="/login.mvc" 
+            default-target-url="/welcome.mvc" 
+            authentication-failure-url="/login.mvc?error" 
             username-parameter="username"
             password-parameter="password" />
-        <logout logout-url="/j_spring_security_logout" logout-success-url="/logout.do" />
+        <logout logout-url="/j_spring_security_logout" logout-success-url="/logout.mvc" />
         <!-- enable csrf protection -->
         <!--csrf/-->
     </http>
diff --git a/webapp/WEB-INF/web.xml b/webapp/WEB-INF/web.xml
index b46406bf9..187dc83a8 100644
--- a/webapp/WEB-INF/web.xml
+++ b/webapp/WEB-INF/web.xml
@@ -222,7 +222,7 @@
 
   <servlet-mapping>
     <servlet-name>mvc-dispatcher</servlet-name>
-    <url-pattern>*.do</url-pattern>
+    <url-pattern>*.mvc</url-pattern>
   </servlet-mapping>
   
   <listener>