diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Impact_Defense.adoc b/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Impact_Defense.adoc
index c6ef48c1c..e94416dae 100644
--- a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Impact_Defense.adoc
+++ b/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Impact_Defense.adoc
@@ -26,8 +26,8 @@ See the following for more information on CSRF protections:
 
 https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet (Prevention/Defense)
 
-https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)  (Attack)
+https://owasp.org/www-community/attacks/csrf  (Attack)
 
 https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CSRF_Prevention_Filter / https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CSRF_Prevention_Filter (Tomcat)
 
-https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html
\ No newline at end of file
+https://docs.spring.io/spring-security/site/docs/current/reference/html5/#csrf
\ No newline at end of file