WIP

2021-03-27 17:18:16 +01:00 · 2021-03-27 15:58:56 +01:00 · 2021-03-27 15:56:32 +01:00 · 2021-03-27 15:42:03 +01:00 · 2021-03-27 15:02:20 +01:00 · 2021-03-27 14:58:46 +01:00
758 changed files with 12641 additions and 77605 deletions
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@ -0,0 +1,7 @@
 version: 2
 updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,42 @@
 name: "CI/CD Pipeline"
 on:
  push:
    branches: [ '*' ]
    tags-ignore:
      - '*'
 jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
        java: [11, 15]
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2
      - name: Set up JDK ${{ matrix.java }}
        uses: actions/setup-java@v1
        with:
          java-version: ${{ matrix.java }}
          architecture: x64
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build with Maven
        run: mvn clean install
  notify-slack:
    if: github.event_name == 'push' && (success() || failure())
    needs:
      - build
    runs-on: ubuntu-latest
    steps:
      - name: "Slack workflow notification"
        uses: Gamesight/slack-workflow-status@master
        with:
          repo_token: ${{secrets.GITHUB_TOKEN}}
          slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,102 @@
 name: "Release Pipeline"
 on:
  push:
    tags:
      - test*  # todo replace with v*
 jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
        java: [11, 15]
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK ${{ matrix.java }}
        uses: actions/setup-java@v1
        with:
          java-version: ${{ matrix.java }}
          architecture: x64
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build with Maven
        run: mvn clean install -DskipTests
  docker:
    name: "Docker build & push"
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: "Check out"
        uses: actions/checkout@v2
      - name: "Get tag name"
        id: tag
        uses: dawidd6/action-get-tag@v1
      - name: "Set up QEMU"
        uses: docker/setup-qemu-action@v1
      - name: "Set up Docker Buildx"
        uses: docker/setup-buildx-action@v1
      - name: "Login to dockerhub"
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: "Build and push"
        uses: docker/build-push-action@v2
        with:
          run: cd docker
          context: .
          file: docker/Dockerfile
          push: false #todo enable
          platforms: linux/amd64
          tags: |
            webgoat/goatandwolf:${{ steps.tag.outputs.tag }}
          build-args: |
            webgoat_version=${{ steps.tag.outputs.tag }}
      - name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}
  github_release:
    name: Create Release
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: "Checkout code"
        uses: actions/checkout@v2
      - name: "Get tag name"
        id: tag
        uses: dawidd6/action-get-tag@v1
      - name: "Create release"
        uses: softprops/action-gh-release@v1
        with:
          draft: false
          files: |
            webgoat-server/target/*.jar
            webwolf/target/*.jar
          body: |
            ## Version ${{ steps.tag.outputs.tag }}
            ### New functionality
            - test
            ### Bug fixes
            - [#743 - Character encoding errors](https://github.com/WebGoat/WebGoat/issues/743)
            ## Contributors
            Special thanks to the following contributors providing us with a pull request:
            - Person 1
            - Person 2
            And everyone who provided feedback through Github.
            Team WebGoat
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@ -15,6 +15,7 @@
 /.externalToolBuilders/
 .project
 */target/*
 *.pmd
 mongo-data/*
 .classpath
 .idea/
@ -52,3 +53,4 @@ webgoat.log
 webgoat.properties
 webgoat.script
 TestClass.class
 **/*.flattened-pom.xml
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@ -1,2 +1,2 @@
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.2.1/apache-maven-3.2.1-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.2.5/apache-maven-3.2.5-bin.zip
 wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar
--- a/.travis.yml
+++ b/.travis.yml
@ -1,17 +1,27 @@
 services:
  - docker
 language: java
 os: 
  - linux
  - osx
 dist: xenial
 jdk:
- openjdk11
+  - openjdk11
-install: "/bin/true"
+  - openjdk15
 addons:
  firefox: latest
 install:  
  - true
 script:
- export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
+  - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH;
- echo "TRAVIS_BRANCH=$TRAVIS_BRANCH, PR=$PR, BRANCH=$BRANCH"
+    else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
- if [ ! -z "${TRAVIS_TAG}" ]; then mvn versions:set -DnewVersion=${TRAVIS_TAG:1}; fi
+  - echo "TRAVIS_BRANCH=$TRAVIS_BRANCH, PR=$PR, BRANCH=$BRANCH"
- mvn clean install -q
+  - if [ ! -z "${TRAVIS_TAG}" ]; then mvn versions:set -DnewVersion=${TRAVIS_TAG:1};
    fi
  - mvn clean install -q
 cache:
  directories:
-  - "$HOME/.m2"
+    - "$HOME/.m2"
 before_deploy:
  - export WEBGOAT_SERVER_TARGET_DIR=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-server/target
  - export WEBWOLF_TARGET_DIR=$HOME/build/$TRAVIS_REPO_SLUG/webwolf/target
@ -23,25 +33,30 @@ before_deploy:
  - ls $WEBGOAT_ARTIFACTS_FOLDER
 deploy:
  - provider: script
-    skip_cleanup: true
+    cleanup: false
    script: bash scripts/deploy-webgoat.sh
    on:
-      repo: WebGoat/WebGoat
+      condition: $TRAVIS_OS_NAME == 'linux'
      jdk: openjdk11
      tags: true
  - provider: releases
-    skip_cleanup: true
+    cleanup: false
    overwrite: true
-    api_key:
+    token:
      #api-key from webgoat-github user
      secure: pJOLBnl6427PcVg/tVy/qB18JC7b8cKpffau+IP0pjdSt7KUfBdBY3QuJ7mrM65zRoVILzggLckaew2PlRmYQRdumyWlyRn44XiJ9KO4n6Bsufbz+ictB4ggtozpp9+I9IIUh1TmqypL9lhkX2ONM9dSHmyblYpAAgMuYSK8FYc=
    file_glob: true
-    file: $WEBGOAT_ARTIFACTS_FOLDER/*
+    file: "$WEBGOAT_ARTIFACTS_FOLDER/*"
    on:
-      repo: WebGoat/WebGoat
+      condition: $TRAVIS_OS_NAME == 'linux'
      jdk: openjdk11
      tags: true
 env:
  global:
-  #Docker login
+    #Docker login
-  - secure: XgPc0UKRTUI70I4YWNQpThPPWeQIxkmzh1GNoR/SSDC2GPIBq3EfkkbSQewqil8stTy+S1/xSzc0JXG8NTn7UOxHVHA/2nhI6jX9E+DKtXQ89YwmaDNQjkbMjziAtDCIex+5TRykxNfkxj6VPYbDssrzI7iJXOIZVj/HoyO3O5E=
+    - secure: XgPc0UKRTUI70I4YWNQpThPPWeQIxkmzh1GNoR/SSDC2GPIBq3EfkkbSQewqil8stTy+S1/xSzc0JXG8NTn7UOxHVHA/2nhI6jX9E+DKtXQ89YwmaDNQjkbMjziAtDCIex+5TRykxNfkxj6VPYbDssrzI7iJXOIZVj/HoyO3O5E=
-  #Docker password
+    #Docker password
-  - secure: aly5TKBUK9sIiqtMbytNNPZHQhC0a7Yond5tEtuJ8fO+j/KZB4Uro3I6BhzYjGWFb5Kndd0j2TXHPFvtOl402J1CmFsY3v0BhilQd0g6zOssp5T0A73m8Jgq4ItV8wQJJy2bQsXqL1B+uFYieYPiMchj7JxWW0vBn7TV5b68l6U=
+    - secure: aly5TKBUK9sIiqtMbytNNPZHQhC0a7Yond5tEtuJ8fO+j/KZB4Uro3I6BhzYjGWFb5Kndd0j2TXHPFvtOl402J1CmFsY3v0BhilQd0g6zOssp5T0A73m8Jgq4ItV8wQJJy2bQsXqL1B+uFYieYPiMchj7JxWW0vBn7TV5b68l6U=
 notifications:
  slack:
    rooms:
      secure: cDG2URRy7SEipMLyhodwjRBtsPBmfngFB4FyNaIhhr+2/SGyKvGhfW75YA9V+eC7J40KllxQhiIvrxngKDRABb3L1O72Sdj8mZSi8TVsUNLOdamJXHKGUwNSPWXv/1s2m+uC20cgxl66o31vxdV33uvxLdvGOd5e5qOKTsKP7UE=
--- a/COPYRIGHT.txt
+++ b/COPYRIGHT.txt
@ -0,0 +1,19 @@
 This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
 Copyright (c) 2002 - $today.year Bruce Mayhew
 This program is free software; you can redistribute it and/or modify it under the terms of the
 GNU General Public License as published by the Free Software Foundation; either version 2 of the
 License, or (at your option) any later version.
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 General Public License for more details.
 You should have received a copy of the GNU General Public License along with this program; if
 not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 02111-1307, USA.
 Getting Source ==============
 Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
--- a/CREATE_RELEASE.MD
+++ b/CREATE_RELEASE.MD
@ -5,7 +5,11 @@
 For WebGoat we use milestone releases first before we release the official version, we use `v8.0.0.M3` while tagging
 and 8.0.0.M3 in the `pom.xml`. When we create the final release we remove the milestone release and use 
- `v8.0.0` and 8.0.0 in the `pom.xml`
+ `v8.0.0` in the `pom.xml`
 ### Release notes:
 Update the release notes with the correct version. Use `git shortlog -s -n --since "SEP 31 2019"` for the list of 
 committers.
 At the moment we use Gitflow, for a release you create a new release branch and take the following steps:
--- a/README.MD
+++ b/README.MD
@ -3,9 +3,9 @@
 [![Build Status](https://travis-ci.org/WebGoat/WebGoat.svg?branch=develop)](https://travis-ci.org/WebGoat/WebGoat)
 [![Coverage Status](https://coveralls.io/repos/WebGoat/WebGoat/badge.svg?branch=develop&service=github)](https://coveralls.io/github/WebGoat/WebGoat?branch=master)
 [![Codacy Badge](https://api.codacy.com/project/badge/b69ee3a86e3b4afcaf993f210fccfb1d)](https://www.codacy.com/app/dm/WebGoat)
 [![Dependency Status](https://www.versioneye.com/user/projects/562da95ae346d7000e0369aa/badge.svg?style=flat)](https://www.versioneye.com/user/projects/562da95ae346d7000e0369aa)
 [![OWASP Labs](https://img.shields.io/badge/owasp-lab%20project-f7b73c.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Labs_Projects)
 [![GitHub release](https://img.shields.io/github/release/WebGoat/WebGoat.svg)](https://github.com/WebGoat/WebGoat/releases/latest)
 [![Gitter](https://badges.gitter.im/OWASPWebGoat/community.svg)](https://gitter.im/OWASPWebGoat/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 # Introduction
@ -29,35 +29,68 @@ first thing that all hackers claim.*
 # Installation Instructions:
-## 1. Standalone 
+## 1. Run using Docker
 Download the latest WebGoat release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 ```Shell
 java -jar webgoat-server-8.0.0.VERSION.jar [--server.port=8080] [--server.address=localhost]
 ```
 The latest version of WebGoat needs Java 11. By default WebGoat starts on port 8080 with `--server.port` you can specify a different port. With `server.address` you
 can bind it to a different address (default localhost)
 ## 2. Run using Docker
 Every release is also published on [DockerHub]((https://hub.docker.com/r/webgoat/webgoat-8.0/)).
-### Using docker-compose
+### Using docker run
-The easiest way to start WebGoat as a Docker container is to use the `docker-compose.yml` [file](https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml) 
+The easiest way to start WebGoat as a Docker container is to use the all-in-one docker container. This is a docker image that has WebGoat and WebWolf running inside.
 from our Github repository. This will start both containers and it also takes care of setting up the
 connection between WebGoat and WebWolf.
 ```shell
-curl https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml | docker-compose -f - up
+docker run -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
 ```
 WebGoat will be located at: http://127.0.0.1:8080/WebGoat
 WebWolf will be located at: http://127.0.0.1:9090/WebWolf
 **Important**: Choose the correct timezone, so that the docker container and your host are in the same timezone. As it important for the validity of JWT tokens used in certain exercises.
 ### Using docker stack deploy
 Another way to deply WebGoat and WebWolf in a more advanced way is to use a compose-file in a docker stack deploy.
 You can define which containers should run in which combinations and define all of this in a yaml file.
 An example of such a file is: [goat-with-reverseproxy.yaml](goat-with-reverseproxy.yaml)
 This sets up an nginx webserver as reverse proxy to WebGoat and WebWolf. You can change the timezone by adjusting the value in the yaml file.
 ```shell
 docker stack init
 docker stack deploy --compose-file goat-with-reverseproxy.yaml webgoatdemo
 ```
 Add the following entries in your local hosts file:
 ```shell
 127.0.0.1 www.webgoat.local www.webwolf.localhost
 ```
 You can use the overall start page: http://www.webgoat.local or:
 WebGoat will be located at: http://www.webgoat.local/WebGoat
 WebWolf will be located at: http://www.webwolf.local/WebWolf
 **Important**: the current directory on your host will be mapped into the container for keeping state.
-Using the `docker-compose` file will simplify getting WebGoat and WebWolf up and running.
+## 2. Standalone
 Download the latest WebGoat and WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 ```Shell
 java -jar webgoat-server-8.1.0.jar [--server.port=8080] [--server.address=localhost]
 java -jar webwolf-8.1.0.jar [--server.port=9090] [--server.address=localhost]
 ```
 The latest version of WebGoat needs Java 11 or above. By default WebGoat and WebWolf start on port 8080,9000 and 9090 with the environment variable WEBGOAT_PORT, WEBWOLF_PORT and WEBGOAT_HSQLPORT you can set different values.
 ```Shell
 export WEBGOAT_PORT=18080
 export WEBGOAT_HSQLPORT=19001
 export WEBWOLF_PORT=19090
 java -jar webgoat-server-8.1.0.jar
 java -jar webwolf-8.1.0.jar 
 ```
 Use set in stead of export on Windows cmd. 
 ## 3. Run from the sources
@ -97,20 +130,17 @@ To change IP address add the following variable to WebGoat/webgoat-container/src
 server.address=x.x.x.x
 ```
-# Building a new Docker image
+## 4. Run with custom menu
-NOTE: Travis will create a new Docker image automatically when making a new release.
+For specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting environment variables.
 For instance running as a jar on a Linux/MacOS it will look like:
 ```Shell
-cd WebGoat/
+export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"
-mvn install
+export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"
-cd webgoat-server
+java -jar webgoat-server/target/webgoat-server-v8.2.0-SNAPSHOT.jar
-docker build -t webgoat/webgoat-8.0 .
+```
-docker tag webgoat/webgoat-8.0 webgoat/webgoat-8.0:8.0
+Or in a docker run it would (once this version is pushed into docker hub) look like:
-docker login
+```Shell
-docker push webgoat/webgoat-8.0
+docker run -d -p 80:8888 -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/goatandwolf
 ```
 # Run Instructions:
 Once installed connect to http://localhost:8080/WebGoat and http://localhost:9090/WebWolf
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@ -0,0 +1,50 @@
 # WebGoat release notes 
 ## Version 8.1.0
 ### New functionality
 - Added new lessons for cryptography and path-traversal
 - Extra content added to the XXE lesson
 - Explanation of the assignments will be part of WebGoat, in this release we added detailed descriptions on how to solve the XXE lesson. In the upcoming releases new explanations will be added. If you want to contribute please create a pull request on Github.
 - Docker improvements + docker stack for complete container with nginx 
 - Included JWT token decoding and generation, since jwt.io does not support None anymore 
 ### Bug fixes
 - [#743 - Character encoding errors](https://github.com/WebGoat/WebGoat/issues/743)
 - [#811 -  Flag submission fails](https://github.com/WebGoat/WebGoat/issues/811)
 - [#810 - Scoreboard for challenges shows csrf users](https://github.com/WebGoat/WebGoat/issues/810)
 - [#788 - strange copy in constructor](https://github.com/WebGoat/WebGoat/issues/788) 
 - [#760 - Execution of standalone jar fails (Flyway migration step](https://github.com/WebGoat/WebGoat/issues/760)
 - [#766 - Unclear objective of vulnerable components practical assignment](https://github.com/WebGoat/WebGoat/issues/766)
 - [#708 - Seems like the home directory of WebGoat always use @project.version@](https://github.com/WebGoat/WebGoat/issues/708)
 - [#719 - WebGoat: 'Contact Us' email link in header is not correctly set](https://github.com/WebGoat/WebGoat/issues/719)
 - [#715 - Reset lesson doesn't reset the "HTML lesson" => forms stay succesful](https://github.com/WebGoat/WebGoat/issues/715)
 - [#725 - Vulnerable Components lesson 12 broken due to too new dependency](https://github.com/WebGoat/WebGoat/issues/725)
 - [#716 -  On M26 @project.version@ is not "interpreted" #7](https://github.com/WebGoat/WebGoat/issues/716)
 - [#721 couldn't be able to run CSRF lesson 3: Receive Whitelabel Error Page](https://github.com/WebGoat/WebGoat/issues/721)
 - [#724 - Dead link in VulnerableComponents lesson 11](https://github.com/WebGoat/WebGoat/issues/724)
 ## Contributors
 Special thanks to the following contributors providing us with a pull request:
 - Satoshi SAKAO
 - Philippe Lafoucrière
 - Cotonne
 - Tiago Mussi
 - thegoodcrumpets
 - Atharva Vaidya
 - torleif
 - August Detlefsen
 - Choe Hyeong Jin
 And everyone who provided feedback through Github.
 Team WebGoat
--- a/docker-compose-postgres.yml
+++ b/docker-compose-postgres.yml
@ -11,7 +11,7 @@ services:
      - spring.datasource.username=webgoat
      - spring.datasource.password=webgoat
      - spring.datasource.driver-class-name=org.postgresql.Driver
-      - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
+      - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect
      - webgoat.server.directory=/home/webgoat/.webgoat/
      - webgoat.user.directory=/home/webgoat/.webgoat/
    ports:
@ -23,11 +23,11 @@ services:
      - spring.datasource.username=webgoat
      - spring.datasource.password=webgoat
      - spring.datasource.driver-class-name=org.postgresql.Driver
-      - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
+      - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect
    ports:
      - "9090:9090"
  webgoat_db:
-    image: postgres:9.4
+    image: postgres:10.12
 # Uncomment to store the state of the database on the host.
 #    volumes:
 #      - ./database:/var/lib/postgresql
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,4 @@
-version: '2.1'
+version: '3'
 services:
  webgoat:
@ -6,13 +6,17 @@ services:
    environment:
      - WEBWOLF_HOST=webwolf
      - WEBWOLF_PORT=9090
      - TZ=Europe/Amsterdam
    ports:
      - "8080:8080"
      - "9001:9001"
    volumes:
      - .:/home/webgoat/.webgoat
    working_dir: /home/webgoat
  webwolf:
    image: webgoat/webwolf
    ports:
      - "9090:9090"
    command: --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat --server.address=0.0.0.0
    depends_on:
            - webgoat
--- a/docker/.gitignore
+++ b/docker/.gitignore
@ -0,0 +1 @@
 *.jar
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -0,0 +1,32 @@
 FROM openjdk:11.0.1-jre-slim-stretch
 ARG webgoat_version=v8.2.0-SNAPSHOT
 ENV webgoat_version_env=${webgoat_version}
 RUN apt-get update && apt-get install 
 RUN useradd --home-dir /home/webgoat --create-home -U webgoat
 RUN cd /home/webgoat/; 
 RUN chgrp -R 0 /home/webgoat
 RUN chmod -R g=u /home/webgoat
 RUN apt-get -y install apt-utils nginx
 USER webgoat
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY index.html /usr/share/nginx/html/
 COPY webgoat-server-${webgoat_version}.jar /home/webgoat/webgoat.jar
 COPY webwolf-${webgoat_version}.jar /home/webgoat/webwolf.jar
 COPY start.sh /home/webgoat
 EXPOSE 8080
 EXPOSE 9090
 ENV WEBGOAT_PORT 8080
 ENV WEBGOAT_SSLENABLED false
 ENV GOATURL https://127.0.0.1:$WEBGOAT_PORT
 ENV WOLFURL http://127.0.0.1:9090
 WORKDIR /home/webgoat
 ENTRYPOINT /bin/bash /home/webgoat/start.sh $webgoat_version_env
--- a/docker/Readme.md
+++ b/docker/Readme.md
@ -0,0 +1,9 @@
 # Docker all-in-one image
 ## Docker build
 	docker build --no-cache --build-arg webgoat_version=v8.2.0-SNAPSHOT -t webgoat/goatandwolf:latest .
 ## Docker run
 	docker run -d -p 80:8888 -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:latest
--- a/docker/index.html
+++ b/docker/index.html
@ -0,0 +1,43 @@
 <!DOCTYPE html>
 <html>
  <body>
    <h1>OWASP WebGoat Training tools</h1>
    <p>
      Use the following links to access the WebGoat and WebWolf applications.
      Register a user using WebGoat. The same user can access WebWolf.
    </p>
 	<h2>Use without special host name entries</h2>
 	<table>
 	<tr>
 		<td>WebGoat URL</td>
 		<td><a href="http://127.0.0.1:8080/WebGoat" target="_blank">http://127.0.0.1:8080/WebGoat</a></td>
 	</tr>
 	<tr>
 		<td>WebWolf URL</td>
 		<td><a href="http://127.0.0.1:9090/WebWolf" target="_blank">http://127.0.0.1:9090/WebWolf</a></td>
 	</tr>
 	<table>
 	<h2>Use with www.webgoat.local and www.webwolf.local</h2>
 	<p>
      Add the following entries to your local <b><i>hosts</i></b> file on Windows (c:\Windows\System32\drivers\etc\hosts) or Linux (/etc/hosts)
 <pre>
 127.0.0.1 www.webgoat.local www.webwolf.local
 </pre>
 	Then use the following URL's:
    </p>
 	<table>
 	<tr>
 		<td>WebGoat URL</td>
 		<td><a href="http://www.webgoat.local/WebGoat" target="_blank">http://www.webgoat.local/WebGoat</a></td>
 	</tr>
 	<tr>
 		<td>WebWolf URL</td>
 		<td><a href="http://www.webwolf.local/WebWolf" target="_blank">http://www.webwolf.local/WebWolf</a></td>
 	</tr>
 	<table>
  </body>
 </html>
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@ -0,0 +1,140 @@
 error_log /tmp/error.log;
 pid /tmp/nginx.pid;
 worker_processes 1;
 events { worker_connections 1024; }
 http {
 	client_body_temp_path /tmp/client_body;
 	fastcgi_temp_path /tmp/fastcgi_temp;
 	proxy_temp_path /tmp/proxy_temp;
 	scgi_temp_path /tmp/scgi_temp;
 	uwsgi_temp_path /tmp/uwsgi_temp;
    sendfile on;
    upstream docker-webgoat {
        server 127.0.0.1:8080;
    }
    upstream docker-webwolf {
        server 127.0.0.1:9090;
    }
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    server {
        listen 8888;
        server_name        www.webgoat.local;
 		root /var/www;
 		access_log /tmp/goataccess.log;
 		error_log /tmp/goaterror.log;
        location ~* \.(png|jpg|jpeg|gif|ico|woff|otf|ttf|mvc|svg|txt|pdf|docx?|xlsx?)$ {
            access_log         off;
            proxy_pass         http://docker-webgoat;
            proxy_redirect     off;
        }
        location / {
            root              /usr/share/nginx/html;
            index             index.html;
            add_header        Cache-Control no-cache;
            expires           0;
        }
        location /WebGoat {
            proxy_pass         http://docker-webgoat;
            proxy_redirect     off;
        }
    }
    server {
        listen 8888;
        server_name        www.webwolf.local;
 		root /var/www;
 		access_log /tmp/wolfaccess.log;
 		error_log /tmp/wolferror.log;
        location /WebGoat/PasswordReset/ForgotPassword/create-password-reset-link {
            proxy_pass         http://docker-webgoat;
            proxy_redirect     off;
        }
        location /PasswordReset/reset/reset-password {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /files {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /tmpdir {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /webjars {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /css {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /login {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /images {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /mail {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /upload {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /js {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /landing {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /logout {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
        location /WebWolf {
            proxy_pass         http://docker-webwolf;
            proxy_redirect     off;
        }
    }
 }
--- a/docker/pom.xml
+++ b/docker/pom.xml
@ -0,0 +1,40 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <artifactId>webgoat-all-in-one-docker</artifactId>
    <packaging>jar</packaging>
    <parent>
        <groupId>org.owasp.webgoat</groupId>
        <artifactId>webgoat-parent</artifactId>
        <version>${revision}</version>
    </parent>
    <dependencies>
    </dependencies>
    <build>
        <plugins>
            <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-antrun-plugin</artifactId>
            <version>1.8</version>
            <executions>
                <execution>
                    <phase>install</phase>
                    <configuration>
                        <target>
                            <copy file="../webgoat-server/target/webgoat-server-${project.version}.jar" tofile="webgoat-server-${project.version}.jar"/>
 							<copy file="../webwolf/target/webwolf-${project.version}.jar" tofile="webwolf-${project.version}.jar"/>
                        </target>
                    </configuration>
                    <goals>
                        <goal>run</goal>
                    </goals>
                </execution>
            </executions>
 			</plugin>
        </plugins>
    </build>
 </project>
--- a/docker/start.sh
+++ b/docker/start.sh
@ -0,0 +1,12 @@
 #!/bin/bash
 cd /home/webgoat 
 service nginx start
 sleep 1
 java -Duser.home=/home/webgoat -Dfile.encoding=UTF-8 -jar webgoat.jar --webgoat.build.version=$1 --server.address=0.0.0.0  > webgoat.log &
 sleep 10
 java -Duser.home=/home/webgoat -Dfile.encoding=UTF-8 -jar webwolf.jar --webgoat.build.version=$1 --server.address=0.0.0.0 > webwolf.log &
 tail -300f webgoat.log
--- a/docs/img/portfolio/cabin.png
+++ b/docs/img/portfolio/cabin.png
--- a/docs/img/portfolio/cake.png
+++ b/docs/img/portfolio/cake.png
--- a/docs/img/portfolio/circus.png
+++ b/docs/img/portfolio/circus.png
--- a/docs/img/portfolio/game.png
+++ b/docs/img/portfolio/game.png
--- a/docs/img/portfolio/safe.png
+++ b/docs/img/portfolio/safe.png
--- a/docs/img/portfolio/submarine.png
+++ b/docs/img/portfolio/submarine.png
--- a/docs/index.html
+++ b/docs/index.html
@ -2,289 +2,297 @@
 <html lang="en">
 <head>
  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+  <meta http-equiv="refresh" content="0;url=https://owasp.org/www-project-webgoat/" />
-  <meta name="description" content="WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities
+  <link rel="canonical" href="https://owasp.org/www-project-webgoat/" />
  commonly found in Java-based applications that use common and popular open source components">
  <meta name="author" content="WebGoat">
  <title>WebGoat</title>
  <!-- Bootstrap core CSS -->
  <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
  <!-- Custom fonts for this template -->
  <link href="vendor/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">
  <link href="https://fonts.googleapis.com/css?family=Montserrat:400,700" rel="stylesheet" type="text/css">
  <link href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic" rel="stylesheet" type="text/css">
  <!-- Plugin CSS -->
  <link href="vendor/magnific-popup/magnific-popup.css" rel="stylesheet" type="text/css">
  <!-- Custom styles for this template -->
  <link href="css/freelancer.min.css" rel="stylesheet">
 </head>
-
+<body>
-<body id="page-top">
+<h1>
-
+  The page been moved to <a href="https://owasp.org/www-project-webgoat/">https://owasp.org/www-project-webgoat/</a>
-  <!-- Navigation -->
+</h1>
  <nav class="navbar navbar-expand-lg bg-secondary fixed-top text-uppercase" id="mainNav">
    <div class="container">
      <!-- Brand and toggle get grouped for better mobile display -->
      <div class="navbar-header page-scroll">
        <img class="img-responsive" src="img/profile.png" alt="">
      </div>
    </div>
  </nav>
  <!-- Header -->
  <header class="masthead bg-primary text-white text-center">
    <div class="container">
      <div class="row">
        <div class="col-lg-12">
          <h2 class="text-center text-uppercase mb-5">Learn the hack - Stop the attack</h2>
        </div>
      </div>
      <div class="row">
        <div class="col-lg-8 mx-auto">
          <p>WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities
            commonly found in Java-based applications that use common and popular open source components.</p>
        </div>
        <div class="col-lg-8 mx-auto">
          <a href="https://github.com/WebGoat/WebGoat/releases" class="btn btn-xl btn-outline-light">
            <i class="fa fa-download"></i> Download standalone
          </a>
          <a href="https://hub.docker.com/r/webgoat/webgoat-8.0/" class="btn btn-xl btn-outline-light">
            <i class="fa fa-download"></i> Run using Docker
          </a>
        </div>
      </div>
    </div>
  </header>
  <!-- Portfolio Grid Section -->
  <section class="portfolio" id="portfolio">
    <div class="container">
      <h3 class="text-center text-uppercase text-secondary mb-0">Learn in 3 steps</h3>
      <hr class="star-dark mb-5">
      <div class="row">
        <div class="col-md-6 col-lg-4 text-center">
          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-1">
            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">
              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">
                <i class="fa fa-search-plus fa-3x"></i>
              </div>
            </div>
            <img class="img-fluid" src="img/portfolio/teach.png" alt="">
          </a>
        </div>
        <div class="col-md-6 col-lg-4 text-center">
          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-2">
            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">
              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">
                <i class="fa fa-search-plus fa-3x"></i>
              </div>
            </div>
            <img class="img-fluid" src="img/portfolio/assignment.png" alt="">
          </a>
        </div>
        <div class="col-md-6 col-lg-4 text-center" >
          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-3">
            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">
              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">
                <i class="fa fa-search-plus fa-3x"></i>
              </div>
            </div>
            <img class="img-fluid" src="img/portfolio/mitigation.png" alt="">
          </a>
        </div>
      </div>
    </div>
  </section>
  <!-- Goals Section -->
  <section class="bg-primary text-white mb-0" id="goals">
    <div class="container">
      <h3 class="text-center text-uppercase text-white">Goals</h3>
      <hr class="star-light mb-5">
      <div class="row">
        <div class="col-lg-6 ml-auto">
          <p class="lead">
              Web application security is difficult to learn and practice. Not many people have full blown web applications like online book 
              stores or online banks that can be used to scan for vulnerabilities. In addition, security professionals frequently need to test 
              tools against a platform known to be vulnerable to ensure that they perform as advertised. All of this needs to happen in a safe 
              and legal environment.
                  </p>
        </div>
        <div class="col-lg-6 mr-auto">
          <p class="lead">Even if your intentions are good, we believe you should never attempt to find vulnerabilities without
              permission. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security. 
            In the future, the project team hopes to extend WebGoat into becoming a security benchmarking platform and a Java-based Web site Honeypot.
            </p>
        </div>
      </div>
    </div>
  </section>
   <!-- Contributing Section -->
   <section class="portfolio" id="portfolio">
      <div class="container">
        <h3 class="text-center text-uppercase text-secondary mb-0">More information</h3>
        <hr class="star-dark mb-5">
        <div class="row">
            <div class="col-lg-4 ml-auto">
                <p class="lead">For more information about running WebGoat / FAQ see our <a href="https://github.com/WebGoat/WebGoat/wiki">wiki pages.</a>
            </p>
          </div>
          <div class="col-lg-4 mr-auto">
              <p class="lead">Interested in contributing to WebGoat, take a look at our <a href="https://github.com/WebGoat/WebGoat/issues">issues.</a> </p>
          </div>
        </div>
      </div>
    </section>
  <!-- Footer -->
  <footer class="footer text-center">
    <div class="container">
      <div class="row">
        <div class="col-md-4 mb-5 mb-lg-0">
        </div>
        <div class="col-md-4 mb-5 mb-lg-0">
          <h4 class="text-uppercase mb-4">Around the Web</h4>
          <ul class="list-inline mb-0">
            <li class="list-inline-item">
                  <a class="btn btn-outline-light btn-social text-center rounded-circle" href="mailto:webgoat@owasp.org">
                    <i class="fa fa-fw fa-at"></i>
                  </a>
            </li>
            <li class="list-inline-item">
              <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://github.com/WebGoat">
                <i class="fa fa-fw fa-github"></i>
              </a>
            </li>
            <li class="list-inline-item">
                <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://stackoverflow.com/search?q=webgoat">
                  <i class="fa fa-fw fa-stack-overflow"></i>
                </a>
              </li>
            <li class="list-inline-item">
              <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://twitter.com/OWASP_WebGoat">
                <i class="fa fa-fw fa-twitter"></i>
              </a>
            </li>
            <li class="list-inline-item">
                <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://owasp.slack.com/messages/#project-webgoat/">
                  <i class="fa fa-fw fa-slack"></i>
                </a>
              </li>
          </ul>
        </div>
      </div>
    </div>
  </footer>
  <div class="copyright py-4 text-center text-white">
    <div class="container">
      <small>Team WebGoat 2019</small>
    </div>
  </div>
  <!-- Scroll to Top Button (Only visible on small and extra-small screen sizes) -->
  <div class="scroll-to-top d-lg-none position-fixed ">
    <a class="js-scroll-trigger d-block text-center text-white rounded" href="#page-top">
      <i class="fa fa-chevron-up"></i>
    </a>
  </div>
  <!-- Explain modal -->
  <div class="portfolio-modal mfp-hide" id="portfolio-modal-1">
    <div class="portfolio-modal-dialog bg-white">
      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">
        <i class="fa fa-3x fa-times"></i>
      </a>
      <div class="container text-center">
        <div class="row">
          <div class="col-lg-8 mx-auto">
            <h3 class="text-secondary text-uppercase mb-0">Explain the vulnerability</h3>
            <hr class="star-dark mb-5">
            <img class="img-fluid mb-5" src="img/portfolio/lesson.png" alt="">
            <p class="mb-5">Teaching is now a first class citizen of WebGoat, we explain explain the vulnerability. Instead of 'just hacking' we now focus on explaining from the beginning what for example a SQL injection is.
            </p>
            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">
              <i class="fa fa-close"></i>
              Close</a>
          </div>
        </div>
      </div>
    </div>
  </div>
  <!-- Assignment modal -->
  <div class="portfolio-modal mfp-hide" id="portfolio-modal-2">
    <div class="portfolio-modal-dialog bg-white">
      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">
        <i class="fa fa-3x fa-times"></i>
      </a>
      <div class="container text-center">
        <div class="row">
          <div class="col-lg-8 mx-auto">
            <h3 class="text-secondary text-uppercase mb-0">Learn by doing</h3>
            <hr class="star-dark mb-5">
            <img class="img-fluid mb-5" src="img/portfolio/assignment-example.png" alt="">
            <p class="mb-5">During the explanation of a vulnerability we build assignments which will help you understand how it works.</p>
            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">
              <i class="fa fa-close"></i>
              Close</a>
          </div>
        </div>
      </div>
    </div>
  </div>
  <!-- Mitigation modal -->
  <div class="portfolio-modal mfp-hide" id="portfolio-modal-3">
    <div class="portfolio-modal-dialog bg-white">
      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">
        <i class="fa fa-3x fa-times"></i>
      </a>
      <div class="container text-center">
        <div class="row">
          <div class="col-lg-8 mx-auto">
            <h3 class="text-secondary text-uppercase mb-0">Explain mitigations</h3>
            <hr class="star-dark mb-5">
            <img class="img-fluid mb-5" src="img/portfolio/mitigation-example.png" alt="">
            <p class="mb-5">At the end of each lesson you will receive an overview of possible mitigations which will help you during your development work.</p>
            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">
              <i class="fa fa-close"></i>
              Close</a>
          </div>
        </div>
      </div>
    </div>
  </div>
  <!-- Bootstrap core JavaScript -->
  <script src="vendor/jquery/jquery.min.js"></script>
  <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
  <!-- Plugin JavaScript -->
  <script src="vendor/jquery-easing/jquery.easing.min.js"></script>
  <script src="vendor/magnific-popup/jquery.magnific-popup.min.js"></script>
  <!-- Contact Form JavaScript -->
  <script src="js/jqBootstrapValidation.js"></script>
  <script src="js/contact_me.js"></script>
  <!-- Custom scripts for this template -->
  <script src="js/freelancer.min.js"></script>
 </body>
 </html>
 <!--<head>-->
 <!--  <meta charset="utf-8">-->
 <!--  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">-->
 <!--  <meta name="description" content="WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities-->
 <!--  commonly found in Java-based applications that use common and popular open source components">-->
 <!--  <meta name="author" content="WebGoat">-->
 <!--  <title>WebGoat</title>-->
 <!--  &lt;!&ndash; Bootstrap core CSS &ndash;&gt;-->
 <!--  <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">-->
 <!--  &lt;!&ndash; Custom fonts for this template &ndash;&gt;-->
 <!--  <link href="vendor/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">-->
 <!--  <link href="https://fonts.googleapis.com/css?family=Montserrat:400,700" rel="stylesheet" type="text/css">-->
 <!--  <link href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic" rel="stylesheet" type="text/css">-->
 <!--  &lt;!&ndash; Plugin CSS &ndash;&gt;-->
 <!--  <link href="vendor/magnific-popup/magnific-popup.css" rel="stylesheet" type="text/css">-->
 <!--  &lt;!&ndash; Custom styles for this template &ndash;&gt;-->
 <!--  <link href="css/freelancer.min.css" rel="stylesheet">-->
 <!--</head>-->
 <!--<body id="page-top">-->
 <!--  &lt;!&ndash; Navigation &ndash;&gt;-->
 <!--  <nav class="navbar navbar-expand-lg bg-secondary fixed-top text-uppercase" id="mainNav">-->
 <!--    <div class="container">-->
 <!--      &lt;!&ndash; Brand and toggle get grouped for better mobile display &ndash;&gt;-->
 <!--      <div class="navbar-header page-scroll">-->
 <!--        <img class="img-responsive" src="img/profile.png" alt="">-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </nav>-->
 <!--  &lt;!&ndash; Header &ndash;&gt;-->
 <!--  <header class="masthead bg-primary text-white text-center">-->
 <!--    <div class="container">-->
 <!--      <div class="row">-->
 <!--        <div class="col-lg-12">-->
 <!--          <h2 class="text-center text-uppercase mb-5">Learn the hack - Stop the attack</h2>-->
 <!--    -->
 <!--        </div>-->
 <!--      </div>-->
 <!--      <div class="row">-->
 <!--        <div class="col-lg-8 mx-auto">-->
 <!--          <p>WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities-->
 <!--            commonly found in Java-based applications that use common and popular open source components.</p>-->
 <!--        </div>-->
 <!--        <div class="col-lg-8 mx-auto">-->
 <!--          <a href="https://github.com/WebGoat/WebGoat/releases" class="btn btn-xl btn-outline-light">-->
 <!--            <i class="fa fa-download"></i> Download standalone-->
 <!--          </a>-->
 <!--          <a href="https://hub.docker.com/r/webgoat/webgoat-8.0/" class="btn btn-xl btn-outline-light">-->
 <!--            <i class="fa fa-download"></i> Run using Docker-->
 <!--          </a>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </header>-->
 <!--  &lt;!&ndash; Portfolio Grid Section &ndash;&gt;-->
 <!--  <section class="portfolio" id="portfolio">-->
 <!--    <div class="container">-->
 <!--      <h3 class="text-center text-uppercase text-secondary mb-0">Learn in 3 steps</h3>-->
 <!--      <hr class="star-dark mb-5">-->
 <!--      <div class="row">-->
 <!--        <div class="col-md-6 col-lg-4 text-center">-->
 <!--          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-1">-->
 <!--            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">-->
 <!--              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">-->
 <!--                <i class="fa fa-search-plus fa-3x"></i>-->
 <!--              </div>-->
 <!--            </div>-->
 <!--            <img class="img-fluid" src="img/portfolio/teach.png" alt="">-->
 <!--          </a>-->
 <!--        </div>-->
 <!--        <div class="col-md-6 col-lg-4 text-center">-->
 <!--          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-2">-->
 <!--            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">-->
 <!--              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">-->
 <!--                <i class="fa fa-search-plus fa-3x"></i>-->
 <!--              </div>-->
 <!--            </div>-->
 <!--            <img class="img-fluid" src="img/portfolio/assignment.png" alt="">-->
 <!--          </a>-->
 <!--        </div>-->
 <!--        <div class="col-md-6 col-lg-4 text-center" >-->
 <!--          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-3">-->
 <!--            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">-->
 <!--              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">-->
 <!--                <i class="fa fa-search-plus fa-3x"></i>-->
 <!--              </div>-->
 <!--            </div>-->
 <!--            <img class="img-fluid" src="img/portfolio/mitigation.png" alt="">-->
 <!--          </a>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </section>-->
 <!--  &lt;!&ndash; Goals Section &ndash;&gt;-->
 <!--  <section class="bg-primary text-white mb-0" id="goals">-->
 <!--    <div class="container">-->
 <!--      <h3 class="text-center text-uppercase text-white">Goals</h3>-->
 <!--      <hr class="star-light mb-5">-->
 <!--      <div class="row">-->
 <!--        <div class="col-lg-6 ml-auto">-->
 <!--          <p class="lead">-->
 <!--              Web application security is difficult to learn and practice. Not many people have full blown web applications like online book -->
 <!--              stores or online banks that can be used to scan for vulnerabilities. In addition, security professionals frequently need to test -->
 <!--              tools against a platform known to be vulnerable to ensure that they perform as advertised. All of this needs to happen in a safe -->
 <!--              and legal environment.-->
 <!--              -->
 <!--                  </p>-->
 <!--        </div>-->
 <!--        <div class="col-lg-6 mr-auto">-->
 <!--          <p class="lead">Even if your intentions are good, we believe you should never attempt to find vulnerabilities without-->
 <!--              permission. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security. -->
 <!--            In the future, the project team hopes to extend WebGoat into becoming a security benchmarking platform and a Java-based Web site Honeypot.-->
 <!--            </p>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </section>-->
 <!--   &lt;!&ndash; Contributing Section &ndash;&gt;-->
 <!--   <section class="portfolio" id="portfolio">-->
 <!--      <div class="container">-->
 <!--        <h3 class="text-center text-uppercase text-secondary mb-0">More information</h3>-->
 <!--        <hr class="star-dark mb-5">-->
 <!--        <div class="row">-->
 <!--            <div class="col-lg-4 ml-auto">-->
 <!--                <p class="lead">For more information about running WebGoat / FAQ see our <a href="https://github.com/WebGoat/WebGoat/wiki">wiki pages.</a>-->
 <!--            </p>-->
 <!--          </div>-->
 <!--          <div class="col-lg-4 mr-auto">-->
 <!--              <p class="lead">Interested in contributing to WebGoat, take a look at our <a href="https://github.com/WebGoat/WebGoat/issues">issues.</a> </p>-->
 <!--          </div>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </section>-->
 <!--  -->
 <!--  &lt;!&ndash; Footer &ndash;&gt;-->
 <!--  <footer class="footer text-center">-->
 <!--    <div class="container">-->
 <!--      <div class="row">-->
 <!--        <div class="col-md-4 mb-5 mb-lg-0">-->
 <!--        </div>-->
 <!--        <div class="col-md-4 mb-5 mb-lg-0">-->
 <!--          <h4 class="text-uppercase mb-4">Around the Web</h4>-->
 <!--          <ul class="list-inline mb-0">-->
 <!--            <li class="list-inline-item">-->
 <!--                  <a class="btn btn-outline-light btn-social text-center rounded-circle" href="mailto:webgoat@owasp.org">-->
 <!--                    <i class="fa fa-fw fa-at"></i>-->
 <!--                  </a>-->
 <!--            </li>-->
 <!--            <li class="list-inline-item">-->
 <!--              <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://github.com/WebGoat">-->
 <!--                <i class="fa fa-fw fa-github"></i>-->
 <!--              </a>-->
 <!--            </li>-->
 <!--            <li class="list-inline-item">-->
 <!--                <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://stackoverflow.com/search?q=webgoat">-->
 <!--                  <i class="fa fa-fw fa-stack-overflow"></i>-->
 <!--                </a>-->
 <!--              </li>-->
 <!--            <li class="list-inline-item">-->
 <!--              <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://twitter.com/OWASP_WebGoat">-->
 <!--                <i class="fa fa-fw fa-twitter"></i>-->
 <!--              </a>-->
 <!--            </li>-->
 <!--            <li class="list-inline-item">-->
 <!--                <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://owasp.slack.com/messages/#project-webgoat/">-->
 <!--                  <i class="fa fa-fw fa-slack"></i>-->
 <!--                </a>-->
 <!--              </li>-->
 <!--          </ul>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </footer>-->
 <!--  <div class="copyright py-4 text-center text-white">-->
 <!--    <div class="container">-->
 <!--      <small>Team WebGoat 2019</small>-->
 <!--    </div>-->
 <!--  </div>-->
 <!--  &lt;!&ndash; Scroll to Top Button (Only visible on small and extra-small screen sizes) &ndash;&gt;-->
 <!--  <div class="scroll-to-top d-lg-none position-fixed ">-->
 <!--    <a class="js-scroll-trigger d-block text-center text-white rounded" href="#page-top">-->
 <!--      <i class="fa fa-chevron-up"></i>-->
 <!--    </a>-->
 <!--  </div>-->
 <!--  &lt;!&ndash; Explain modal &ndash;&gt;-->
 <!--  <div class="portfolio-modal mfp-hide" id="portfolio-modal-1">-->
 <!--    <div class="portfolio-modal-dialog bg-white">-->
 <!--      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">-->
 <!--        <i class="fa fa-3x fa-times"></i>-->
 <!--      </a>-->
 <!--      <div class="container text-center">-->
 <!--        <div class="row">-->
 <!--          <div class="col-lg-8 mx-auto">-->
 <!--            <h3 class="text-secondary text-uppercase mb-0">Explain the vulnerability</h3>-->
 <!--            <hr class="star-dark mb-5">-->
 <!--            <img class="img-fluid mb-5" src="img/portfolio/lesson.png" alt="">-->
 <!--            <p class="mb-5">Teaching is now a first class citizen of WebGoat, we explain explain the vulnerability. Instead of 'just hacking' we now focus on explaining from the beginning what for example a SQL injection is.-->
 <!--            </p>-->
 <!--            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">-->
 <!--              <i class="fa fa-close"></i>-->
 <!--              Close</a>-->
 <!--          </div>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </div>-->
 <!--  &lt;!&ndash; Assignment modal &ndash;&gt;-->
 <!--  <div class="portfolio-modal mfp-hide" id="portfolio-modal-2">-->
 <!--    <div class="portfolio-modal-dialog bg-white">-->
 <!--      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">-->
 <!--        <i class="fa fa-3x fa-times"></i>-->
 <!--      </a>-->
 <!--      <div class="container text-center">-->
 <!--        <div class="row">-->
 <!--          <div class="col-lg-8 mx-auto">-->
 <!--            <h3 class="text-secondary text-uppercase mb-0">Learn by doing</h3>-->
 <!--            <hr class="star-dark mb-5">-->
 <!--            <img class="img-fluid mb-5" src="img/portfolio/assignment-example.png" alt="">-->
 <!--            <p class="mb-5">During the explanation of a vulnerability we build assignments which will help you understand how it works.</p>-->
 <!--            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">-->
 <!--              <i class="fa fa-close"></i>-->
 <!--              Close</a>-->
 <!--          </div>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </div>-->
 <!--  &lt;!&ndash; Mitigation modal &ndash;&gt;-->
 <!--  <div class="portfolio-modal mfp-hide" id="portfolio-modal-3">-->
 <!--    <div class="portfolio-modal-dialog bg-white">-->
 <!--      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">-->
 <!--        <i class="fa fa-3x fa-times"></i>-->
 <!--      </a>-->
 <!--      <div class="container text-center">-->
 <!--        <div class="row">-->
 <!--          <div class="col-lg-8 mx-auto">-->
 <!--            <h3 class="text-secondary text-uppercase mb-0">Explain mitigations</h3>-->
 <!--            <hr class="star-dark mb-5">-->
 <!--            <img class="img-fluid mb-5" src="img/portfolio/mitigation-example.png" alt="">-->
 <!--            <p class="mb-5">At the end of each lesson you will receive an overview of possible mitigations which will help you during your development work.</p>-->
 <!--            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">-->
 <!--              <i class="fa fa-close"></i>-->
 <!--              Close</a>-->
 <!--          </div>-->
 <!--        </div>-->
 <!--      </div>-->
 <!--    </div>-->
 <!--  </div>-->
 <!--  &lt;!&ndash; Bootstrap core JavaScript &ndash;&gt;-->
 <!--  <script src="vendor/jquery/jquery.min.js"></script>-->
 <!--  <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>-->
 <!--  &lt;!&ndash; Plugin JavaScript &ndash;&gt;-->
 <!--  <script src="vendor/jquery-easing/jquery.easing.min.js"></script>-->
 <!--  <script src="vendor/magnific-popup/jquery.magnific-popup.min.js"></script>-->
 <!--  &lt;!&ndash; Custom scripts for this template &ndash;&gt;-->
 <!--  <script src="js/freelancer.min.js"></script>-->
 <!--</body>-->
 <!--</html>-->
--- a/docs/js/contact_me.js
+++ b/docs/js/contact_me.js
@ -1,75 +0,0 @@
 $(function() {
  $("#contactForm input,#contactForm textarea").jqBootstrapValidation({
    preventSubmit: true,
    submitError: function($form, event, errors) {
      // additional error messages or events
    },
    submitSuccess: function($form, event) {
      event.preventDefault(); // prevent default submit behaviour
      // get values from FORM
      var name = $("input#name").val();
      var email = $("input#email").val();
      var phone = $("input#phone").val();
      var message = $("textarea#message").val();
      var firstName = name; // For Success/Failure Message
      // Check for white space in name for Success/Fail message
      if (firstName.indexOf(' ') >= 0) {
        firstName = name.split(' ').slice(0, -1).join(' ');
      }
      $this = $("#sendMessageButton");
      $this.prop("disabled", true); // Disable submit button until AJAX call is complete to prevent duplicate messages
      $.ajax({
        url: "././mail/contact_me.php",
        type: "POST",
        data: {
          name: name,
          phone: phone,
          email: email,
          message: message
        },
        cache: false,
        success: function() {
          // Success message
          $('#success').html("<div class='alert alert-success'>");
          $('#success > .alert-success').html("<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;")
            .append("</button>");
          $('#success > .alert-success')
            .append("<strong>Your message has been sent. </strong>");
          $('#success > .alert-success')
            .append('</div>');
          //clear all fields
          $('#contactForm').trigger("reset");
        },
        error: function() {
          // Fail message
          $('#success').html("<div class='alert alert-danger'>");
          $('#success > .alert-danger').html("<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;")
            .append("</button>");
          $('#success > .alert-danger').append($("<strong>").text("Sorry " + firstName + ", it seems that my mail server is not responding. Please try again later!"));
          $('#success > .alert-danger').append('</div>');
          //clear all fields
          $('#contactForm').trigger("reset");
        },
        complete: function() {
          setTimeout(function() {
            $this.prop("disabled", false); // Re-enable submit button when AJAX call is complete
          }, 1000);
        }
      });
    },
    filter: function() {
      return $(this).is(":visible");
    },
  });
  $("a[data-toggle=\"tab\"]").click(function(e) {
    e.preventDefault();
    $(this).tab("show");
  });
 });
 /*When clicking on Full hide fail/success boxes */
 $('#name').focus(function() {
  $('#success').html('');
 });
--- a/docs/js/jqBootstrapValidation.js
+++ b/docs/js/jqBootstrapValidation.js
@ -1,912 +0,0 @@
 /* jqBootstrapValidation
 * A plugin for automating validation on Twitter Bootstrap formatted forms.
 *
 * v1.3.6
 *
 * License: MIT <http://opensource.org/licenses/mit-license.php> - see LICENSE file
 *
 * http://ReactiveRaven.github.com/jqBootstrapValidation/
 */
 (function( $ ){
 	var createdElements = [];
 	var defaults = {
 		options: {
 			prependExistingHelpBlock: false,
 			sniffHtml: true, // sniff for 'required', 'maxlength', etc
 			preventSubmit: true, // stop the form submit event from firing if validation fails
 			submitError: false, // function called if there is an error when trying to submit
 			submitSuccess: false, // function called just before a successful submit event is sent to the server
            semanticallyStrict: false, // set to true to tidy up generated HTML output
 			autoAdd: {
 				helpBlocks: true
 			},
            filter: function () {
                // return $(this).is(":visible"); // only validate elements you can see
                return true; // validate everything
            }
 		},
    methods: {
      init : function( options ) {
        var settings = $.extend(true, {}, defaults);
        settings.options = $.extend(true, settings.options, options);
        var $siblingElements = this;
        var uniqueForms = $.unique(
          $siblingElements.map( function () {
            return $(this).parents("form")[0];
          }).toArray()
        );
        $(uniqueForms).bind("submit", function (e) {
          var $form = $(this);
          var warningsFound = 0;
          var $inputs = $form.find("input,textarea,select").not("[type=submit],[type=image]").filter(settings.options.filter);
          $inputs.trigger("submit.validation").trigger("validationLostFocus.validation");
          $inputs.each(function (i, el) {
            var $this = $(el),
              $controlGroup = $this.parents(".control-group").first();
            if (
              $controlGroup.hasClass("warning")
            ) {
              $controlGroup.removeClass("warning").addClass("error");
              warningsFound++;
            }
          });
          $inputs.trigger("validationLostFocus.validation");
          if (warningsFound) {
            if (settings.options.preventSubmit) {
              e.preventDefault();
            }
            $form.addClass("error");
            if ($.isFunction(settings.options.submitError)) {
              settings.options.submitError($form, e, $inputs.jqBootstrapValidation("collectErrors", true));
            }
          } else {
            $form.removeClass("error");
            if ($.isFunction(settings.options.submitSuccess)) {
              settings.options.submitSuccess($form, e);
            }
          }
        });
        return this.each(function(){
          // Get references to everything we're interested in
          var $this = $(this),
            $controlGroup = $this.parents(".control-group").first(),
            $helpBlock = $controlGroup.find(".help-block").first(),
            $form = $this.parents("form").first(),
            validatorNames = [];
          // create message container if not exists
          if (!$helpBlock.length && settings.options.autoAdd && settings.options.autoAdd.helpBlocks) {
              $helpBlock = $('<div class="help-block" />');
              $controlGroup.find('.controls').append($helpBlock);
 							createdElements.push($helpBlock[0]);
          }
          // =============================================================
          //                                     SNIFF HTML FOR VALIDATORS
          // =============================================================
          // *snort sniff snuffle*
          if (settings.options.sniffHtml) {
            var message = "";
            // ---------------------------------------------------------
            //                                                   PATTERN
            // ---------------------------------------------------------
            if ($this.attr("pattern") !== undefined) {
              message = "Not in the expected format<!-- data-validation-pattern-message to override -->";
              if ($this.data("validationPatternMessage")) {
                message = $this.data("validationPatternMessage");
              }
              $this.data("validationPatternMessage", message);
              $this.data("validationPatternRegex", $this.attr("pattern"));
            }
            // ---------------------------------------------------------
            //                                                       MAX
            // ---------------------------------------------------------
            if ($this.attr("max") !== undefined || $this.attr("aria-valuemax") !== undefined) {
              var max = ($this.attr("max") !== undefined ? $this.attr("max") : $this.attr("aria-valuemax"));
              message = "Too high: Maximum of '" + max + "'<!-- data-validation-max-message to override -->";
              if ($this.data("validationMaxMessage")) {
                message = $this.data("validationMaxMessage");
              }
              $this.data("validationMaxMessage", message);
              $this.data("validationMaxMax", max);
            }
            // ---------------------------------------------------------
            //                                                       MIN
            // ---------------------------------------------------------
            if ($this.attr("min") !== undefined || $this.attr("aria-valuemin") !== undefined) {
              var min = ($this.attr("min") !== undefined ? $this.attr("min") : $this.attr("aria-valuemin"));
              message = "Too low: Minimum of '" + min + "'<!-- data-validation-min-message to override -->";
              if ($this.data("validationMinMessage")) {
                message = $this.data("validationMinMessage");
              }
              $this.data("validationMinMessage", message);
              $this.data("validationMinMin", min);
            }
            // ---------------------------------------------------------
            //                                                 MAXLENGTH
            // ---------------------------------------------------------
            if ($this.attr("maxlength") !== undefined) {
              message = "Too long: Maximum of '" + $this.attr("maxlength") + "' characters<!-- data-validation-maxlength-message to override -->";
              if ($this.data("validationMaxlengthMessage")) {
                message = $this.data("validationMaxlengthMessage");
              }
              $this.data("validationMaxlengthMessage", message);
              $this.data("validationMaxlengthMaxlength", $this.attr("maxlength"));
            }
            // ---------------------------------------------------------
            //                                                 MINLENGTH
            // ---------------------------------------------------------
            if ($this.attr("minlength") !== undefined) {
              message = "Too short: Minimum of '" + $this.attr("minlength") + "' characters<!-- data-validation-minlength-message to override -->";
              if ($this.data("validationMinlengthMessage")) {
                message = $this.data("validationMinlengthMessage");
              }
              $this.data("validationMinlengthMessage", message);
              $this.data("validationMinlengthMinlength", $this.attr("minlength"));
            }
            // ---------------------------------------------------------
            //                                                  REQUIRED
            // ---------------------------------------------------------
            if ($this.attr("required") !== undefined || $this.attr("aria-required") !== undefined) {
              message = settings.builtInValidators.required.message;
              if ($this.data("validationRequiredMessage")) {
                message = $this.data("validationRequiredMessage");
              }
              $this.data("validationRequiredMessage", message);
            }
            // ---------------------------------------------------------
            //                                                    NUMBER
            // ---------------------------------------------------------
            if ($this.attr("type") !== undefined && $this.attr("type").toLowerCase() === "number") {
              message = settings.builtInValidators.number.message;
              if ($this.data("validationNumberMessage")) {
                message = $this.data("validationNumberMessage");
              }
              $this.data("validationNumberMessage", message);
            }
            // ---------------------------------------------------------
            //                                                     EMAIL
            // ---------------------------------------------------------
            if ($this.attr("type") !== undefined && $this.attr("type").toLowerCase() === "email") {
              message = "Not a valid email address<!-- data-validator-validemail-message to override -->";
              if ($this.data("validationValidemailMessage")) {
                message = $this.data("validationValidemailMessage");
              } else if ($this.data("validationEmailMessage")) {
                message = $this.data("validationEmailMessage");
              }
              $this.data("validationValidemailMessage", message);
            }
            // ---------------------------------------------------------
            //                                                MINCHECKED
            // ---------------------------------------------------------
            if ($this.attr("minchecked") !== undefined) {
              message = "Not enough options checked; Minimum of '" + $this.attr("minchecked") + "' required<!-- data-validation-minchecked-message to override -->";
              if ($this.data("validationMincheckedMessage")) {
                message = $this.data("validationMincheckedMessage");
              }
              $this.data("validationMincheckedMessage", message);
              $this.data("validationMincheckedMinchecked", $this.attr("minchecked"));
            }
            // ---------------------------------------------------------
            //                                                MAXCHECKED
            // ---------------------------------------------------------
            if ($this.attr("maxchecked") !== undefined) {
              message = "Too many options checked; Maximum of '" + $this.attr("maxchecked") + "' required<!-- data-validation-maxchecked-message to override -->";
              if ($this.data("validationMaxcheckedMessage")) {
                message = $this.data("validationMaxcheckedMessage");
              }
              $this.data("validationMaxcheckedMessage", message);
              $this.data("validationMaxcheckedMaxchecked", $this.attr("maxchecked"));
            }
          }
          // =============================================================
          //                                       COLLECT VALIDATOR NAMES
          // =============================================================
          // Get named validators
          if ($this.data("validation") !== undefined) {
            validatorNames = $this.data("validation").split(",");
          }
          // Get extra ones defined on the element's data attributes
          $.each($this.data(), function (i, el) {
            var parts = i.replace(/([A-Z])/g, ",$1").split(",");
            if (parts[0] === "validation" && parts[1]) {
              validatorNames.push(parts[1]);
            }
          });
          // =============================================================
          //                                     NORMALISE VALIDATOR NAMES
          // =============================================================
          var validatorNamesToInspect = validatorNames;
          var newValidatorNamesToInspect = [];
          do // repeatedly expand 'shortcut' validators into their real validators
          {
            // Uppercase only the first letter of each name
            $.each(validatorNames, function (i, el) {
              validatorNames[i] = formatValidatorName(el);
            });
            // Remove duplicate validator names
            validatorNames = $.unique(validatorNames);
            // Pull out the new validator names from each shortcut
            newValidatorNamesToInspect = [];
            $.each(validatorNamesToInspect, function(i, el) {
              if ($this.data("validation" + el + "Shortcut") !== undefined) {
                // Are these custom validators?
                // Pull them out!
                $.each($this.data("validation" + el + "Shortcut").split(","), function(i2, el2) {
                  newValidatorNamesToInspect.push(el2);
                });
              } else if (settings.builtInValidators[el.toLowerCase()]) {
                // Is this a recognised built-in?
                // Pull it out!
                var validator = settings.builtInValidators[el.toLowerCase()];
                if (validator.type.toLowerCase() === "shortcut") {
                  $.each(validator.shortcut.split(","), function (i, el) {
                    el = formatValidatorName(el);
                    newValidatorNamesToInspect.push(el);
                    validatorNames.push(el);
                  });
                }
              }
            });
            validatorNamesToInspect = newValidatorNamesToInspect;
          } while (validatorNamesToInspect.length > 0)
          // =============================================================
          //                                       SET UP VALIDATOR ARRAYS
          // =============================================================
          var validators = {};
          $.each(validatorNames, function (i, el) {
            // Set up the 'override' message
            var message = $this.data("validation" + el + "Message");
            var hasOverrideMessage = (message !== undefined);
            var foundValidator = false;
            message =
              (
                message
                  ? message
                  : "'" + el + "' validation failed <!-- Add attribute 'data-validation-" + el.toLowerCase() + "-message' to input to change this message -->"
              )
            ;
            $.each(
              settings.validatorTypes,
              function (validatorType, validatorTemplate) {
                if (validators[validatorType] === undefined) {
                  validators[validatorType] = [];
                }
                if (!foundValidator && $this.data("validation" + el + formatValidatorName(validatorTemplate.name)) !== undefined) {
                  validators[validatorType].push(
                    $.extend(
                      true,
                      {
                        name: formatValidatorName(validatorTemplate.name),
                        message: message
                      },
                      validatorTemplate.init($this, el)
                    )
                  );
                  foundValidator = true;
                }
              }
            );
            if (!foundValidator && settings.builtInValidators[el.toLowerCase()]) {
              var validator = $.extend(true, {}, settings.builtInValidators[el.toLowerCase()]);
              if (hasOverrideMessage) {
                validator.message = message;
              }
              var validatorType = validator.type.toLowerCase();
              if (validatorType === "shortcut") {
                foundValidator = true;
              } else {
                $.each(
                  settings.validatorTypes,
                  function (validatorTemplateType, validatorTemplate) {
                    if (validators[validatorTemplateType] === undefined) {
                      validators[validatorTemplateType] = [];
                    }
                    if (!foundValidator && validatorType === validatorTemplateType.toLowerCase()) {
                      $this.data("validation" + el + formatValidatorName(validatorTemplate.name), validator[validatorTemplate.name.toLowerCase()]);
                      validators[validatorType].push(
                        $.extend(
                          validator,
                          validatorTemplate.init($this, el)
                        )
                      );
                      foundValidator = true;
                    }
                  }
                );
              }
            }
            if (! foundValidator) {
              $.error("Cannot find validation info for '" + el + "'");
            }
          });
          // =============================================================
          //                                         STORE FALLBACK VALUES
          // =============================================================
          $helpBlock.data(
            "original-contents",
            (
              $helpBlock.data("original-contents")
                ? $helpBlock.data("original-contents")
                : $helpBlock.html()
            )
          );
          $helpBlock.data(
            "original-role",
            (
              $helpBlock.data("original-role")
                ? $helpBlock.data("original-role")
                : $helpBlock.attr("role")
            )
          );
          $controlGroup.data(
            "original-classes",
            (
              $controlGroup.data("original-clases")
                ? $controlGroup.data("original-classes")
                : $controlGroup.attr("class")
            )
          );
          $this.data(
            "original-aria-invalid",
            (
              $this.data("original-aria-invalid")
                ? $this.data("original-aria-invalid")
                : $this.attr("aria-invalid")
            )
          );
          // =============================================================
          //                                                    VALIDATION
          // =============================================================
          $this.bind(
            "validation.validation",
            function (event, params) {
              var value = getValue($this);
              // Get a list of the errors to apply
              var errorsFound = [];
              $.each(validators, function (validatorType, validatorTypeArray) {
                if (value || value.length || (params && params.includeEmpty) || (!!settings.validatorTypes[validatorType].blockSubmit && params && !!params.submitting)) {
                  $.each(validatorTypeArray, function (i, validator) {
                    if (settings.validatorTypes[validatorType].validate($this, value, validator)) {
                      errorsFound.push(validator.message);
                    }
                  });
                }
              });
              return errorsFound;
            }
          );
          $this.bind(
            "getValidators.validation",
            function () {
              return validators;
            }
          );
          // =============================================================
          //                                             WATCH FOR CHANGES
          // =============================================================
          $this.bind(
            "submit.validation",
            function () {
              return $this.triggerHandler("change.validation", {submitting: true});
            }
          );
          $this.bind(
            [
              "keyup",
              "focus",
              "blur",
              "click",
              "keydown",
              "keypress",
              "change"
            ].join(".validation ") + ".validation",
            function (e, params) {
              var value = getValue($this);
              var errorsFound = [];
              $controlGroup.find("input,textarea,select").each(function (i, el) {
                var oldCount = errorsFound.length;
                $.each($(el).triggerHandler("validation.validation", params), function (j, message) {
                  errorsFound.push(message);
                });
                if (errorsFound.length > oldCount) {
                  $(el).attr("aria-invalid", "true");
                } else {
                  var original = $this.data("original-aria-invalid");
                  $(el).attr("aria-invalid", (original !== undefined ? original : false));
                }
              });
              $form.find("input,select,textarea").not($this).not("[name=\"" + $this.attr("name") + "\"]").trigger("validationLostFocus.validation");
              errorsFound = $.unique(errorsFound.sort());
              // Were there any errors?
              if (errorsFound.length) {
                // Better flag it up as a warning.
                $controlGroup.removeClass("success error").addClass("warning");
                // How many errors did we find?
                if (settings.options.semanticallyStrict && errorsFound.length === 1) {
                  // Only one? Being strict? Just output it.
                  $helpBlock.html(errorsFound[0] + 
                    ( settings.options.prependExistingHelpBlock ? $helpBlock.data("original-contents") : "" ));
                } else {
                  // Multiple? Being sloppy? Glue them together into an UL.
                  $helpBlock.html("<ul role=\"alert\"><li>" + errorsFound.join("</li><li>") + "</li></ul>" +
                    ( settings.options.prependExistingHelpBlock ? $helpBlock.data("original-contents") : "" ));
                }
              } else {
                $controlGroup.removeClass("warning error success");
                if (value.length > 0) {
                  $controlGroup.addClass("success");
                }
                $helpBlock.html($helpBlock.data("original-contents"));
              }
              if (e.type === "blur") {
                $controlGroup.removeClass("success");
              }
            }
          );
          $this.bind("validationLostFocus.validation", function () {
            $controlGroup.removeClass("success");
          });
        });
      },
      destroy : function( ) {
        return this.each(
          function() {
            var
              $this = $(this),
              $controlGroup = $this.parents(".control-group").first(),
              $helpBlock = $controlGroup.find(".help-block").first();
            // remove our events
            $this.unbind('.validation'); // events are namespaced.
            // reset help text
            $helpBlock.html($helpBlock.data("original-contents"));
            // reset classes
            $controlGroup.attr("class", $controlGroup.data("original-classes"));
            // reset aria
            $this.attr("aria-invalid", $this.data("original-aria-invalid"));
            // reset role
            $helpBlock.attr("role", $this.data("original-role"));
 						// remove all elements we created
 						if (createdElements.indexOf($helpBlock[0]) > -1) {
 							$helpBlock.remove();
 						}
          }
        );
      },
      collectErrors : function(includeEmpty) {
        var errorMessages = {};
        this.each(function (i, el) {
          var $el = $(el);
          var name = $el.attr("name");
          var errors = $el.triggerHandler("validation.validation", {includeEmpty: true});
          errorMessages[name] = $.extend(true, errors, errorMessages[name]);
        });
        $.each(errorMessages, function (i, el) {
          if (el.length === 0) {
            delete errorMessages[i];
          }
        });
        return errorMessages;
      },
      hasErrors: function() {
        var errorMessages = [];
        this.each(function (i, el) {
          errorMessages = errorMessages.concat(
            $(el).triggerHandler("getValidators.validation") ? $(el).triggerHandler("validation.validation", {submitting: true}) : []
          );
        });
        return (errorMessages.length > 0);
      },
      override : function (newDefaults) {
        defaults = $.extend(true, defaults, newDefaults);
      }
    },
 		validatorTypes: {
      callback: {
        name: "callback",
        init: function ($this, name) {
          return {
            validatorName: name,
            callback: $this.data("validation" + name + "Callback"),
            lastValue: $this.val(),
            lastValid: true,
            lastFinished: true
          };
        },
        validate: function ($this, value, validator) {
          if (validator.lastValue === value && validator.lastFinished) {
            return !validator.lastValid;
          }
          if (validator.lastFinished === true)
          {
            validator.lastValue = value;
            validator.lastValid = true;
            validator.lastFinished = false;
            var rrjqbvValidator = validator;
            var rrjqbvThis = $this;
            executeFunctionByName(
              validator.callback,
              window,
              $this,
              value,
              function (data) {
                if (rrjqbvValidator.lastValue === data.value) {
                  rrjqbvValidator.lastValid = data.valid;
                  if (data.message) {
                    rrjqbvValidator.message = data.message;
                  }
                  rrjqbvValidator.lastFinished = true;
                  rrjqbvThis.data("validation" + rrjqbvValidator.validatorName + "Message", rrjqbvValidator.message);
                  // Timeout is set to avoid problems with the events being considered 'already fired'
                  setTimeout(function () {
                    rrjqbvThis.trigger("change.validation");
                  }, 1); // doesn't need a long timeout, just long enough for the event bubble to burst
                }
              }
            );
          }
          return false;
        }
      },
      ajax: {
        name: "ajax",
        init: function ($this, name) {
          return {
            validatorName: name,
            url: $this.data("validation" + name + "Ajax"),
            lastValue: $this.val(),
            lastValid: true,
            lastFinished: true
          };
        },
        validate: function ($this, value, validator) {
          if (""+validator.lastValue === ""+value && validator.lastFinished === true) {
            return validator.lastValid === false;
          }
          if (validator.lastFinished === true)
          {
            validator.lastValue = value;
            validator.lastValid = true;
            validator.lastFinished = false;
            $.ajax({
              url: validator.url,
              data: "value=" + value + "&field=" + $this.attr("name"),
              dataType: "json",
              success: function (data) {
                if (""+validator.lastValue === ""+data.value) {
                  validator.lastValid = !!(data.valid);
                  if (data.message) {
                    validator.message = data.message;
                  }
                  validator.lastFinished = true;
                  $this.data("validation" + validator.validatorName + "Message", validator.message);
                  // Timeout is set to avoid problems with the events being considered 'already fired'
                  setTimeout(function () {
                    $this.trigger("change.validation");
                  }, 1); // doesn't need a long timeout, just long enough for the event bubble to burst
                }
              },
              failure: function () {
                validator.lastValid = true;
                validator.message = "ajax call failed";
                validator.lastFinished = true;
                $this.data("validation" + validator.validatorName + "Message", validator.message);
                // Timeout is set to avoid problems with the events being considered 'already fired'
                setTimeout(function () {
                  $this.trigger("change.validation");
                }, 1); // doesn't need a long timeout, just long enough for the event bubble to burst
              }
            });
          }
          return false;
        }
      },
 			regex: {
 				name: "regex",
 				init: function ($this, name) {
 					return {regex: regexFromString($this.data("validation" + name + "Regex"))};
 				},
 				validate: function ($this, value, validator) {
 					return (!validator.regex.test(value) && ! validator.negative)
 						|| (validator.regex.test(value) && validator.negative);
 				}
 			},
 			required: {
 				name: "required",
 				init: function ($this, name) {
 					return {};
 				},
 				validate: function ($this, value, validator) {
 					return !!(value.length === 0  && ! validator.negative)
 						|| !!(value.length > 0 && validator.negative);
 				},
        blockSubmit: true
 			},
 			match: {
 				name: "match",
 				init: function ($this, name) {
 					var element = $this.parents("form").first().find("[name=\"" + $this.data("validation" + name + "Match") + "\"]").first();
 					element.bind("validation.validation", function () {
 						$this.trigger("change.validation", {submitting: true});
 					});
 					return {"element": element};
 				},
 				validate: function ($this, value, validator) {
 					return (value !== validator.element.val() && ! validator.negative)
 						|| (value === validator.element.val() && validator.negative);
 				},
        blockSubmit: true
 			},
 			max: {
 				name: "max",
 				init: function ($this, name) {
 					return {max: $this.data("validation" + name + "Max")};
 				},
 				validate: function ($this, value, validator) {
 					return (parseFloat(value, 10) > parseFloat(validator.max, 10) && ! validator.negative)
 						|| (parseFloat(value, 10) <= parseFloat(validator.max, 10) && validator.negative);
 				}
 			},
 			min: {
 				name: "min",
 				init: function ($this, name) {
 					return {min: $this.data("validation" + name + "Min")};
 				},
 				validate: function ($this, value, validator) {
 					return (parseFloat(value) < parseFloat(validator.min) && ! validator.negative)
 						|| (parseFloat(value) >= parseFloat(validator.min) && validator.negative);
 				}
 			},
 			maxlength: {
 				name: "maxlength",
 				init: function ($this, name) {
 					return {maxlength: $this.data("validation" + name + "Maxlength")};
 				},
 				validate: function ($this, value, validator) {
 					return ((value.length > validator.maxlength) && ! validator.negative)
 						|| ((value.length <= validator.maxlength) && validator.negative);
 				}
 			},
 			minlength: {
 				name: "minlength",
 				init: function ($this, name) {
 					return {minlength: $this.data("validation" + name + "Minlength")};
 				},
 				validate: function ($this, value, validator) {
 					return ((value.length < validator.minlength) && ! validator.negative)
 						|| ((value.length >= validator.minlength) && validator.negative);
 				}
 			},
 			maxchecked: {
 				name: "maxchecked",
 				init: function ($this, name) {
 					var elements = $this.parents("form").first().find("[name=\"" + $this.attr("name") + "\"]");
 					elements.bind("click.validation", function () {
 						$this.trigger("change.validation", {includeEmpty: true});
 					});
 					return {maxchecked: $this.data("validation" + name + "Maxchecked"), elements: elements};
 				},
 				validate: function ($this, value, validator) {
 					return (validator.elements.filter(":checked").length > validator.maxchecked && ! validator.negative)
 						|| (validator.elements.filter(":checked").length <= validator.maxchecked && validator.negative);
 				},
        blockSubmit: true
 			},
 			minchecked: {
 				name: "minchecked",
 				init: function ($this, name) {
 					var elements = $this.parents("form").first().find("[name=\"" + $this.attr("name") + "\"]");
 					elements.bind("click.validation", function () {
 						$this.trigger("change.validation", {includeEmpty: true});
 					});
 					return {minchecked: $this.data("validation" + name + "Minchecked"), elements: elements};
 				},
 				validate: function ($this, value, validator) {
 					return (validator.elements.filter(":checked").length < validator.minchecked && ! validator.negative)
 						|| (validator.elements.filter(":checked").length >= validator.minchecked && validator.negative);
 				},
        blockSubmit: true
 			}
 		},
 		builtInValidators: {
 			email: {
 				name: "Email",
 				type: "shortcut",
 				shortcut: "validemail"
 			},
 			validemail: {
 				name: "Validemail",
 				type: "regex",
 				regex: "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\\.[A-Za-z]{2,4}",
 				message: "Not a valid email address<!-- data-validator-validemail-message to override -->"
 			},
 			passwordagain: {
 				name: "Passwordagain",
 				type: "match",
 				match: "password",
 				message: "Does not match the given password<!-- data-validator-paswordagain-message to override -->"
 			},
 			positive: {
 				name: "Positive",
 				type: "shortcut",
 				shortcut: "number,positivenumber"
 			},
 			negative: {
 				name: "Negative",
 				type: "shortcut",
 				shortcut: "number,negativenumber"
 			},
 			number: {
 				name: "Number",
 				type: "regex",
 				regex: "([+-]?\\\d+(\\\.\\\d*)?([eE][+-]?[0-9]+)?)?",
 				message: "Must be a number<!-- data-validator-number-message to override -->"
 			},
 			integer: {
 				name: "Integer",
 				type: "regex",
 				regex: "[+-]?\\\d+",
 				message: "No decimal places allowed<!-- data-validator-integer-message to override -->"
 			},
 			positivenumber: {
 				name: "Positivenumber",
 				type: "min",
 				min: 0,
 				message: "Must be a positive number<!-- data-validator-positivenumber-message to override -->"
 			},
 			negativenumber: {
 				name: "Negativenumber",
 				type: "max",
 				max: 0,
 				message: "Must be a negative number<!-- data-validator-negativenumber-message to override -->"
 			},
 			required: {
 				name: "Required",
 				type: "required",
 				message: "This is required<!-- data-validator-required-message to override -->"
 			},
 			checkone: {
 				name: "Checkone",
 				type: "minchecked",
 				minchecked: 1,
 				message: "Check at least one option<!-- data-validation-checkone-message to override -->"
 			}
 		}
 	};
 	var formatValidatorName = function (name) {
 		return name
 			.toLowerCase()
 			.replace(
 				/(^|\s)([a-z])/g ,
 				function(m,p1,p2) {
 					return p1+p2.toUpperCase();
 				}
 			)
 		;
 	};
 	var getValue = function ($this) {
 		// Extract the value we're talking about
 		var value = $this.val();
 		var type = $this.attr("type");
 		if (type === "checkbox") {
 			value = ($this.is(":checked") ? value : "");
 		}
 		if (type === "radio") {
 			value = ($('input[name="' + $this.attr("name") + '"]:checked').length > 0 ? value : "");
 		}
 		return value;
 	};
  function regexFromString(inputstring) {
 		return new RegExp("^" + inputstring + "$");
 	}
  /**
   * Thanks to Jason Bunting via StackOverflow.com
   *
   * http://stackoverflow.com/questions/359788/how-to-execute-a-javascript-function-when-i-have-its-name-as-a-string#answer-359910
   * Short link: http://tinyurl.com/executeFunctionByName
  **/
  function executeFunctionByName(functionName, context /*, args*/) {
    var args = Array.prototype.slice.call(arguments).splice(2);
    var namespaces = functionName.split(".");
    var func = namespaces.pop();
    for(var i = 0; i < namespaces.length; i++) {
      context = context[namespaces[i]];
    }
    return context[func].apply(this, args);
  }
 	$.fn.jqBootstrapValidation = function( method ) {
 		if ( defaults.methods[method] ) {
 			return defaults.methods[method].apply( this, Array.prototype.slice.call( arguments, 1 ));
 		} else if ( typeof method === 'object' || ! method ) {
 			return defaults.methods.init.apply( this, arguments );
 		} else {
 		$.error( 'Method ' +  method + ' does not exist on jQuery.jqBootstrapValidation' );
 			return null;
 		}
 	};
  $.jqBootstrapValidation = function (options) {
    $(":input").not("[type=image],[type=submit]").jqBootstrapValidation.apply(this,arguments);
  };
 })( jQuery );
--- a/docs/mail/contact_me.php
+++ b/docs/mail/contact_me.php
@ -1,22 +0,0 @@
 <?php
 // Check for empty fields
 if(empty($_POST['name']) || empty($_POST['email']) || empty($_POST['phone']) || empty($_POST['message']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
  http_response_code(500);
  exit();
 }
 $name = strip_tags(htmlspecialchars($_POST['name']));
 $email = strip_tags(htmlspecialchars($_POST['email']));
 $phone = strip_tags(htmlspecialchars($_POST['phone']));
 $message = strip_tags(htmlspecialchars($_POST['message']));
 // Create the email and send the message
 $to = "yourname@yourdomain.com"; // Add your email address inbetween the "" replacing yourname@yourdomain.com - This is where the form will send a message to.
 $subject = "Website Contact Form:  $name";
 $body = "You have received a new message from your website contact form.\n\n"."Here are the details:\n\nName: $name\n\nEmail: $email\n\nPhone: $phone\n\nMessage:\n$message";
 $header = "From: noreply@yourdomain.com\n"; // This is the email address the generated message will be from. We recommend using something like noreply@yourdomain.com.
 $header .= "Reply-To: $email";	
 if(!mail($to, $subject, $body, $header))
  http_response_code(500);
 ?>
--- a/goat-with-reverseproxy.yaml
+++ b/goat-with-reverseproxy.yaml
@ -0,0 +1,43 @@
 version: '3'
 networks:
  webwolflocal:
 services:
  webgoat:
    hostname: www.webgoat.local
    image: webgoat/webgoat-8.0
    environment:
      - WEBGOAT_PORT=8080
      - WEBGOAT_SSLENABLED=false
      - WEBWOLF_HOST=webwolf
      - WEBWOLF_PORT=9090
      - TZ=Europe/Amsterdam
    volumes:
      - .:/home/webgoat/.webgoat
    working_dir: /home/webgoat
    command: --server.address=0.0.0.0
    networks:
      webwolflocal:
        aliases:
          - goat.webgoat.local
  webwolf:
    image: webgoat/webwolf
    environment:
      - WEBWOLF_HOST=webwolf
      - WEBWOLF_PORT=9090
      - TZ=Europe/Amsterdam
    command: --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat --server.address=0.0.0.0
    networks:
      webwolflocal:
        aliases:
          - wolf.webwolf.local
    depends_on:
            - webgoat
  reverseproxy:
    hostname: www.webwolf.local
    image: webgoat/reverseproxy
    networks:
      webwolflocal:
        aliases:
          - www.webwolf.local
    ports:
      - 80:80
--- a/pmd-ruleset.xml
+++ b/pmd-ruleset.xml
--- a/pom.xml
+++ b/pom.xml
@ -6,7 +6,7 @@
    <groupId>org.owasp.webgoat</groupId>
    <artifactId>webgoat-parent</artifactId>
    <packaging>pom</packaging>
-    <version>v8.0.0.M26</version>
+    <version>${revision}</version>
    <name>WebGoat Parent Pom</name>
    <description>Parent Pom for the WebGoat Project. A deliberately insecure Web Application</description>
@ -15,13 +15,13 @@
    <organization>
        <name>OWASP</name>
-        <url>https://webgoat.github.io/</url>
+        <url>https://github.com/WebGoat/WebGoat/</url>
    </organization>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.2.0.RELEASE</version>
+        <version>2.4.0</version>
    </parent>
    <licenses>
@ -127,15 +127,14 @@
        <commons-lang3.version>3.4</commons-lang3.version>
        <commons-io.version>2.6</commons-io.version>
        <guava.version>18.0</guava.version>
        <hsqldb.version>2.3.4</hsqldb.version>
        <junit.version>4.12</junit.version>
        <lombok.version>1.18.4</lombok.version>
        <maven-compiler-plugin.version>3.8.0</maven-compiler-plugin.version>
        <maven-failsafe-plugin.version>2.22.0</maven-failsafe-plugin.version>
        <maven-jar-plugin.version>3.1.2</maven-jar-plugin.version>
        <maven-javadoc-plugin.version>3.1.1</maven-javadoc-plugin.version>
        <maven-source-plugin.version>3.1.0</maven-source-plugin.version>
-        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
+        <maven-surefire-plugin.version>3.0.0-M4</maven-surefire-plugin.version>
        <revision>v8.2.0-SNAPSHOT</revision>
    </properties>
    <modules>
@ -144,14 +143,18 @@
        <module>webgoat-server</module>
        <module>webwolf</module>
        <module>webgoat-integration-tests</module>
 		<module>docker</module><!-- copy required jars in preparation of docker all-in-one build -->
    </modules>
    <dependencies>
 	    <dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>
 		</dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <scope>provided</scope>
            <version>${lombok.version}</version>
            <optional>true</optional>
        </dependency>
        <dependency>
@ -162,22 +165,66 @@
        <dependency>
            <groupId>javax.xml.bind</groupId>
            <artifactId>jaxb-api</artifactId>
            <version>2.3.0</version>
        </dependency>
    </dependencies>
-    <build>
+<build>
 	<plugins>
 	<plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>flatten-maven-plugin</artifactId>
        <version>1.2.5</version>
        <configuration>
        </configuration>
        <executions>
          <execution>
            <id>flatten</id>
            <phase>process-resources</phase>
            <goals>
              <goal>flatten</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
 		<plugin>
 			<groupId>org.apache.maven.plugins</groupId>
 			<artifactId>maven-compiler-plugin</artifactId>
 			<configuration>
 				<source>11</source>
 				<target>11</target>
 				<encoding>UTF-8</encoding>
 			</configuration>
 		</plugin>
 		<plugin>
 			<groupId>org.apache.maven.plugins</groupId>
 			<artifactId>maven-checkstyle-plugin</artifactId>
 			<version>3.1.0</version>
 			<configuration>
 				<encoding>UTF-8</encoding>
 				<consoleOutput>true</consoleOutput>
 				<failsOnError>true</failsOnError>
 				<configLocation>config/checkstyle/checkstyle.xml</configLocation>
 				<suppressionsLocation>config/checkstyle/suppressions.xml</suppressionsLocation>
 				<suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
 			</configuration>
 		</plugin>
 	</plugins>
 </build>
 <profiles>
 	<profile>
 		<id>defaultProfile</id>
 		<activation>
 			<activeByDefault>true</activeByDefault>
 		</activation>		
 	</profile>
 	<profile>
 		<id>owasp</id>
 		<activation>
 			<activeByDefault>false</activeByDefault>
 		</activation>
 		    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>${maven-compiler-plugin.version}</version>
                <configuration>
                    <source>11</source>
                    <target>11</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-checkstyle-plugin</artifactId>
@ -191,8 +238,52 @@
                    <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
                </configuration>
            </plugin>
            <plugin>
      				<groupId>org.apache.maven.plugins</groupId>
      				<artifactId>maven-pmd-plugin</artifactId>
      				<version>3.13.0</version>
      				<configuration>
      					<targetJdk>11</targetJdk>
      					<failurePriority>1</failurePriority><!-- 5 means fail even on the lowest
      						priority, 0 means never fail -->
      					<rulesets>
      						<ruleset>${maven.multiModuleProjectDirectory}/pmd-ruleset.xml</ruleset>
      					</rulesets>
      					<failOnViolation>true</failOnViolation>
      					<printFailingErrors>true</printFailingErrors>
      				</configuration>
      				<executions>
      					<execution>
      						<goals>
      							<goal>check</goal>
      						</goals>
      					</execution>
      				</executions>
      			</plugin>
      			<plugin>
      				<groupId>org.owasp</groupId>
      				<artifactId>dependency-check-maven</artifactId>
      				<version>5.3.2</version>
      				<configuration>
      					<failBuildOnCVSS>7</failBuildOnCVSS>
      					<skipProvidedScope>true</skipProvidedScope>
                          <skipRuntimeScope>true</skipRuntimeScope>
      					<suppressionFiles>
                              <suppressionFile>project-suppression.xml</suppressionFile>
                          </suppressionFiles>
      				</configuration>
      				<executions>
      					<execution>
      						<goals>
      							<goal>check</goal>
      						</goals>
      					</execution>
      				</executions>
      			</plugin>
        </plugins>
    </build>
 	</profile>
 </profiles>
    <repositories>
        <repository>
--- a/project-suppression.xml
+++ b/project-suppression.xml
@ -0,0 +1,40 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress base="true">
        <notes><![CDATA[
        This suppresses false positives identified on spring framework.
        ]]></notes>
        <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
        <cve>CVE-2020-5398</cve>
    </suppress>
    <suppress base="true">
        <notes><![CDATA[
        This suppresses false positives identified on spring framework.
        ]]></notes>
        <cpe>cpe:/a:redhat:undertow</cpe>
        <cve>CVE-2019-14888</cve>
    </suppress>
    <suppress base="true">
        <notes><![CDATA[
        This suppresses false positives identified on spring framework.
        ]]></notes>
        <cpe>cpe:/a:pivotal_software:spring_security</cpe>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress base="true">
        <cpe>cpe:/a:jruby:jruby</cpe>
        <cve>CVE-2018-1000613</cve>
        <cve>CVE-2018-1000180</cve>
        <cve>CVE-2017-18640</cve>
        <cve>CVE-2011-4838</cve>
    </suppress>
    <suppress base="true"><!-- vulnerable components lesson -->
        <cpe>cpe:/a:xstream_project:xstream</cpe>
        <cve>CVE-2017-7957</cve>
        <cve>CVE-2016-3674</cve>
    </suppress>
    <suppress base="true"><!-- webgoat-server -->
        <cpe>cpe:/a:postgresql:postgresql</cpe>
        <cve>CVE-2018-10936</cve>
    </suppress>
 </suppressions>
--- a/scripts/deploy-webgoat.sh
+++ b/scripts/deploy-webgoat.sh
@ -1,36 +1,16 @@
 #!/usr/bin/env bash
 docker login -u $DOCKER_USER -p $DOCKER_PASS
 export REPO=webgoat/webgoat-8.0
-cd webgoat-server
+export REPO=webgoat/goatandwolf
 cd ..
 cd docker
 ls target/
 if [ ! -z "${TRAVIS_TAG}" ]; then
  # If we push a tag to master this will update the LATEST Docker image and tag with the version number
  docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:latest -t $REPO:${TRAVIS_TAG} .
  docker push $REPO
 #elif [ ! -z "${TRAVIS_TAG}" ]; then
 #  # Creating a tag build we push it to Docker with that tag
 #  docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} -t $REPO:latest .
 #  docker push $REPO
 #elif [ "${BRANCH}" == "develop" ]; then
 #  docker build -f Dockerfile -t $REPO:snapshot .
 #  docker push $REPO
 else
  echo "Skipping releasing to DockerHub because it is a build of branch ${BRANCH}"
 fi
 export REPO=webgoat/webwolf
 cd ..
 cd webwolf
 ls target/
 if [ ! -z "${TRAVIS_TAG}" ]; then
  # If we push a tag to master this will update the LATEST Docker image and tag with the version number
  docker build --build-arg webwolf_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:latest -t $REPO:${TRAVIS_TAG} .
  docker push $REPO
 else
  echo "Skipping releasing to DockerHub because it is a build of branch ${BRANCH}"
 fi
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <groupId>org.owasp.webgoat</groupId>
    <name>webgoat-container</name>
    <modelVersion>4.0.0</modelVersion>
    <artifactId>webgoat-container</artifactId>
@ -10,41 +9,14 @@
    <parent>
        <groupId>org.owasp.webgoat</groupId>
        <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0.M26</version>
+        <version>${revision}</version>
    </parent>
    <build>
        <resources>
            <resource>
                <directory>src/main/java</directory>
            </resource>
            <resource>
                <directory>src/main/resources</directory>
                <filtering>true</filtering>
                <includes>
                    <include>**/application.properties</include>
                </includes>
            </resource>
            <resource>
                <directory>src/main/resources</directory>
            </resource>
        </resources>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <version>2.6</version>
                <configuration>
                    <delimiters>
                        <delimiter>@</delimiter>
                    </delimiters>
                    <useDefaultDelimiters>false</useDefaultDelimiters>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
                <version>${maven-surefire-plugin.version}</version>
                <configuration>
                    <forkCount>0</forkCount>
                    <reuseForks>true</reuseForks>
@ -56,7 +28,6 @@
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-jar-plugin</artifactId>
                <version>3.0.2</version>
                <executions>
                    <execution>
                        <goals>
@ -114,7 +85,6 @@
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>${commons-lang3.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -131,7 +101,6 @@
        <dependency>
            <groupId>org.hsqldb</groupId>
            <artifactId>hsqldb</artifactId>
            <version>${hsqldb.version}</version>
        </dependency>
        <!-- ************* END spring MVC and related dependencies ************** -->
@ -144,13 +113,12 @@
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
-            <version>4.1.3.RELEASE</version>
+            <!-- <version>4.1.3.RELEASE</version>-->
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>${junit.version}</version>
            <type>jar</type>
            <scope>test</scope>
        </dependency>
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@ -4,7 +4,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
@ -115,6 +115,7 @@ public class AsciiDoctorTemplateResolver extends FileTemplateResolver {
        Map<String, Object> attributes = new HashMap<>();
        attributes.put("source-highlighter", "coderay");
        attributes.put("backend", "xhtml");
        attributes.put("icons", org.asciidoctor.Attributes.FONT_ICONS);
        Map<String, Object> options = new HashMap<>();
        options.put("attributes", attributes);
--- a/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
@ -1,27 +0,0 @@
 package org.owasp.webgoat;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.util.FileSystemUtils;
 import javax.annotation.PostConstruct;
 import java.io.File;
 /**
 * @author nbaars
 * @since 4/15/17.
 */
@Slf4j
@Configuration
@ConditionalOnExpression("'${webgoat.clean}' == 'true'")
 public class CleanupLocalProgressFiles {
    @Value("${webgoat.server.directory}")
    private String webgoatHome;
    @PostConstruct
    public void clean() {
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
@ -18,7 +18,7 @@ import javax.servlet.http.HttpServletResponse;
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
--- a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
@ -3,7 +3,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
@ -3,7 +3,6 @@ package org.owasp.webgoat.asciidoc;
 import org.asciidoctor.ast.AbstractBlock;
 import org.asciidoctor.extension.InlineMacroProcessor;
 import org.springframework.core.env.Environment;
 import org.springframework.util.StringUtils;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@ -38,14 +37,23 @@ public class WebWolfMacro extends InlineMacroProcessor {
    }
    /**
-     * Look at the remote address from received from the browser first. This way it will also work if you run
+     * Determine the host from the hostname and ports that were used. 
-     * the browser in a Docker container and WebGoat on your local machine.
+     * The purpose is to make it possible to use the application behind a reverse proxy. For instance in the docker
     * compose/stack version with webgoat webwolf and nginx proxy. 
     * You do not have to use the indicated hostname, but if you do, you should define two hosts aliases
     * 127.0.0.1 www.webgoat.local www.webwolf.locaal
     */
    private String determineHost(String host, String port) {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
-        String ip = request.getRemoteAddr();
+        host = request.getHeader("Host");
-        String hostname = StringUtils.hasText(ip) ? ip : host;
+        int semicolonIndex = host.indexOf(":");
-        return "http://" + hostname + ":" + port + (includeWebWolfContext() ? "/WebWolf" : "");
+        if (semicolonIndex==-1 || host.endsWith(":80")) {
        	host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local");
        } else {
        	host = host.substring(0, semicolonIndex);
        	host = host.concat(":").concat(port);
        }
        return "http://" + host + (includeWebWolfContext() ? "/WebWolf" : "");
    }
    protected boolean includeWebWolfContext() {
--- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
@ -29,14 +29,11 @@ import lombok.Getter;
 import org.owasp.webgoat.i18n.PluginMessages;
 import org.owasp.webgoat.session.UserSessionData;
 import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.users.UserTracker;
 import org.owasp.webgoat.users.UserTrackerRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 public abstract class AssignmentEndpoint {
    @Autowired
    private UserTrackerRepository userTrackerRepository;
    @Autowired
    private WebSession webSession;
    @Autowired
@ -45,20 +42,6 @@ public abstract class AssignmentEndpoint {
    @Autowired
    private PluginMessages messages;
    protected AttackResult trackProgress(AttackResult attackResult) {
        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        if (userTracker == null) {
            userTracker = new UserTracker(webSession.getUserName());
        }
        if (attackResult.assignmentSolved()) {
            userTracker.assignmentSolved(webSession.getCurrentLesson(), this.getClass().getSimpleName());
        } else {
            userTracker.assignmentFailed(webSession.getCurrentLesson());
        }
        userTrackerRepository.save(userTracker);
        return attackResult;
    }
    protected WebSession getWebSession() {
        return webSession;
    }
@ -76,9 +59,10 @@ public abstract class AssignmentEndpoint {
     * Of course you can overwrite these values in a specific lesson
     *
     * @return a builder for creating a result from a lesson
     * @param assignment
     */
-    protected AttackResult.AttackResultBuilder success() {
+    protected AttackResult.AttackResultBuilder success(AssignmentEndpoint assignment) {
-        return AttackResult.builder(messages).lessonCompleted(true).feedback("assignment.solved");
+        return AttackResult.builder(messages).lessonCompleted(true).attemptWasMade().feedback("assignment.solved").assignment(assignment);
    }
    /**
@ -90,12 +74,13 @@ public abstract class AssignmentEndpoint {
     * Of course you can overwrite these values in a specific lesson
     *
     * @return a builder for creating a result from a lesson
     * @param assignment
     */
-    protected AttackResult.AttackResultBuilder failed() {
+    protected AttackResult.AttackResultBuilder failed(AssignmentEndpoint assignment) {
-        return AttackResult.builder(messages).lessonCompleted(false).feedback("assignment.not.solved");
+        return AttackResult.builder(messages).lessonCompleted(false).attemptWasMade().feedback("assignment.not.solved").assignment(assignment);
    }
-    protected AttackResult.AttackResultBuilder informationMessage() {
+    protected AttackResult.AttackResultBuilder informationMessage(AssignmentEndpoint assignment) {
-        return AttackResult.builder(messages).lessonCompleted(false);
+        return AttackResult.builder(messages).lessonCompleted(false).assignment(assignment);
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java
@ -31,6 +31,7 @@ import org.owasp.webgoat.i18n.PluginMessages;
 public class AttackResult {
    public static class AttackResultBuilder {
        private boolean lessonCompleted;
@ -39,6 +40,8 @@ public class AttackResult {
        private String feedbackResourceBundleKey;
        private String output;
        private Object[] outputArgs;
        private AssignmentEndpoint assignment;
        private boolean attemptWasMade = false;
        public AttackResultBuilder(PluginMessages messages) {
            this.messages = messages;
@ -76,8 +79,18 @@ public class AttackResult {
            return this;
        }
        public AttackResultBuilder attemptWasMade() {
            this.attemptWasMade = true;
            return this;
        }
        public AttackResult build() {
-            return new AttackResult(lessonCompleted, messages.getMessage(feedbackResourceBundleKey, feedbackArgs), messages.getMessage(output, output, outputArgs));
+            return new AttackResult(lessonCompleted, messages.getMessage(feedbackResourceBundleKey, feedbackArgs), messages.getMessage(output, output, outputArgs), assignment.getClass().getSimpleName(), attemptWasMade);
        }
        public AttackResultBuilder assignment(AssignmentEndpoint assignment) {
            this.assignment = assignment;
            return this;
        }
    }
@ -87,11 +100,17 @@ public class AttackResult {
    private String feedback;
    @Getter
    private String output;
    @Getter
    private final String assignment;
    @Getter
    private boolean attemptWasMade;
-    public AttackResult(boolean lessonCompleted, String feedback, String output) {
+    public AttackResult(boolean lessonCompleted, String feedback, String output, String assignment, boolean attemptWasMade) {
        this.lessonCompleted = lessonCompleted;
        this.feedback = StringEscapeUtils.escapeJson(feedback);
        this.output = StringEscapeUtils.escapeJson(output);
        this.assignment = assignment;
        this.attemptWasMade = attemptWasMade;
    }
    public static AttackResultBuilder builder(PluginMessages messages) {
--- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/LessonTrackerInterceptor.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/LessonTrackerInterceptor.java
@ -0,0 +1,74 @@
 /*
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
 *
 * Copyright (c) 2002 - 2019 Bruce Mayhew
 *
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with this program; if
 * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 *
 * Getting Source ==============
 *
 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
 */
 package org.owasp.webgoat.assignments;
 import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.users.UserTracker;
 import org.owasp.webgoat.users.UserTrackerRepository;
 import org.springframework.core.MethodParameter;
 import org.springframework.http.MediaType;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
@RestControllerAdvice
 public class LessonTrackerInterceptor implements ResponseBodyAdvice<Object> {
    private UserTrackerRepository userTrackerRepository;
    private WebSession webSession;
    public LessonTrackerInterceptor(UserTrackerRepository userTrackerRepository, WebSession webSession) {
        this.userTrackerRepository = userTrackerRepository;
        this.webSession = webSession;
    }
    @Override
    public boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> clazz) {
        return true;
    }
    @Override
    public Object beforeBodyWrite(Object o, MethodParameter methodParameter, MediaType mediaType, Class<? extends HttpMessageConverter<?>> aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
        if (o != null && o instanceof AttackResult) {
            trackProgress((AttackResult) o);
        }
        return o;
    }
    protected AttackResult trackProgress(AttackResult attackResult) {
        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        if (userTracker == null) {
            userTracker = new UserTracker(webSession.getUserName());
        }
        if (attackResult.assignmentSolved()) {
            userTracker.assignmentSolved(webSession.getCurrentLesson(), attackResult.getAssignment());
        } else {
            userTracker.assignmentFailed(webSession.getCurrentLesson());
        }
        userTrackerRepository.saveAndFlush(userTracker);
        return attackResult;
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 *
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
@ -11,7 +11,7 @@ import java.util.List;
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Category.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Category.java
@ -9,7 +9,7 @@ import lombok.Getter;
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/CourseConfiguration.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/CourseConfiguration.java
@ -20,15 +20,13 @@
 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
 */
-package org.owasp.webgoat.plugins;
+package org.owasp.webgoat.lessons;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.ArrayUtils;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
 import org.owasp.webgoat.assignments.AttackResult;
 import org.owasp.webgoat.lessons.Lesson;
 import org.owasp.webgoat.lessons.Assignment;
 import org.owasp.webgoat.session.Course;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -39,6 +37,7 @@ import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import java.lang.reflect.Method;
 import java.lang.reflect.ParameterizedType;
 import java.util.*;
 import static java.util.stream.Collectors.groupingBy;
@ -75,16 +74,26 @@ public class CourseConfiguration {
    private String getPath(Class<? extends AssignmentEndpoint> e) {
        for (Method m : e.getMethods()) {
-            if (m.getReturnType() == AttackResult.class) {
+            if (methodReturnTypeIsOfTypeAttackResult(m)) {
                var mapping = getMapping(m);
-                if (mapping == null) {
+                if (mapping != null) {
                    log.error("AttackResult method found without mapping in: {}", e.getSimpleName());
                } else {
                    return mapping;
                }
            }
        }
-        return "none";
+        throw new IllegalStateException("Assignment endpoint: " + e + " has no mapping like @GetMapping/@PostMapping etc," +
                "with return type 'AttackResult' or 'ResponseEntity<AttackResult>' please consider adding one");
    }
    private boolean methodReturnTypeIsOfTypeAttackResult(Method m) {
        if (m.getReturnType() == AttackResult.class) {
            return true;
        }
        var genericType = m.getGenericReturnType();
        if (genericType instanceof ParameterizedType) {
            return ((ParameterizedType) m.getGenericReturnType()).getActualTypeArguments()[0] == AttackResult.class;
        }
        return false;
    }
    private String getMapping(Method m) {
@ -100,9 +109,9 @@ public class CourseConfiguration {
            paths = ArrayUtils.addAll(m.getAnnotation(PutMapping.class).value(), m.getAnnotation(PutMapping.class).path());
        }
        if (paths == null) {
-            return "";
+            return null;
        } else {
-            return Arrays.stream(paths).filter(path -> !"".equals(path)).findFirst().orElseGet(() -> "");
+            return Arrays.stream(paths).filter(path -> !"".equals(path)).findFirst().orElse("");
        }
    }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java
@ -4,7 +4,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * 
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * 
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java
@ -119,5 +119,7 @@ public abstract class Lesson {
        return getTitle();
    }
-    public abstract String getId();
+    public final String getId() {
        return this.getClass().getSimpleName();
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItem.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItem.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItemType.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItemType.java
@ -4,7 +4,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * 
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * 
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RequestParameter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/RequestParameter.java
@ -1,78 +0,0 @@
 /**
 * *************************************************************************************************
 *
 *
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 *
 * Copyright (c) 2002 - 20014 Bruce Mayhew
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * Getting Source ==============
 *
 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
 * for free software projects.
 *
 */
 package org.owasp.webgoat.lessons;
 /**
 * <p>RequestParameter class.</p>
 *
 * @author rlawson
 * @version $Id: $Id
 */
 public class RequestParameter implements Comparable<RequestParameter> {
    private final String name;
    private final String value;
    /**
     * <p>Constructor for RequestParameter.</p>
     *
     * @param name a {@link java.lang.String} object.
     * @param value a {@link java.lang.String} object.
     */
    public RequestParameter(String name, String value) {
        this.name = name;
        this.value = value;
    }
    /**
     * <p>Getter for the field <code>name</code>.</p>
     *
     * @return the name
     */
    public String getName() {
        return name;
    }
    /**
     * <p>Getter for the field <code>value</code>.</p>
     *
     * @return the values
     */
    public String getValue() {
        return value;
    }
    @Override
    public int compareTo(RequestParameter o) {
        return this.name.compareTo(o.getName());
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginLoadingFailure.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginLoadingFailure.java
@ -1,29 +0,0 @@
 package org.owasp.webgoat.plugins;
 /**
 * <p>PluginLoadingFailure class.</p>
 *
 * @version $Id: $Id
 * @author dm
 */
 public class PluginLoadingFailure extends RuntimeException {
    /**
     * <p>Constructor for PluginLoadingFailure.</p>
     *
     * @param message a {@link java.lang.String} object.
     */
    public PluginLoadingFailure(String message) {
        super(message);
    }
    /**
     * <p>Constructor for PluginLoadingFailure.</p>
     *
     * @param message a {@link java.lang.String} object.
     * @param e a {@link java.lang.Exception} object.
     */
    public PluginLoadingFailure(String message, Exception e) {
        super(message, e);
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
@ -40,6 +40,7 @@ import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.users.LessonTracker;
 import org.owasp.webgoat.users.UserTracker;
 import org.owasp.webgoat.users.UserTrackerRepository;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
@ -65,6 +66,12 @@ public class LessonMenuService {
    private final WebSession webSession;
    private UserTrackerRepository userTrackerRepository;
    @Value("#{'${exclude.categories}'.split(',')}")
    private List<String> excludeCategories;
    @Value("#{'${exclude.lessons}'.split(',')}")
    private List<String> excludeLessons;
    /**
     * Returns the lesson menu which is used to build the left nav
     *
@ -79,6 +86,9 @@ public class LessonMenuService {
        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        for (Category category : categories) {
        	if (excludeCategories.contains(category.name())) { 
        		continue;
        	}
            LessonMenuItem categoryItem = new LessonMenuItem();
            categoryItem.setName(category.getName());
            categoryItem.setType(LessonMenuItemType.CATEGORY);
@ -86,6 +96,9 @@ public class LessonMenuService {
            List<Lesson> lessons = course.getLessons(category);
            lessons = lessons.stream().sorted(Comparator.comparing(l -> l.getTitle())).collect(Collectors.toList());
            for (Lesson lesson : lessons) {
            	if (excludeLessons.contains(lesson.getName())) {
            		continue;
            	}
                LessonMenuItem lessonItem = new LessonMenuItem();
                lessonItem.setName(lesson.getTitle());
                lessonItem.setLink(lesson.getLink());
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonPlanService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonPlanService.java
@ -1,74 +0,0 @@
 /**
 * *************************************************************************************************
 *
 *
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 *
 * Copyright (c) 2002 - 20014 Bruce Mayhew
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * Getting Source ==============
 *
 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
 * for free software projects.
 *
 */
 package org.owasp.webgoat.service;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 /**
 * <p>LessonPlanService class.</p>
 *
 * @author rlawson
 * @version $Id: $Id
 */
@Controller
 //TODO remove
 public class LessonPlanService {
    private final WebSession webSession;
    public LessonPlanService(WebSession webSession) {
        this.webSession = webSession;
    }
    /**
     * Returns source for current attack
     *
     * @return a {@link java.lang.String} object.
     */
    @RequestMapping(path = "/service/lessonplan.mvc", produces = "application/html")
    public @ResponseBody
    String showPlan() {
        String plan = getPlan();
        return plan;
    }
    /**
     * Description of the Method
     *
     * @return Description of the Return Value
     */
    protected String getPlan() {
        return "Plan is not available for this lesson.";
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
@ -28,32 +28,8 @@ import java.util.Map;
@AllArgsConstructor
 public class LessonProgressService {
-    private UserTrackerRepository userTrackerRepository;
+    private final UserTrackerRepository userTrackerRepository;
-    private WebSession webSession;
+    private final WebSession webSession;
    /**
     * <p>LessonProgressService.</p>
     *
     * @return a {@link LessonInfoModel} object.
     */
    @RequestMapping(value = "/service/lessonprogress.mvc", produces = "application/json")
    @ResponseBody
    public Map getLessonInfo() {
        Map json = new HashMap();
        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        if (webSession.getCurrentLesson() != null) {
            LessonTracker lessonTracker = userTracker.getLessonTracker(webSession.getCurrentLesson());
            String successMessage = "";
            boolean lessonCompleted = false;
            if (lessonTracker != null) {
                lessonCompleted = isLessonComplete(lessonTracker.getLessonOverview(), webSession.getCurrentLesson());
                successMessage = "LessonCompleted"; //@todo we still use this??
            }
            json.put("lessonCompleted", lessonCompleted);
            json.put("successMessage", successMessage);
        }
        return json;
    }
    /**
     * Endpoint for fetching the complete lesson overview which informs the user about whether all the assignments are solved.
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
@ -1,67 +0,0 @@
 /**
 * *************************************************************************************************
 * <p>
 * <p>
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
 * Copyright (c) 2002 - 20014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 * <p>
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * <p>
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place - Suite 330, Boston, MA 02111-1307, USA.
 * <p>
 * Getting Source ==============
 * <p>
 * Source for this application is maintained at
 * https://github.com/WebGoat/WebGoat, a repository for free software projects.
 */
 package org.owasp.webgoat.service;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 import javax.servlet.http.HttpSession;
 import java.util.HashMap;
 import java.util.Map;
 /**
 * <p>PluginReloadService class.</p>
 *
 * @author nbaars
 * @version $Id: $Id
 */
 //TODO REMOVE?
@Controller
 public class PluginReloadService {
    /**
     * Reload all the plugins
     *
     * @param session a {@link javax.servlet.http.HttpSession} object.
     * @return a {@link org.springframework.http.ResponseEntity} object.
     */
    @RequestMapping(path = "/service/reloadplugins.mvc", produces = MediaType.APPLICATION_JSON_VALUE)
    public @ResponseBody
    ResponseEntity<Map<String, Object>> reloadPlugins(HttpSession session) {
        Map<String, Object> result = new HashMap<String, Object>();
        result.put("success", true);
        result.put("message", "Plugins reloaded");
        return new ResponseEntity<>(result, HttpStatus.OK);
    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java
@ -5,7 +5,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
@ -67,7 +67,7 @@ public class ReportCardService {
    @GetMapping(path = "/service/reportcard.mvc", produces = "application/json")
    @ResponseBody
    public ReportCard reportCard() {
-        ReportCard reportCard = new ReportCard();
+        final ReportCard reportCard = new ReportCard();
        reportCard.setTotalNumberOfLessons(course.getTotalOfLessons());
        reportCard.setTotalNumberOfAssignments(course.getTotalOfAssignments());
@ -76,7 +76,7 @@ public class ReportCardService {
        reportCard.setNumberOfLessonsSolved(userTracker.numberOfLessonsSolved());
        for (Lesson lesson : course.getLessons()) {
            LessonTracker lessonTracker = userTracker.getLessonTracker(lesson);
-            LessonStatistics lessonStatistics = new LessonStatistics();
+            final LessonStatistics lessonStatistics = new LessonStatistics();
            lessonStatistics.setName(pluginMessages.getMessage(lesson.getTitle()));
            lessonStatistics.setNumberOfAttempts(lessonTracker.getNumberOfAttempts());
            lessonStatistics.setSolved(lessonTracker.isLessonSolved());
@ -87,7 +87,7 @@ public class ReportCardService {
    @Getter
    @Setter
-    private class ReportCard {
+    private final class ReportCard {
        private int totalNumberOfLessons;
        private int totalNumberOfAssignments;
@ -99,7 +99,7 @@ public class ReportCardService {
    @Setter
    @Getter
-    private class LessonStatistics {
+    private final class LessonStatistics {
        private String name;
        private boolean solved;
        private int numberOfAttempts;
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java
@ -2,7 +2,7 @@
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
@ -15,7 +15,7 @@ import static java.util.stream.Collectors.toList;
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
@ -15,7 +15,7 @@ import java.sql.SQLException;
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see
 * http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
 * License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
@ -17,7 +17,7 @@ import java.util.stream.Collectors;
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java
@ -8,6 +8,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
 import java.util.stream.Collectors;
@ -38,9 +39,22 @@ public class Scoreboard {
        List<WebGoatUser> allUsers = userRepository.findAll();
        List<Ranking> rankings = new ArrayList<>();
        for (WebGoatUser user : allUsers) {
        	if (user.getUsername().startsWith("csrf-")) {
        		//the csrf- assignment specific users do not need to be in the overview
        		continue;
        	}
            UserTracker userTracker = userTrackerRepository.findByUser(user.getUsername());
            rankings.add(new Ranking(user.getUsername(), challengesSolved(userTracker)));
        }
        /* sort on number of captured flags to present an ordered ranking */
        rankings.sort(new Comparator<Ranking>() {
 			@Override
 			public int compare(Ranking o1, Ranking o2) {
 				return o2.getFlagsCaptured().size() - o1.getFlagsCaptured().size();
 			}
 		});
        return rankings;
    }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
@ -20,7 +20,7 @@ import java.util.stream.Collectors;
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2014 Bruce Mayhew
 * <p>
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
--- a/webgoat-container/src/main/resources/application-webgoat.properties
+++ b/webgoat-container/src/main/resources/application-webgoat.properties
@ -29,11 +29,9 @@ logging.level.org.owasp=DEBUG
 logging.level.org.owasp.webgoat=DEBUG
 webgoat.start.hsqldb=true
 webgoat.clean=false
 webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/
 webgoat.user.directory=${user.home}/.webgoat-${webgoat.build.version}/
 webgoat.build.version=@project.version@
 webgoat.build.number=@build.number@
 webgoat.email=webgoat@owasp.org
 webgoat.emaillist=owasp-webgoat@lists.owasp.org
 webgoat.feedback.address=webgoat@owasp.org
@ -52,3 +50,9 @@ spring.jackson.serialization.write-dates-as-timestamps=false
 #For static file refresh ... and faster dev :D
 spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css
 exclude.categories=${EXCLUDE_CATEGORIES:none,none}
 #exclude based on the enum of the Category
 exclude.lessons=${EXCLUDE_LESSONS:none,none}
 #exclude based on the class name of a lesson e.g.: LessonTemplate
--- a/webgoat-container/src/main/resources/db/container/V1__init.sql
+++ b/webgoat-container/src/main/resources/db/container/V1__init.sql
@ -1,6 +1,8 @@
-CREATE SCHEMA CONTAINER;
+-- This statement is here the schema is always created even if we use Flyway directly like in test-cases
 -- For the normal WebGoat server there is a bean which already provided the schema (and creates it see DatabaseInitialization)
 CREATE SCHEMA IF NOT EXISTS CONTAINER;
-CREATE SEQUENCE CONTAINER.HIBERNATE_SEQUENCE AS INTEGER START WITH 1;
+CREATE SEQUENCE CONTAINER.HIBERNATE_SEQUENCE;
 CREATE TABLE CONTAINER.ASSIGNMENT (
  ID BIGINT NOT NULL PRIMARY KEY,
--- a/webgoat-container/src/main/resources/static/css/asciidoctor-default.css
+++ b/webgoat-container/src/main/resources/static/css/asciidoctor-default.css
--- a/webgoat-container/src/main/resources/static/css/img/solution.svg
+++ b/webgoat-container/src/main/resources/static/css/img/solution.svg
@ -0,0 +1 @@
 <?xml version="1.0" ?><!DOCTYPE svg  PUBLIC '-//W3C//DTD SVG 1.1//EN'  'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'><svg enable-background="new 0 0 100 100" height="75px" id="Calque_2" version="1.1" viewBox="0 0 100 100" width="75px" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g><path d="M16.64,33.53c0.63,0,1.25,0.16,1.81,0.46c0.88,0.49,1.52,1.28,1.8,2.25c0.28,0.97,0.18,1.98-0.31,2.86l-1.23,2.26   l6.43,3.52l3.52-6.43l-2.26-1.23c-1.82-1-2.49-3.29-1.5-5.11c0.67-1.21,1.93-1.96,3.31-1.96c0.63,0,1.25,0.16,1.81,0.46l2.25,1.24   l3.52-6.43l-7.67-4.2l1.92-3.49c0.62-1.14,0.2-2.57-0.94-3.2c-0.34-0.19-0.73-0.29-1.12-0.29c-0.87,0-1.66,0.47-2.07,1.23L24,18.96   l-7.67-4.2l-4.2,7.67l-3.49-1.91c-0.35-0.19-0.74-0.29-1.13-0.29c-0.86,0-1.65,0.47-2.07,1.22c-0.62,1.14-0.2,2.57,0.94,3.2   l3.49,1.91l-4.2,7.67l6.43,3.52l1.24-2.26C14,34.28,15.27,33.53,16.64,33.53z"/><path d="M34.97,68.32c0-2.07,1.69-3.761,3.77-3.761h2.57V57.23h-8.74v-3.98c0-1.3-1.06-2.36-2.36-2.36   c-1.29,0-2.35,1.061-2.35,2.36v3.98h-8.74v8.739h-3.99c-1.29,0-2.35,1.061-2.35,2.351c0,1.3,1.06,2.359,2.35,2.359h3.99v8.74h7.33   v-2.57c0-2.08,1.69-3.77,3.76-3.77c2.08,0,3.77,1.689,3.77,3.77v2.57h7.33v-7.33h-2.57C36.66,72.09,34.97,70.4,34.97,68.32z"/><path d="M71.25,68.32c0-1.29-1.06-2.351-2.35-2.351h-3.99V57.23h-8.74v-3.98c0-1.3-1.05-2.35-2.35-2.36   c-1.29,0.011-2.34,1.061-2.34,2.36v3.98h-8.74v8.739h-3.99c-1.3,0-2.35,1.061-2.35,2.351c0,1.3,1.05,2.359,2.35,2.359h3.99v8.74   h8.74v3.98c0,1.3,1.05,2.359,2.35,2.359s2.35-1.06,2.35-2.359v-3.98h8.73v-8.74h3.99C70.2,70.68,71.25,69.62,71.25,68.32z"/><path d="M92.49,65.97h-3.98V57.23h-8.74v-3.99c0-0.641-0.26-1.23-0.689-1.66c-0.43-0.42-1.01-0.69-1.66-0.69   c-1.3,0-2.36,1.061-2.36,2.36v3.98h-8.72v7.329h2.57c2.07,0,3.76,1.69,3.76,3.761c0,2.08-1.689,3.77-3.76,3.77h-2.57v7.33h7.311   v-2.57c0-2.08,1.689-3.77,3.76-3.77c2.08,0,3.77,1.689,3.77,3.77v2.57h7.33v-8.74h3.98c1.3,0,2.359-1.06,2.359-2.359   C94.85,67.02,93.79,65.97,92.49,65.97z"/><path d="M59.98,44.73c0,1.29,1.06,2.35,2.359,2.35h3.98v8.74h7.33v-2.57c0-2.08,1.689-3.77,3.77-3.77c1.03,0,1.97,0.43,2.66,1.11   c0.68,0.68,1.1,1.62,1.1,2.66v2.57h7.33v-7.33H85.94c-2.08,0-3.771-1.69-3.771-3.77c0-2.07,1.69-3.76,3.771-3.76h2.569v-7.33h-8.74   v-3.98c0-1.3-1.06-2.36-2.35-2.36c-1.3,0-2.36,1.06-2.36,2.36v3.98H66.32v8.74h-3.98C61.04,42.37,59.98,43.43,59.98,44.73z"/><path d="M38.74,47.08h3.98v8.74h7.33v-2.57c0-1.04,0.42-1.98,1.11-2.67c0.68-0.68,1.62-1.1,2.66-1.1h0.01   c2.08,0,3.77,1.69,3.77,3.77v2.57h7.311v-7.33h-2.57c-2.08,0-3.77-1.69-3.77-3.77c0-2.07,1.689-3.76,3.77-3.76h2.57v-7.33h-8.74   v-3.98c0-1.3-1.06-2.36-2.35-2.36c-1.301,0-2.36,1.06-2.36,2.36v3.98h-8.74v8.74h-3.98c-1.3,0-2.36,1.06-2.36,2.35   C36.38,46.02,37.44,47.08,38.74,47.08z"/></g></svg>
--- a/webgoat-container/src/main/resources/static/css/main.css
+++ b/webgoat-container/src/main/resources/static/css/main.css
--- a/webgoat-container/src/main/resources/static/images/WebGoatFinancial/banklogo.jpg
+++ b/webgoat-container/src/main/resources/static/images/WebGoatFinancial/banklogo.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/catStarted.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/catStarted.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/cookies.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/cookies.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/cookiesOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/cookiesOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/help.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/help.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/helpOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/helpOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/hint.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/hint.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/hintLeft.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/hintLeft.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/hintLeftOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/hintLeftOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/hintOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/hintOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/hintRight.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/hintRight.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/hintRightOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/hintRightOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/html.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/html.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/htmlOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/htmlOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/java.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/java.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/javaOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/javaOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/lessonComplete.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/lessonComplete.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/logout.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/logout.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/logoutOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/logoutOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/params.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/params.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/paramsOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/paramsOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/plans.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/plans.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/plansOver.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/plansOver.jpg
--- a/webgoat-container/src/main/resources/static/images/buttons/solutions.jpg
+++ b/webgoat-container/src/main/resources/static/images/buttons/solutions.jpg
--- a/Show More
+++ b/Show More
`@ -1,2 +1,2 @@`
	`distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.2.1/apache-maven-3.2.1-bin.zip`	`distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.2.5/apache-maven-3.2.5-bin.zip`
	`wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar`	`wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar`
		`@ -0,0 +1 @@`
							<?xml version="1.0" ?><!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'><svg enable-background="new 0 0 100 100" height="75px" id="Calque_2" version="1.1" viewBox="0 0 100 100" width="75px" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g><path d="M16.64,33.53c0.63,0,1.25,0.16,1.81,0.46c0.88,0.49,1.52,1.28,1.8,2.25c0.28,0.97,0.18,1.98-0.31,2.86l-1.23,2.26 l6.43,3.52l3.52-6.43l-2.26-1.23c-1.82-1-2.49-3.29-1.5-5.11c0.67-1.21,1.93-1.96,3.31-1.96c0.63,0,1.25,0.16,1.81,0.46l2.25,1.24 l3.52-6.43l-7.67-4.2l1.92-3.49c0.62-1.14,0.2-2.57-0.94-3.2c-0.34-0.19-0.73-0.29-1.12-0.29c-0.87,0-1.66,0.47-2.07,1.23L24,18.96 l-7.67-4.2l-4.2,7.67l-3.49-1.91c-0.35-0.19-0.74-0.29-1.13-0.29c-0.86,0-1.65,0.47-2.07,1.22c-0.62,1.14-0.2,2.57,0.94,3.2 l3.49,1.91l-4.2,7.67l6.43,3.52l1.24-2.26C14,34.28,15.27,33.53,16.64,33.53z"/><path d="M34.97,68.32c0-2.07,1.69-3.761,3.77-3.761h2.57V57.23h-8.74v-3.98c0-1.3-1.06-2.36-2.36-2.36 c-1.29,0-2.35,1.061-2.35,2.36v3.98h-8.74v8.739h-3.99c-1.29,0-2.35,1.061-2.35,2.351c0,1.3,1.06,2.359,2.35,2.359h3.99v8.74h7.33 v-2.57c0-2.08,1.69-3.77,3.76-3.77c2.08,0,3.77,1.689,3.77,3.77v2.57h7.33v-7.33h-2.57C36.66,72.09,34.97,70.4,34.97,68.32z"/><path d="M71.25,68.32c0-1.29-1.06-2.351-2.35-2.351h-3.99V57.23h-8.74v-3.98c0-1.3-1.05-2.35-2.35-2.36 c-1.29,0.011-2.34,1.061-2.34,2.36v3.98h-8.74v8.739h-3.99c-1.3,0-2.35,1.061-2.35,2.351c0,1.3,1.05,2.359,2.35,2.359h3.99v8.74 h8.74v3.98c0,1.3,1.05,2.359,2.35,2.359s2.35-1.06,2.35-2.359v-3.98h8.73v-8.74h3.99C70.2,70.68,71.25,69.62,71.25,68.32z"/><path d="M92.49,65.97h-3.98V57.23h-8.74v-3.99c0-0.641-0.26-1.23-0.689-1.66c-0.43-0.42-1.01-0.69-1.66-0.69 c-1.3,0-2.36,1.061-2.36,2.36v3.98h-8.72v7.329h2.57c2.07,0,3.76,1.69,3.76,3.761c0,2.08-1.689,3.77-3.76,3.77h-2.57v7.33h7.311 v-2.57c0-2.08,1.689-3.77,3.76-3.77c2.08,0,3.77,1.689,3.77,3.77v2.57h7.33v-8.74h3.98c1.3,0,2.359-1.06,2.359-2.359 C94.85,67.02,93.79,65.97,92.49,65.97z"/><path d="M59.98,44.73c0,1.29,1.06,2.35,2.359,2.35h3.98v8.74h7.33v-2.57c0-2.08,1.689-3.77,3.77-3.77c1.03,0,1.97,0.43,2.66,1.11 c0.68,0.68,1.1,1.62,1.1,2.66v2.57h7.33v-7.33H85.94c-2.08,0-3.771-1.69-3.771-3.77c0-2.07,1.69-3.76,3.771-3.76h2.569v-7.33h-8.74 v-3.98c0-1.3-1.06-2.36-2.35-2.36c-1.3,0-2.36,1.06-2.36,2.36v3.98H66.32v8.74h-3.98C61.04,42.37,59.98,43.43,59.98,44.73z"/><path d="M38.74,47.08h3.98v8.74h7.33v-2.57c0-1.04,0.42-1.98,1.11-2.67c0.68-0.68,1.62-1.1,2.66-1.1h0.01 c2.08,0,3.77,1.69,3.77,3.77v2.57h7.311v-7.33h-2.57c-2.08,0-3.77-1.69-3.77-3.77c0-2.07,1.689-3.76,3.77-3.76h2.57v-7.33h-8.74 v-3.98c0-1.3-1.06-2.36-2.35-2.36c-1.301,0-2.36,1.06-2.36,2.36v3.98h-8.74v8.74h-3.98c-1.3,0-2.36,1.06-2.36,2.35 C36.38,46.02,37.44,47.08,38.74,47.08z"/></g></svg>