diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
index 23faed378..7ab008868 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
@@ -51,6 +51,9 @@ public class WebgoatContext {
     /** Constant <code>SHOWHINTS="ShowHints"</code> */
     public final static String SHOWHINTS = "ShowHints";
 
+    /** Constant <code>DEFUSEOSCOMMANDS="DefuseOSCommands"</code> */
+    public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
+
     /** Constant <code>FEEDBACK_ADDRESS_HTML="FeedbackAddressHTML"</code> */
     public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
 
@@ -83,6 +86,8 @@ public class WebgoatContext {
 
     private boolean showSolution = false;
 
+    private boolean defuseOSCommands = false;
+
     private boolean enterprise = false;
 
     private boolean codingExercises = false;
@@ -118,6 +123,7 @@ public class WebgoatContext {
         showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
         showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
         showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
+        defuseOSCommands = "true".equals(getParameter(servlet, DEFUSEOSCOMMANDS));
         enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
         codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
         feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
@@ -186,6 +192,15 @@ public class WebgoatContext {
         return (databasePassword);
     }
 
+    /**
+     * <p>isDefuseOSCommands.</p>
+     *
+     * @return a boolean.
+     */
+    public boolean isDefuseOSCommands() {
+        return defuseOSCommands;
+    }
+    
     /**
      * <p>isEnterprise.</p>
      *