From e5b3b00b0f724a9834bcadb34453e906f7c0d25b Mon Sep 17 00:00:00 2001
From: mayhew64 <mayhew64@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Fri, 3 Nov 2006 23:55:08 +0000
Subject: [PATCH] General cleanup of warnings, fixed a few method scope issues
 and incorrect use of static references to categories

git-svn-id: http://webgoat.googlecode.com/svn/trunk@30 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../org/owasp/webgoat/LessonSource.java       |   2 +-
 .../owasp/webgoat/lessons/AbstractLesson.java |   6 +-
 .../webgoat/lessons/AccessControlMatrix.java  |   6 +-
 .../webgoat/lessons/BasicAuthentication.java  |  11 +-
 .../webgoat/lessons/BlindSqlInjection.java    |   4 +-
 .../owasp/webgoat/lessons/BufferOverflow.java |   4 +-
 .../org/owasp/webgoat/lessons/CSRF.java       |   5 +-
 .../org/owasp/webgoat/lessons/Category.java   |   9 +
 .../webgoat/lessons/Challenge2Screen.java     |   4 +-
 .../webgoat/lessons/CommandInjection.java     |  26 +--
 .../CrossSiteScripting.java                   |   2 +-
 .../CrossSiteScripting/UpdateProfile.java     |   1 -
 .../org/owasp/webgoat/lessons/Encoding.java   | 174 +-----------------
 .../lessons/FailOpenAuthentication.java       |   2 +-
 .../owasp/webgoat/lessons/ForcedBrowsing.java |   2 +-
 .../webgoat/lessons/HiddenFieldTampering.java |   2 +-
 .../org/owasp/webgoat/lessons/HtmlClues.java  |   2 +-
 .../org/owasp/webgoat/lessons/HttpBasics.java |   2 +-
 .../owasp/webgoat/lessons/HttpSplitting.java  |   6 +-
 .../owasp/webgoat/lessons/LessonAdapter.java  |  19 +-
 .../owasp/webgoat/lessons/LogSpoofing.java    |  21 +--
 .../webgoat/lessons/ParameterInjection.java   |   2 +-
 .../lessons/PathBasedAccessControl.java       |   2 +-
 .../owasp/webgoat/lessons/ReflectedXSS.java   |   4 +-
 .../webgoat/lessons/RemoteAdminFlaw.java      |   4 +-
 .../RoleBasedAccessControl.java               |   2 +-
 .../lessons/SQLInjection/SQLInjection.java    |   2 +-
 .../webgoat/lessons/SqlNumericInjection.java  |   2 +-
 .../webgoat/lessons/SqlStringInjection.java   |   2 +-
 .../org/owasp/webgoat/lessons/StoredXss.java  |   2 +-
 .../webgoat/lessons/ThreadSafetyProblem.java  |   2 +-
 .../org/owasp/webgoat/lessons/TraceXSS.java   |   2 +-
 .../owasp/webgoat/lessons/UncheckedEmail.java |   4 +-
 .../lessons/WeakAuthenticationCookie.java     |   2 +-
 .../org/owasp/webgoat/session/Course.java     |   6 +-
 .../owasp/webgoat/session/LessonTracker.java  |   5 +-
 .../owasp/webgoat/session/UserTracker.java    |   2 +-
 .../org/owasp/webgoat/session/WebSession.java |   4 +-
 38 files changed, 94 insertions(+), 265 deletions(-)

diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
index 828a104ab..4c345175b 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java	
@@ -19,7 +19,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class LessonSource extends HammerHead
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
index f0be24e5d..011db1b97 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java	
@@ -44,7 +44,7 @@ import org.owasp.webgoat.session.WebgoatProperties;
  * published by OWASP under the GPL. You should read and accept the LICENSE before you use, modify
  * and/or redistribute this software.
  * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003
  */
 public abstract class AbstractLesson extends Screen implements Comparable
@@ -139,7 +139,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
 	final static IMG previousGrey = new IMG( "images/left14.gif" ).setAlt( "Previous" ).setBorder( 0 ).setHspace( 0 )
 			.setVspace( 0 );
 
-	private static Vector categories = new Vector();
+	private static Vector<Category> categories = new Vector<Category>();
 	private Integer ranking;
 	private Category category;
 	private boolean hidden;
@@ -275,7 +275,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
 	protected abstract boolean getDefaultHidden();
 
 
-	public void setCategory(String categoryName)
+	public void setCategory_DELETE_ME(String categoryName)
 	{
 		if (categoryName != null)
 		{
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
index bc3684a56..7b88e2bc3 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java	
@@ -103,7 +103,7 @@ public class AccessControlMatrix extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Many sites attempt to restrict access to resources by role." );
 		hints.add( "Developers frequently make mistakes implementing this scheme." );
 		hints.add( "Attempt combinations of users, roles, and resources." );
@@ -126,7 +126,7 @@ public class AccessControlMatrix extends LessonAdapter
 	private List getResources( List rl )
 	{
 		// return the resources allowed for these roles
-		ArrayList list = new ArrayList();
+		ArrayList<String> list = new ArrayList<String>();
 
 		if ( rl.contains( roles[0] ) )
 		{
@@ -165,7 +165,7 @@ public class AccessControlMatrix extends LessonAdapter
 
 	private List getRoles( String user )
 	{
-		ArrayList list = new ArrayList();
+		ArrayList<String> list = new ArrayList<String>();
 
 		if ( user.equals( users[0] ) )
 		{
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
index 231b920a1..120df12a9 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java	
@@ -21,7 +21,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class BasicAuthentication extends LessonAdapter
@@ -37,12 +37,6 @@ public class BasicAuthentication extends LessonAdapter
 	private final static String HEADER_NAME =  "header";
 	private final static String HEADER_VALUE = "value";
 	
-	/**
-	 * Save the session so it can be used in a staged lesson
-	 */
-	private WebSession session = null;
-	
-	
 	/**
 	 *  Description of the Method
 	 *
@@ -51,7 +45,6 @@ public class BasicAuthentication extends LessonAdapter
 	 */
 	protected Element createContent( WebSession s )
 	{
-		session = s;
 		return super.createStagedContent(s);
 	}
 	
@@ -218,7 +211,7 @@ public class BasicAuthentication extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 //		int stage = getLessonTracker(session, BASIC).getStage();
 
 //		switch ( stage )
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
index 0c8455b62..8c11ea71c 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java	
@@ -108,7 +108,7 @@ public class BlindSqlInjection extends LessonAdapter
 	 *
 	 * @return    The category value
 	 */
-	public Category getCategory()
+	protected Category getDefaultCategory()
 	{
 		return AbstractLesson.A6;
 	}
@@ -151,7 +151,7 @@ public class BlindSqlInjection extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		if (runningOnWindows()) {
 			hints.add( "Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. " +
 					"Create a SQL statement that you can use as a true/false test and then " +
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java
index af9572818..9a7c79b96 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java	
@@ -14,7 +14,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class BufferOverflow extends LessonAdapter
@@ -52,7 +52,7 @@ public class BufferOverflow extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Lesson Hint 1" );
 		hints.add( "Lesson Hint 2" );
 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
index ab641b11b..0d81fca09 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java	
@@ -2,13 +2,10 @@ package org.owasp.webgoat.lessons;
 
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Arrays;
 
 import org.apache.ecs.Element;
 import org.apache.ecs.ElementContainer;
 import org.apache.ecs.StringElement;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.H1;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.P;
 import org.apache.ecs.html.TD;
@@ -90,7 +87,7 @@ public class CSRF extends LessonAdapter {
 
 	@Override	
 	protected List getHints() {
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter some text and try to include an image in there." );
 		hints.add( "The format of an image in html is <pre>&lt;img src=\"[URL]\" width=\"1\" height=\"1\" /&gt;</pre>");		
 		hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
index 77122de04..70a01bb4f 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java	
@@ -1,5 +1,14 @@
 package org.owasp.webgoat.lessons;
 
+/**
+ *  Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
+ *  Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
+ *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
+ *  this software.
+ *
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created    October 28, 2003
+ */
 public class Category implements Comparable
 {
 		
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
index 9ed711b1a..1318d9eab 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java	
@@ -43,7 +43,7 @@ import org.owasp.webgoat.util.ExecResults;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class Challenge2Screen extends LessonAdapter
@@ -451,7 +451,7 @@ public class Challenge2Screen extends LessonAdapter
 	{
 		//<START_OMIT_SOURCE>
 
-	    List hints = new ArrayList();
+	    List<String> hints = new ArrayList<String>();
 		hints.add( "You need to gain access to the Java source code for this lesson." );	
 		hints.add( "Seriously, no more hints -- it's a CHALLENGE!" );
 		hints.add( "Come on -- give it a rest!" );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java
index 02058dcf5..73275b6fa 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java	
@@ -54,19 +54,21 @@ public class CommandInjection extends LessonAdapter
 				{
 					index = helpFile.indexOf(';');
 				}
-				
+				index = index + 1;
+				int helpFileLen = helpFile.length() -1; // subtract 1 for the closing quote
+				System.out.println("Command = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
 				if (( osName.indexOf( "Windows" ) != -1 &&
-						( helpFile.substring(index + 1).trim().toLowerCase().equals("netstat -a") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("dir") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("ls") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("ifconfig") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("ipconfig") )) ||
-					(helpFile.substring(index + 1).trim().toLowerCase().equals("netstat -a #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("dir #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ls #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ls -l #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ifconfig #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ipconfig #") )) 
+						( helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("netstat -a") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ifconfig") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ipconfig") )) ||
+					(helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("netstat -a #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls -l #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ifconfig #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ipconfig #") )) 
 				{
 					illegalCommand = false;
 				} 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
index 3fe6569ce..3223eecf1 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java	
@@ -140,7 +140,7 @@ public class CrossSiteScripting extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		
 		// Stage 1
 		hints.add( "You can put HTML tags in form input fields." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
index 238e9da4a..e4c1d0d13 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java	
@@ -3,7 +3,6 @@ package org.owasp.webgoat.lessons.CrossSiteScripting;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
-import java.sql.PreparedStatement;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java
index 7d82ae68c..6df01c5ae 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java	
@@ -552,14 +552,10 @@ public class Encoding extends LessonAdapter
 	public List getHints()
 	{
 
-		List hints = new ArrayList();
-
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter a string and press 'go'" );
-
 		hints.add( "Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters )." );
-
 		hints.add( "Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' )." );
-
 		return hints;
 	}
 
@@ -573,7 +569,6 @@ public class Encoding extends LessonAdapter
 
 	public String getInstructions(WebSession s)
 	{
-
 		return "This lesson will familiarize the user with different encoding schemes.  ";
 	}
 
@@ -596,7 +591,6 @@ public class Encoding extends LessonAdapter
 
 	public String getTitle()
 	{
-
 		return ( "Encoding Basics" );
 	}
 
@@ -613,27 +607,18 @@ public class Encoding extends LessonAdapter
 	{
 
 		byte[] b = str.getBytes();
-
 		MessageDigest md = null;
 
 		try
 		{
-
 			md = MessageDigest.getInstance( "MD5" );
-
 			md.update( b );
-
 		}
-
 		catch ( NoSuchAlgorithmException e )
 		{
-
 			// it's got to be there
-
 			e.printStackTrace();
-
 		}
-
 		return ( base64Encode( md.digest() ) );
 	}
 
@@ -648,29 +633,18 @@ public class Encoding extends LessonAdapter
 
 	public static String hashSHA( String str )
 	{
-
 		byte[] b = str.getBytes();
-
 		MessageDigest md = null;
-
 		try
 		{
-
 			md = MessageDigest.getInstance( "SHA-256" );
-
 			md.update( b );
-
 		}
-
 		catch ( NoSuchAlgorithmException e )
 		{
-
 			// it's got to be there
-
 			e.printStackTrace();
-
 		}
-
 		return ( base64Encode( md.digest() ) );
 	}
 
@@ -685,40 +659,26 @@ public class Encoding extends LessonAdapter
 
 	public static String hexDecode( String hexString )
 	{
-
 		try
 		{
-
 			if ( ( hexString.length() % 3 ) != 0 )
 			{
-
 				return ( "String not comprised of Hex digit pairs." );
 			}
-
 			char[] chars = new char[hexString.length()];
-
 			char[] convChars = new char[hexString.length() / 3];
-
 			hexString.getChars( 0, hexString.length(), chars, 0 );
-
 			for ( int i = 1; i < hexString.length(); i += 3 )
 			{
-
 				String hexToken = new String( chars, i, 2 );
-
 				convChars[i / 3] = (char) Integer.parseInt( hexToken, 16 );
-
 			}
-
 			return new String( convChars );
 		}
-
 		catch ( NumberFormatException nfe )
 		{
-
 			return ( "String not comprised of Hex digits" );
 		}
-
 	}
 
 
@@ -732,22 +692,14 @@ public class Encoding extends LessonAdapter
 
 	public static String hexEncode( String asciiString )
 	{
-
 		char[] ascii = new char[asciiString.length()];
-
 		asciiString.getChars( 0, asciiString.length(), ascii, 0 );
-
 		StringBuffer hexBuff = new StringBuffer();
-
 		for ( int i = 0; i < asciiString.length(); i++ )
 		{
-
 			hexBuff.append( "%" );
-
 			hexBuff.append( Integer.toHexString( ascii[i] ) );
-
 		}
-
 		return hexBuff.toString().toUpperCase();
 	}
 
@@ -761,73 +713,40 @@ public class Encoding extends LessonAdapter
 
 	public static void main( String[] args )
 	{
-
 		try
 		{
-
 			String userInput = args[0];
-
 			String userKey = args[1];
-
 			System.out.println( "Working with: " + userInput );
-
 			System.out.print( "Base64 encoding: " );
-
 			System.out.println( base64Encode( userInput ) + " : " + base64Decode( userInput ) );
-
 			System.out.print( "Entity encoding: " );
-
 			System.out.println( HtmlEncoder.encode( userInput ) + " : " + HtmlEncoder.decode( userInput ) );
-
 			System.out.print( "Password based encryption (PBE): " );
-
 			System.out.println( encryptString( userInput, userKey ) + " : " + decryptString( userInput, userKey ) );
-
 			System.out.print( "MD5 hash: " );
-
 			System.out.println( hashMD5( userInput ) + " : " + "Cannot reverse a hash" );
-
 			System.out.print( "SHA-256 hash: " );
-
 			System.out.println( hashSHA( userInput ) + " : " + "Cannot reverse a hash" );
-
 			System.out.print( "Unicode encoding: " );
-
 			System.out.println( "Not Implemented" + " : " + "Not Implemented" );
-
 			System.out.print( "URL encoding: " );
-
 			System.out.println( urlEncode( userInput ) + " : " + urlDecode( userInput ) );
-
 			System.out.print( "Hex encoding: " );
-
 			System.out.println( hexEncode( userInput ) + " : " + hexDecode( userInput ) );
-
 			System.out.print( "Rot13 encoding: " );
-
 			System.out.println( rot13( userInput ) + " : " + rot13( userInput ) );
-
 			System.out.print( "XOR with password: " );
-
 			System.out.println( xorEncode( userInput, userKey ) + " : " + xorDecode( userInput, userKey ) );
-
 			System.out.print( "Double unicode encoding is..." );
-
 			System.out.println( "Not Implemented" + " : " + "Not Implemented" );
-
 			System.out.print( "Double URL encoding: " );
-
 			System.out.println( urlEncode( urlEncode( userInput ) ) + " : " + urlDecode( urlDecode( userInput ) ) );
-
 		}
-
 		catch ( Exception e )
 		{
-
 			e.printStackTrace();
-
 		}
-
 	}
 
 
@@ -868,31 +787,20 @@ public class Encoding extends LessonAdapter
 
 	private TR makeTitleRow( String description, String value1, String value2 )
 	{
-
 		TD desc = new TD().addElement( new B().addElement( description ) );
-
 		TD val1 = new TD().addElement( new B().addElement( value1 ) );
 		TD val2 = new TD().addElement( new B().addElement( value2 ) );
-
 		desc.setAlign( "center" );
-
 		val1.setAlign( "center" );
-
 		val2.setAlign( "center" );
-
 		TR tr = new TR();
-
 		tr.addElement( desc );
-
 		tr.addElement( val1 );
-
 		tr.addElement( val2 );
-
 		return ( tr );
 	}
 
 
-
 	/**
 	 *  Description of the Method
 	 *
@@ -902,56 +810,35 @@ public class Encoding extends LessonAdapter
 
 	public static synchronized String rot13( String input )
 	{
-
 		StringBuffer output = new StringBuffer();
-
 		if ( input != null )
 		{
-
 			for ( int i = 0; i < input.length(); i++ )
 			{
-
 				char inChar = input.charAt( i );
-
 				if ( ( inChar >= 'A' ) & ( inChar <= 'Z' ) )
 				{
-
 					inChar += 13;
-
 					if ( inChar > 'Z' )
 					{
-
 						inChar -= 26;
-
 					}
-
 				}
-
 				if ( ( inChar >= 'a' ) & ( inChar <= 'z' ) )
 				{
-
 					inChar += 13;
-
 					if ( inChar > 'z' )
 					{
-
 						inChar -= 26;
-
 					}
-
 				}
-
 				output.append( inChar );
-
 			}
-
 		}
-
 		return output.toString();
 	}
 
 
-
 	/**
 	 *  Description of the Method
 	 *
@@ -961,31 +848,21 @@ public class Encoding extends LessonAdapter
 
 	public static String unicodeDecode( String str )
 	{
-
 		// FIXME: TOTALLY EXPERIMENTAL
 
 		try
 		{
-
 			ByteBuffer bbuf = ByteBuffer.allocate( str.length() );
-
 			bbuf.put( str.getBytes() );
-
 			Charset charset = Charset.forName( "ISO-8859-1" );
-
 			CharsetDecoder decoder = charset.newDecoder();
-
 			CharBuffer cbuf = decoder.decode( bbuf );
-
 			return ( cbuf.toString() );
 		}
-
 		catch ( Exception e )
 		{
-
 			return ( "Encoding problem" );
 		}
-
 	}
 
 
@@ -999,27 +876,18 @@ public class Encoding extends LessonAdapter
 
 	public static String unicodeEncode( String str )
 	{
-
 		// FIXME: TOTALLY EXPERIMENTAL
-
 		try
 		{
-
 			Charset charset = Charset.forName( "ISO-8859-1" );
-
 			CharsetEncoder encoder = charset.newEncoder();
-
 			ByteBuffer bbuf = encoder.encode( CharBuffer.wrap( str ) );
-
 			return ( new String( bbuf.array() ) );
 		}
-
 		catch ( Exception e )
 		{
-
 			return ( "Encoding problem" );
 		}
-
 	}
 
 
@@ -1033,19 +901,14 @@ public class Encoding extends LessonAdapter
 
 	public static String urlDecode( String str )
 	{
-
 		try
 		{
-
 			return ( URLDecoder.decode( str, "UTF-8" ) );
 		}
-
 		catch ( Exception e )
 		{
-
 			return ( "Decoding error" );
 		}
-
 	}
 
 
@@ -1059,19 +922,14 @@ public class Encoding extends LessonAdapter
 
 	public static String urlEncode( String str )
 	{
-
 		try
 		{
-
 			return ( URLEncoder.encode( str, "UTF-8" ) );
 		}
-
 		catch ( Exception e )
 		{
-
 			return ( "Encoding error" );
 		}
-
 	}
 
 
@@ -1086,38 +944,23 @@ public class Encoding extends LessonAdapter
 
 	public static synchronized char[] xor( String input, String userKey )
 	{
-
 		if ( ( userKey == null ) || ( userKey.trim().length() == 0 ) )
 		{
-
 			userKey = "Goober";
-
 		}
-
 		char[] xorChars = userKey.toCharArray();
-
 		int keyLen = xorChars.length;
-
 		char[] inputChars = null;
-
 		char[] outputChars = null;
-
 		if ( input != null )
 		{
-
 			inputChars = input.toCharArray();
-
 			outputChars = new char[inputChars.length];
-
 			for ( int i = 0; i < inputChars.length; i++ )
 			{
-
 				outputChars[i] = (char) ( inputChars[i] ^ xorChars[i % keyLen] );
-
 			}
-
 		}
-
 		return outputChars;
 	}
 
@@ -1133,21 +976,15 @@ public class Encoding extends LessonAdapter
 
 	public static synchronized String xorDecode( String input, String userKey )
 	{
-
 		try
 		{
-
 			String decoded = base64Decode( input );
-
 			return new String( xor( decoded, userKey ) );
 		}
-
 		catch ( Exception e )
 		{
-
 			return "String not XOR encoded.";
 		}
-
 	}
 
 
@@ -1162,24 +999,15 @@ public class Encoding extends LessonAdapter
 
 	public static synchronized String xorEncode( String input, String userKey )
 	{
-
 		return base64Encode( xor( input, userKey ) );
 	}
 
 	static
 	{
-
 		for ( int i = 0; i < entities.length; ++i )
 		{
-
 			e2i.put( entities[i][0], entities[i][1] );
-
 			i2e.put( entities[i][1], entities[i][0] );
-
 		}
-
 	}
-
 }
-
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java
index d613eff39..032d22634 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java	
@@ -114,7 +114,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "You can force errors during the authentication process." );
 		hints.add( "You can change length, existance, or values of authentication parameters." );
 		hints.add( "Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
index 53b65f4f5..f8e3b4be1 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java	
@@ -63,7 +63,7 @@ public class ForcedBrowsing extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Try to guess the URL for the config page" );
 		hints.add( "The config page is guessable and hackable" );
 		hints.add( "Play with the URL and try to guess what the can you replace 'attack' with." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java
index 834ea80e8..f8d40ae8b 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java	
@@ -147,7 +147,7 @@ public class HiddenFieldTampering extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "This application is using hidden fields to transmit price information to the server." );
 		hints.add( "Use a program to intercept and change the value in the hidden field." );
 		hints.add( "Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from " + 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java
index 76915124c..6a58ca89b 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java	
@@ -163,7 +163,7 @@ public class HtmlClues extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "You can view the HTML source by selecting 'view source' in the browser menu." );
 		hints.add( "There are lots of clues in the HTML" );
 		hints.add( "Search for the word HIDDEN, look at URLs, look for comments." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
index da56c90e5..dc60f94c0 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java	
@@ -68,7 +68,7 @@ public class HttpBasics extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Type in your name and press 'go'" );
 		hints.add( "Turn on Show Parameters or other features" );
 		hints.add( "Press the Show Lesson Plan button to view a lesson summary" );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
index dd9650a6a..61b5137de 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java	
@@ -83,14 +83,14 @@ public class HttpSplitting extends LessonAdapter {
 		return ( ec );	
 	}
 
-	public Category getCategory()
+	protected Category getDefaultCategory()
 	{
-		return LessonAdapter.GENERAL;
+		return AbstractLesson.GENERAL;
 	}
 
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter a language for the system to search by." );
 		hints.add( "Use CR (%0d) and LF (%0a) for a new line" );
 		hints.add( "The Content-Length: 0 will tell the server that the first request is over." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
index a7063c3cb..0b6808c7e 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java	
@@ -7,7 +7,6 @@ import java.util.List;
 
 import org.apache.ecs.Element;
 import org.apache.ecs.ElementContainer;
-import org.apache.ecs.HtmlColor;
 import org.apache.ecs.StringElement;
 import org.apache.ecs.html.Center;
 import org.apache.ecs.html.H3;
@@ -17,7 +16,6 @@ import org.apache.ecs.html.PRE;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
-
 import org.owasp.webgoat.session.WebSession;
 
 /**
@@ -26,12 +24,12 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public abstract class LessonAdapter extends AbstractLesson
 {
-    final static IMG ASPECT_LOGO = new IMG( "images/logos/aspect.jpg" ).setAlt( "Aspect Security" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
+    final static IMG WEBGOAT_LOGO = new IMG( "images/logos/WebGoat.jpg" ).setAlt( "WebGoat Logo" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
 	/**
 	 *  Description of the Method
 	 *
@@ -199,7 +197,7 @@ public abstract class LessonAdapter extends AbstractLesson
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "There are no hints defined." );
 
 		return hints;
@@ -217,7 +215,14 @@ public abstract class LessonAdapter extends AbstractLesson
 	 */
 	public Element getCredits()
 	{
-		return getCustomCredits("Sponsored by&nbsp;", ASPECT_LOGO);
+		if (getClass().getResource("images/logos/WebGoat.jpg") != null )
+		{
+			return getCustomCredits("Presented by&nbsp;", WEBGOAT_LOGO);
+		} 
+		else
+		{
+			return new StringElement();
+		}
 	}
 
 	/**
@@ -316,8 +321,6 @@ public abstract class LessonAdapter extends AbstractLesson
 	 */
 	protected Element getCustomCredits(String text, IMG logo) 
 	{
-		ElementContainer ec = new  ElementContainer();
-	
 		Table t = new Table().setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 ).setWidth("90%").setAlign("RIGHT");
 	    TR tr = new TR();
 		tr.addElement( new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
index be9a1db93..f324c9cff 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java	
@@ -1,22 +1,21 @@
 package org.owasp.webgoat.lessons;
 
-import java.util.ArrayList;
-import java.util.List;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.apache.ecs.Element;
-import org.apache.ecs.StringElement;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-
 import org.apache.ecs.ElementContainer;
+import org.apache.ecs.HtmlColor;
+import org.apache.ecs.StringElement;
 import org.apache.ecs.html.Input;
+import org.apache.ecs.html.PRE;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
-import org.apache.ecs.html.PRE;
-import org.apache.ecs.HtmlColor;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
 
 /**
  *  Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
@@ -102,7 +101,7 @@ public class LogSpoofing extends LessonAdapter {
 
 	@Override
 	protected List getHints() {
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Try to fool the humane eye by using new lines." );
 		hints.add( "Use CR (%0d) and LF (%0a) for a new line." );
 		hints.add( "Try: fooledYa%0d%0aLogin Succeeded for username: admin" );
@@ -116,8 +115,8 @@ public class LogSpoofing extends LessonAdapter {
 	}
 
 	@Override
-	public Category getCategory() {
-		return super.A6;
+	protected Category getDefaultCategory() {
+		return AbstractLesson.A6;
 	}
 
 }
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java
index d5c92da77..b3e63102e 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java	
@@ -11,7 +11,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class ParameterInjection extends LessonAdapter
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
index c29aaa79a..4a7cbd385 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java	
@@ -24,7 +24,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class PathBasedAccessControl extends LessonAdapter
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
index 7e479aae2..1544086c0 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java	
@@ -27,7 +27,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 
@@ -188,7 +188,7 @@ public class ReflectedXSS extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "A simple script is &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;." );
 		hints.add( "Can you get the script to disclose the JSESSIONID cookie?" );
 		hints.add( "You can use &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; to access the session id cookie" );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
index 789c8f00f..3dd9efa95 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java	
@@ -13,7 +13,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class RemoteAdminFlaw extends LessonAdapter
@@ -61,7 +61,7 @@ public class RemoteAdminFlaw extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "WebGoat has 2 admin interfaces." );
 		hints.add( "WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'" );
 		hints.add( "WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'" );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
index 18f55f8dd..634bfc64f 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java	
@@ -135,7 +135,7 @@ public class RoleBasedAccessControl extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Many sites attempt to restrict access to resources by role." );
 		hints.add( "Developers frequently make mistakes implementing this scheme." );
 		hints.add( "Attempt combinations of users, roles, and resources." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
index ece89d2ab..7bcb8a689 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java	
@@ -144,7 +144,7 @@ public class SQLInjection extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "The application is taking your input and inserting it at the end of a pre-formed SQL command." );
 		hints.add( "This is the code for the query being built and issued by WebGoat:<br><br> " +
 					"\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password" );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
index a58be2e82..608e9f794 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java	
@@ -30,7 +30,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class SqlNumericInjection extends LessonAdapter
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
index 741dcf158..98b059902 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java	
@@ -26,7 +26,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class SqlStringInjection extends LessonAdapter
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
index 2c6055a48..899b0d9ef 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java	
@@ -123,7 +123,7 @@ public class StoredXss extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "You can put HTML tags in your message." );
 		hints.add( "Bury a SCRIPT tag in the message to attack anyone who reads it." );
 		hints.add( "Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in the message field." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
index f693108fd..8a49dda7f 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java	
@@ -104,7 +104,7 @@ public class ThreadSafetyProblem extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Web applications handle many HTTP requests at the same time." );
 		hints.add( "Developers use variables that are not thread safe." );
 		hints.add( "Show the Java source code and trace the 'currentUser' variable" );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
index 82cb1aa7d..2cafb5865 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java	
@@ -26,7 +26,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
index a955670a6..241d0be38 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java	
@@ -31,7 +31,7 @@ import org.owasp.webgoat.session.WebSession;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 
@@ -179,7 +179,7 @@ public class UncheckedEmail extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Try sending an anonymous message to yourself." );
 		hints.add( "Try inserting some html or javascript code in the message field" );
 		hints.add( "Look at the hidden fields in the HTML.");
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
index 6bd2f6014..6cff26137 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java	
@@ -232,7 +232,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "The server skips authentication if you send the right cookie." );
 		hints.add( "Is the AuthCookie value guessable knowing the username and password?" );
 		hints.add( "Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java
index 934bef011..e36c362ad 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java	
@@ -20,7 +20,7 @@ import org.owasp.webgoat.lessons.Category;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 28, 2003
  */
 public class Course
@@ -223,7 +223,7 @@ public class Course
 	 */
 	public List getCategories()
 	{
-		List categories = new ArrayList();
+		List<Category> categories = new ArrayList<Category>();
 		Iterator iter = lessons.iterator();
 
 		while ( iter.hasNext() )
@@ -333,7 +333,7 @@ public class Course
 	 */
 	private List getLessons( Category category, List roles )
 	{
-		List lessonList = new ArrayList();
+		List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
 
 		Iterator iter = lessons.iterator();
 		while ( iter.hasNext() )
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
index 65d907df0..0d9993830 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java	
@@ -1,16 +1,15 @@
 package org.owasp.webgoat.session;
 
 import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.io.FileNotFoundException;
-import java.io.IOException;
+import java.io.FileOutputStream;
 import java.util.Properties;
 
 
 /**
  *  Description of the Class
  *
- * @author     Bruce Mayhew
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 29, 2003
  */
 public class LessonTracker
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java
index 2389c979c..5428088f5 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java	
@@ -15,7 +15,7 @@ import org.apache.catalina.users.MemoryUserDatabase;
  *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
  *  this software.
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created    October 29, 2003
  */
 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
index 128916076..ec0625ceb 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java	
@@ -337,7 +337,7 @@ public class WebSession
 
 	public List getRoles()
 	{
-		List roles = new ArrayList();
+		List<String> roles = new ArrayList<String>();
 
 		roles.add(AbstractLesson.USER_ROLE);
 		if (isAdmin())
@@ -440,7 +440,7 @@ public class WebSession
 	
 	public String getRestartLink()
 	{
-		List parameters = new ArrayList();
+		List<String> parameters = new ArrayList<String>();
 		
 		String screenValue = request.getParameter(SCREEN);
 		if (screenValue != null)