diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
index 8ed18fa7d..3650ef760 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
@@ -46,7 +46,7 @@ import java.sql.*;
  * @created October 28, 2003
  */
 @AssignmentPath("/SqlInjection/attack6a")
-@AssignmentHints(value = {"SqlStringInjectionHint6a1", "SqlStringInjectionHint6a2", "SqlStringInjectionHint6a3", "SqlStringInjectionHint6a4"})
+@AssignmentHints(value = {"SqlStringInjectionHint-advanced-6a-1", "SqlStringInjectionHint-advanced-6a-2", "SqlStringInjectionHint-advanced-6a-3"})
 public class SqlInjectionLesson6a extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)
@@ -82,14 +82,14 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
 
                     // If they get back more than one user they succeeded
                     if (results.getRow() >= 5 && usedUnion) {
-                        return trackProgress(success().feedback("sql-injection.6a.success").feedbackArgs(output.toString()).build());
+                        return trackProgress(success().feedback("sql-injection.advanced.6a.success").feedbackArgs(output.toString()).build());
                     } else if((output.toString().contains("dave") && output.toString().contains("passW0rD")) && !usedUnion) {
                         return trackProgress(failed().output("To succesfully complete this Assignement you have to use a UNION").build());
                     } else {
                         return trackProgress(failed().output(output.toString()).build());
                     }
                 } else {
-                    return trackProgress(failed().feedback("sql-injection.6a.no.results").build());
+                    return trackProgress(failed().feedback("sql-injection.advanced.6a.no.results").build());
 
                 }
             } catch (SQLException sqle) {
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson2.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson2.java
index c5921ce11..6c1d48ce4 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson2.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson2.java
@@ -46,7 +46,7 @@ import java.sql.*;
  * @created October 28, 2003
  */
 @AssignmentPath("/SqlInjection/attack2")
-@AssignmentHints(value = {"SqlStringInjectionHint2a1", "SqlStringInjectionHint2a2"})
+@AssignmentHints(value = {"SqlStringInjectionHint2-1", "SqlStringInjectionHint2-2"})
 public class SqlInjectionLesson2 extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java
index b34bca509..b1f4a21a0 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java
@@ -46,7 +46,7 @@ import java.sql.*;
  * @created October 28, 2003
  */
 @AssignmentPath("/SqlInjection/attack3")
-@AssignmentHints(value = {"SqlStringInjectionHint3a1", "SqlStringInjectionHint3a2"})
+@AssignmentHints(value = {"SqlStringInjectionHint3-1", "SqlStringInjectionHint3-2"})
 public class SqlInjectionLesson3 extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson4.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson4.java
index bdcf9a864..efd64626a 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson4.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson4.java
@@ -46,7 +46,7 @@ import java.sql.*;
  * @created October 28, 2003
  */
 @AssignmentPath("/SqlInjection/attack4")
-@AssignmentHints(value = {"SqlStringInjectionHint4a1", "SqlStringInjectionHint4a2", "SqlStringInjectionHint4a3"})
+@AssignmentHints(value = {"SqlStringInjectionHint4-1", "SqlStringInjectionHint4-2", "SqlStringInjectionHint4-3"})
 public class SqlInjectionLesson4 extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java
index 5934a854d..6adbd7f4a 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java
@@ -46,7 +46,7 @@ import java.sql.*;
  * @created October 28, 2003
  */
 @AssignmentPath("/SqlInjection/attack5")
-@AssignmentHints(value = {"SqlStringInjectionHint5a1"})
+@AssignmentHints(value = {"SqlStringInjectionHint5-1"})
 public class SqlInjectionLesson5 extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java
index 512eb30d5..57add71e3 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java
@@ -15,7 +15,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 @AssignmentPath("SqlInjection/attack10a")
 @Slf4j
-@AssignmentHints(value = {"SqlStringInjectionHint10a1", "SqlStringInjectionHint10a2"})
+@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10a-1", "SqlStringInjectionHint-mitigation-10a-10a2"})
 public class SqlInjectionLesson10a extends AssignmentEndpoint {
 
     @Autowired
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java
index 05bfc8ebd..1ff872a10 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java
@@ -18,7 +18,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 @AssignmentPath("SqlInjection/attack10b")
-@AssignmentHints(value = {"SqlStringInjectionHint10b1", "SqlStringInjectionHint10b2", "SqlStringInjectionHint10b3"})
+@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3"})
 public class SqlInjectionLesson10b extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)
diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
index 1394cfd53..8d1820cdd 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
@@ -21,7 +21,7 @@ import java.sql.*;
  * @since 6/13/17.
  */
 @AssignmentPath("SqlInjection/attack12a")
-@AssignmentHints(value = {"SqlStringInjectionHint9", "SqlStringInjectionHint10", "SqlStringInjectionHint11", "SqlStringInjectionHint12"})
+@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-12a-1", "SqlStringInjectionHint-mitigation-12a-2", "SqlStringInjectionHint-mitigation-12a-3", "SqlStringInjectionHint-mitigation-12a-4"})
 @Slf4j
 public class SqlInjectionLesson12a extends AssignmentEndpoint {
 
diff --git a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
index 4f0d9f649..3a19a9cbd 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
@@ -1,7 +1,4 @@
 #StringSqlInjection.java
-StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query.  Restart the lesson if you wish to return to the injectable query.
-EnterLastName=Enter your last name:
-
 sql.injection.title=SQL Injection (introduction)
 sql.mitigation.title=SQL Injection (mitigation)
 sql.advanced.title=SQL Injection (advanced)
@@ -11,47 +8,21 @@ SqlInjectionChallenge2=The vulnerability is on the register form
 SqlInjectionChallenge3=Use tooling to automate this attack
 sql-injection.error=<span class='feedback-negative'>Sorry, this solution is not correct. Try again!</span>
 
-sql-injection.2.success=You have succeded!
-sql-injection.2.failed=Something went wrong! You got no results, check your SQL Statement and the table above
-
-sql-injection.error=<span class='feedback-negative'>Sorry, this solution is not correct. Try again!</span>
-
 NoResultsMatched=No results matched. Try Again.
 
-SqlInjectionChallengeHint1=The Table Name is randomized at each start of Webgoat, try to figure out the name first.
-SqlInjectionChallengeHint2=Find the Field which is vulnerable to SQL Injection use that to change the password.
-SqlInjectionChallengeHint3=Change the password through an Update Statement.
-SqlInjectionChallengeHint4=The Vulnerable Field is the Username Field of the Register form.
-SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
-SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. Th Output should tell you if this field is injectable.
-SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
-SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.
-SqlStringInjectionHint6a1=Try Appending stuff like ",1" to your query, to figure out how many columns there are.
-SqlStringInjectionHint6a2=When using a UNION the number of columns, from both tables should match.
-SqlStringInjectionHint6a3=The UNION should contain 7  columns.
-SqlStringInjectionHint6a4=Try using these columns in your union: userid, user_name, password, cookie, cookie, cookie, userid.
+sql-injection.2.success=You have succeeded!
+sql-injection.2.failed=Something went wrong! You got no results, check your SQL Statement and the table above
+SqlStringInjectionHint2-1=You want the data from the column with the name department. You know the database name (employees) and you know the first- and lastname of the employee (first_name, last_name).
+SqlStringInjectionHint2-2=SELECT column FROM tablename WHERE condition;
 
-SqlStringInjectionHint2a1=You want the data from the column with the name department. You know the database name (employees) and you know the first- and lastname of the employee (first_name, last_name).
-SqlStringInjectionHint2a2=SELECT column FROM tablename WHERE condition;
-SqlStringInjectionHint3a1=Try the UPDATE statement
-SqlStringInjectionHint3a2=UPDATE tablename SET columnname=value WHERE condition;
-SqlStringInjectionHint4a1=ALTER TABLE alters the structure of an existing database
-SqlStringInjectionHint4a2=Don't forget the data type of the new column (e.g. varchar(size) or int(size))
-SqlStringInjectionHint4a3=ALTER TABLE tablename ADD columnname data type(size);
-SqlStringInjectionHint5a1=Look at the example. There's everything you'll need.
-SqlStringInjectionHint6=Try Appending a new SQL Statement to the Query.
-SqlStringInjectionHint7=The new SQL Statement can be really simple like: SELECT ... FROM ...
-SqlStringInjectionHint8=Your new SQL Query should start, with a " ; " and end with " -- "
+SqlStringInjectionHint3-1=Try the UPDATE statement
+SqlStringInjectionHint3-2=UPDATE tablename SET columnname=value WHERE condition;
 
-SqlStringInjectionHint9=Try sorting and look at the request
-SqlStringInjectionHint10=Intercept the request and try to specify a different order by
-SqlStringInjectionHint10a1=First establish a connection, after that you can create a statement.
-SqlStringInjectionHint10a2=For every datatype there is a method to insert values into a wildcard symbol in a statement.
-SqlStringInjectionHint10b1=A database connection has to be surrounded by a try-catch block to handle the very common case of an error while establishing the connection!
-SqlStringInjectionHint10b2=Remember to use the right kind of statement, so your code is no longer vulnerable for SQL-Injections!
-SqlStringInjectionHint10b3=The wildcard-symbol '?' in a prepared statement can be filled with the right kind of method. There exists one for every datatype!
-SqlStringInjectionHint11=Use for example "(case when (true) then hostname else id end)" in the order by and see what happens
-SqlStringInjectionHint12=Use for example "(case when (true) then hostname else id end)" in the order by and see what happens
+SqlStringInjectionHint4-1=ALTER TABLE alters the structure of an existing database
+SqlStringInjectionHint4-2=Don't forget the data type of the new column (e.g. varchar(size) or int(size))
+SqlStringInjectionHint4-3=ALTER TABLE tablename ADD columnname data type(size);
+
+SqlStringInjectionHint5-1=Look at the example. There's everything you'll need.
 
 sql-injection.5a.success=You have succeeded: {0}
 sql-injection.5a.no.results=No results matched. Try Again.
@@ -59,32 +30,59 @@ sql-injection.5a.no.results=No results matched. Try Again.
 sql-injection.5b.success=You have succeeded: {0}
 sql-injection.5b.no.results=No results matched. Try Again.
 
+SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
+SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. Th Output should tell you if this field is injectable.
+SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
+SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.
+
 sql-injection.6a.success=You have succeeded: {0}
 sql-injection.6a.no.results=No results matched. Try Again.
 
+sql-injection.advanced.6a.success=You have succeed: {0}
+sql-injection.advanced.6a.no.results=No results matched. Try Again.
+SqlStringInjectionHint-advanced-6a-1=Try Appending a new SQL Statement to the Query.
+SqlStringInjectionHint-advanced-6a-2=The new SQL Statement can be really simple like: SELECT ... FROM ...
+SqlStringInjectionHint-advanced-6a-3=Your new SQL Query should start, with a " ; " and end with " -- "
+
 sql-injection.6b.success=You have succeeded: {0}
 sql-injection.6b.no.results=No results matched. Try Again.
 
 sql-injection.8.success=You have succeeded! You successfully compromised the confidentiality of data by viewing internal information that you should not have access to. Well done! {0}
 sql-injection.8.no.results=No employee found with matching lastname. Or maybe your authentication TAN is incorrect?
-sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary! {0}
-sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
-
 SqlStringInjectionHint.8.1=The application is taking your input and inserting the values into the variables 'name' and 'auth_tan' of the pre-formed SQL command.
 SqlStringInjectionHint.8.2=Compound SQL statements can be made by expanding the WHERE clause of the statement with keywords like AND and OR.
 SqlStringInjectionHint.8.3=Try appending a SQL statement that always resolves to true.
 SqlStringInjectionHint.8.4=Make sure all quotes (" ' ") are opened and closed properly so the resulting SQL query is syntactically correct.
 SqlStringInjectionHint.8.5=Try extending the WHERE clause of the statement by adding something like: ' OR '1' = '1.
 
+sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary! {0}
 SqlStringInjectionHint.9.1=Try to find a way, to chain another query to the end of the existing one.
 SqlStringInjectionHint.9.2=Use the ; metacharacter to do so.
 SqlStringInjectionHint.9.3=Make use of DML to change your salary.
 SqlStringInjectionHint.9.4=Make sure that the resulting query is syntactically correct.
 SqlStringInjectionHint.9.5=How about something like '; UPDATE employees....
 
+sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
 SqlStringInjectionHint.10.1=Use the techniques that you have learned before.
 SqlStringInjectionHint.10.2=The application takes your input and filters for entries that are LIKE it.
 SqlStringInjectionHint.10.3=Try query chaining to reach the goal.
 SqlStringInjectionHint.10.4=The DDL allows you to delete (DROP) database tables.
 SqlStringInjectionHint.10.5=The underlying sql query looks like that: "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'".
-SqlStringInjectionHint.10.6=Remember that you can use the -- metacharacter to comment out the rest of the line.
\ No newline at end of file
+SqlStringInjectionHint.10.6=Remember that you can use the -- metacharacter to comment out the rest of the line.
+
+SqlStringInjectionHint-mitigation-10a-1=First establish a connection, after that you can create a statement.
+SqlStringInjectionHint-mitigation-10a-2=For every datatype there is a method to insert values into a wildcard symbol in a statement.
+
+SqlStringInjectionHint-mitigation-10b-1=A database connection has to be surrounded by a try-catch block to handle the very common case of an error while establishing the connection!
+SqlStringInjectionHint-mitigation-10b-2=Remember to use the right kind of statement, so your code is no longer vulnerable for SQL-Injections!
+SqlStringInjectionHint-mitigation-10b-3=The wildcard-symbol '?' in a prepared statement can be filled with the right kind of method. There exists one for every datatype!
+
+SqlStringInjectionHint-mitigation-12a-1=Try sorting and look at the request
+SqlStringInjectionHint-mitigation-12a-2=Intercept the request and try to specify a different order by
+SqlStringInjectionHint-mitigation-12a-3=Use for example "(case when (true) then hostname else id end)" in the order by and see what happens
+SqlStringInjectionHint-mitigation-12a-4=Use for example "(case when (true) then hostname else id end)" in the order by and see what happens
+
+SqlInjectionChallengeHint1=The Table Name is randomized at each start of Webgoat, try to figure out the name first.
+SqlInjectionChallengeHint2=Find the Field which is vulnerable to SQL Injection use that to change the password.
+SqlInjectionChallengeHint3=Change the password through an Update Statement.
+SqlInjectionChallengeHint4=The Vulnerable Field is the Username Field of the Register form.
\ No newline at end of file