diff --git a/IAC/ec2.tf b/IAC/ec2.tf
deleted file mode 100644
index ef6cf82..0000000
--- a/IAC/ec2.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-resource "aws_instance" "web_host" {
-  # ec2 have plain text secrets in user data
-  ami           = "${var.ami}"
-  instance_type = "t2.nano"
-
-  vpc_security_group_ids = [
-    "${aws_security_group.web-node.id}"]
-  subnet_id = "${aws_subnet.web_subnet.id}"
-  user_data = <<EOF
-#! /bin/bash
-sudo apt-get update
-sudo apt-get install -y apache2
-sudo systemctl start apache2
-sudo systemctl enable apache2
-export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMAAA
-export AWS_SECRET_ACCESS_KEY=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
-export AWS_DEFAULT_REGION=us-west-2
-echo "<h1>Deployed via Terraform</h1>" | sudo tee /var/www/html/index.html
-EOF
-  tags = merge({
-    Name = "${local.resource_prefix.value}-ec2"
-  }, {
-    git_commit           = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
-    git_file             = "terraform/aws/ec2.tf"
-    git_last_modified_at = "2020-06-16 14:46:24"
-    git_last_modified_by = "jmagee@paloaltonetworks.com"
-    git_modifiers        = "jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "347af3cd-4f70-4632-aca3-4d5e30ffc0b6"
-  })
-}
diff --git a/IAC/s3.tf b/IAC/s3.tf
deleted file mode 100644
index 45afe45..0000000
--- a/IAC/s3.tf
+++ /dev/null
@@ -1,141 +0,0 @@
-resource "aws_s3_bucket" "data" {
-  # bucket is public
-  # bucket is not encrypted
-  # bucket does not have access logs
-  # bucket does not have versioning
-  bucket        = "${local.resource_prefix.value}-data"
-  force_destroy = true
-  tags = merge({
-    Name        = "${local.resource_prefix.value}-data"
-    Environment = local.resource_prefix.value
-  }, {
-    git_commit           = "4d57f83ca4d3a78a44fb36d1dcf0d23983fa44f5"
-    git_file             = "terraform/aws/s3.tf"
-    git_last_modified_at = "2022-05-18 07:08:06"
-    git_last_modified_by = "jmagee@paloaltonetworks.com"
-    git_modifiers        = "34870196+LironElbaz/nimrod/nimrodkor/jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "0874007d-903a-4b4c-945f-c9c233e13243"
-  })
-}
-
-resource "aws_s3_bucket_object" "data_object" {
-  bucket = aws_s3_bucket.data.id
-  key    = "customer-master.xlsx"
-  source = "resources/customer-master.xlsx"
-  tags = merge({
-    Name        = "${local.resource_prefix.value}-customer-master"
-    Environment = local.resource_prefix.value
-  }, {
-    git_commit           = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
-    git_file             = "terraform/aws/s3.tf"
-    git_last_modified_at = "2020-06-16 14:46:24"
-    git_last_modified_by = "njmagee@paloaltonetworks.com"
-    git_modifiers        = "jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "a7f01cc7-63c2-41a8-8555-6665e5e39a64"
-  })
-}
-
-resource "aws_s3_bucket" "financials" {
-  # bucket is not encrypted
-  # bucket does not have access logs
-  # bucket does not have versioning
-  bucket        = "${local.resource_prefix.value}-financials"
-  acl           = "private"
-  force_destroy = true
-  tags = merge({
-    Name        = "${local.resource_prefix.value}-financials"
-    Environment = local.resource_prefix.value
-  }, {
-    git_commit           = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
-    git_file             = "terraform/aws/s3.tf"
-    git_last_modified_at = "2020-06-16 14:46:24"
-    git_last_modified_by = "jmagee@paloaltonetworks.com"
-    git_modifiers        = "jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "0e012640-b597-4e5d-9378-d4b584aea913"
-  })
-
-}
-
-resource "aws_s3_bucket" "operations" {
-  # bucket is not encrypted
-  # bucket does not have access logs
-  bucket = "${local.resource_prefix.value}-operations"
-  acl    = "private"
-  versioning {
-    enabled = true
-  }
-  force_destroy = true
-  tags = merge({
-    Name        = "${local.resource_prefix.value}-operations"
-    Environment = local.resource_prefix.value
-  }, {
-    git_commit           = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
-    git_file             = "terraform/aws/s3.tf"
-    git_last_modified_at = "2020-06-16 14:46:24"
-    git_last_modified_by = "jmagee@paloaltonetworks.com"
-    git_modifiers        = "jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "29efcf7b-22a8-4bd6-8e14-1f55b3a2d743"
-  })
-}
-
-resource "aws_s3_bucket" "data_science" {
-  # bucket is not encrypted
-  bucket = "${local.resource_prefix.value}-data-science"
-  acl    = "private"
-  versioning {
-    enabled = true
-  }
-  logging {
-    target_bucket = "${aws_s3_bucket.logs.id}"
-    target_prefix = "log/"
-  }
-  force_destroy = true
-  tags = {
-    git_commit           = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
-    git_file             = "terraform/aws/s3.tf"
-    git_last_modified_at = "2020-06-16 14:46:24"
-    git_last_modified_by = "jmagee@paloaltonetworks.com"
-    git_modifiers        = "jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "9a7c8788-5655-4708-bbc3-64ead9847f64"
-  }
-}
-
-resource "aws_s3_bucket" "logs" {
-  bucket = "${local.resource_prefix.value}-logs"
-  acl    = "log-delivery-write"
-  versioning {
-    enabled = true
-  }
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm     = "aws:kms"
-        kms_master_key_id = "${aws_kms_key.logs_key.arn}"
-      }
-    }
-  }
-  force_destroy = true
-  tags = merge({
-    Name        = "${local.resource_prefix.value}-logs"
-    Environment = local.resource_prefix.value
-  }, {
-    git_commit           = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
-    git_file             = "terraform/aws/s3.tf"
-    git_last_modified_at = "2020-06-16 14:46:24"
-    git_last_modified_by = "jmagee@paloaltonetworks.com"
-    git_modifiers        = "jmagee"
-    git_org              = "bridgecrewio"
-    git_repo             = "terragoat"
-    yor_trace            = "01946fe9-aae2-4c99-a975-e9b0d3a4696c"
-  })
-}
diff --git a/IAC/s3bucket.yaml b/IAC/s3bucket.yaml
deleted file mode 100644
index 5a22548..0000000
--- a/IAC/s3bucket.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Metadata:
-  License: Apache-2.0
-Description: 'AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete:
-  Sample template showing how to create a publicly accessible S3 bucket configured
-  for website access with a deletion policy of retain on delete. **WARNING** This
-  template creates an S3 bucket that will NOT be deleted when the stack is deleted.
-  You will be billed for the AWS resources used if you create a stack from this template.'
-Resources:
-  S3Bucket:
-    Type: AWS::S3::Bucket
-    Properties:
-      AccessControl: PublicRead
-      WebsiteConfiguration:
-        IndexDocument: index.html
-        ErrorDocument: error.html
-    DeletionPolicy: Retain
-Outputs:
-  WebsiteURL:
-    Value: !GetAtt [S3Bucket, WebsiteURL]
-    Description: URL for website hosted on S3
-  S3BucketSecureURL:
-    Value: !Join ['', ['https://', !GetAtt [S3Bucket, DomainName]]]
-    Description: Name of S3 bucket to hold website content
\ No newline at end of file
diff --git a/IAC/storage.bicep b/IAC/storage.bicep
deleted file mode 100644
index 9dd77d4..0000000
--- a/IAC/storage.bicep
+++ /dev/null
@@ -1,49 +0,0 @@
-@description('Name of environment')
-param env string = 'dev'
-
-@description('Default location for all resources.')
-param location string = resourceGroup().location
-
-var name = 'bicepgoat'
-
-resource datadisk 'Microsoft.Compute/disks@2021-12-01' = {
-  name: '${name}-disk-${env}'
-  location: location
-  sku: {
-    name: 'Standard_LRS'
-  }
-
-  properties: {
-    diskSizeGB: 10
-    encryptionSettingsCollection: {
-      enabled: false
-    }
-  }
-}
-
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-01-01' = {
-  name: '${name}-sa-${env}'
-  location: location
-  kind: 'StorageV2'
-  sku: {
-    name: 'Standard_GRS'
-  }
-
-  properties: {
-    supportsHttpsTrafficOnly: false
-
-    networkAcls: {
-      bypass: 'None'
-      defaultAction: 'Deny'
-    }
-  }
-
-  resource configWeb 'config' = {
-    name: 'web'
-
-    properties: {
-      minTlsVersion: '1.1'
-      remoteDebuggingEnabled: true
-    }
-  }
-}
\ No newline at end of file
diff --git a/SCA/pom.xml b/SCA/pom.xml
deleted file mode 100644
index c245fb2..0000000
--- a/SCA/pom.xml
+++ /dev/null
@@ -1,128 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>com.checkmarx.app</groupId>
-    <artifactId>sca-big-goat</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0-SNAPSHOT</version>
-    <name>sca-big-goat</name>
-    <url>http://maven.apache.org</url>
-
-    <properties>
-        <!-- This property will be set by the Maven Dependency plugin -->
-        <annotatedJdk>${org.checkerframework:jdk8:jar}</annotatedJdk>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>commons-httpclient</groupId>
-            <artifactId>commons-httpclient</artifactId>
-            <version>3.1</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <version>3.2.2</version>
-        </dependency>
-        <dependency>
-            <groupId>dom4j</groupId>
-            <artifactId>dom4j</artifactId>
-            <version>1.6.1</version>
-        </dependency>
-        <dependency>
-            <groupId>axis</groupId>
-            <artifactId>axis</artifactId>
-            <version>1.4</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpasyncclient</artifactId>
-            <version>4.1.4</version>
-        </dependency>
-        <dependency>
-            <groupId>ca.juliusdavies</groupId>
-            <artifactId>not-yet-commons-ssl</artifactId>
-            <version>0.3.9</version>
-        </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15</artifactId>
-            <version>1.46</version>
-        </dependency>
-        <dependency>
-            <groupId>org.webjars</groupId>
-            <artifactId>jquery</artifactId>
-            <version>3.5.1</version>
-        </dependency>
-        <dependency>
-            <groupId>org.beanshell</groupId>
-            <artifactId>bsh</artifactId>
-            <version>2.0b5</version>
-        </dependency>
-        <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-core-asl</artifactId>
-            <version>1.9.13</version>
-        </dependency>
-        <dependency>
-            <groupId>org.mortbay.jetty</groupId>
-            <artifactId>jetty-util</artifactId>
-            <version>6.1.26</version>
-        </dependency>
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty</artifactId>
-            <version>3.10.6.Final</version>
-        </dependency>
-        <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.17</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sf.dozer</groupId>
-            <artifactId>dozer</artifactId>
-            <version>5.5.1</version>
-        </dependency>
-        <dependency>
-            <groupId>org.beanshell</groupId>
-            <artifactId>bsh</artifactId>
-            <version>2.0b4</version>
-        </dependency>
-        <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-mapper-asl</artifactId>
-            <version>1.9.13</version>
-        </dependency>
-        <dependency>
-            <groupId>taglibs</groupId>
-            <artifactId>standard</artifactId>
-            <version>1.1.2</version>
-        </dependency>
-        <dependency>
-            <groupId>org.simpleframework</groupId>
-            <artifactId>simple-xml</artifactId>
-            <version>2.7.1</version>
-        </dependency>
-        <dependency>
-            <groupId>ant</groupId>
-            <artifactId>ant</artifactId>
-            <version>1.6.5</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.spark</groupId>
-            <artifactId>spark-core_2.11</artifactId>
-            <version>2.4.7</version>
-        </dependency>
-        <dependency>
-            <groupId>org.mortbay.jetty</groupId>
-            <artifactId>jetty</artifactId>
-            <version>6.1.26</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-yarn-server-nodemanager</artifactId>
-            <version>3.3.0</version>
-        </dependency>
-    </dependencies>
-</project>
diff --git a/SCA/requirements.txt b/SCA/requirements.txt
deleted file mode 100644
index 6ecc4ce..0000000
--- a/SCA/requirements.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-parso==0.8.1
-pycrypto==2.6.1
-oauth2==1.9.0.post1
-httplib2==0.17.4
-Django==1.11.1
-PyYAML==3.13
-urllib3==1.23
-requests==2.2.1
-PyYAML==5.1
-Django==1.7.1
-ansible==2.8.8
-Werkzeug==0.15.3
-urllib3==1.25.2
-Jinja2==2.10.1
-Pygments==2.0.2
-pandas==0.24.2
-python-gnupg==0.4.3
-PyJWT==0.4.2
-rsa==3.4.2
-requests==2.19.1
-urllib3==1.24.2
-Django==3.1
-Pillow==7.1.0
-pycrypto==2.4
-tensorflow==1.14.0
-Jinja2==2.7.2
-Flask==0.11.1
-feedparser==5.1.1
-mercurial==4.8.2
-buildbot==0.7.11
-notebook==5.7.10
-httplib2==0.12.0
-lodash==3.10.1
-sphinx==3.0.3
-sphinx-py3doc-enhanced-theme==2.4.0
-docutils==0.16
--e .
-
diff --git a/Secrets/app1.js b/Secrets/app1.js
deleted file mode 100644
index 7490c8a..0000000
--- a/Secrets/app1.js
+++ /dev/null
@@ -1,2 +0,0 @@
-const SEC_1 = "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"
-const SEC_3 = "dsapi45202d12abdce73c004a9e0be24a21b2"
\ No newline at end of file
diff --git a/Secrets/config.js b/Secrets/config.js
deleted file mode 100644
index 430f192..0000000
--- a/Secrets/config.js
+++ /dev/null
@@ -1,2 +0,0 @@
-const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472"
-const JIRA = "5FP0NmFYz81U32XdjNb42762"
\ No newline at end of file
diff --git a/introduction/__init__.py b/introduction/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/admin.py b/introduction/admin.py
new file mode 100644
index 0000000..ac46364
--- /dev/null
+++ b/introduction/admin.py
@@ -0,0 +1,13 @@
+from django.contrib import admin
+from .models import FAANG,info,login,comments,otp,tickits,CF_user,AF_admin,AF_session_id
+
+# Register your models here.
+admin.site.register(FAANG)
+admin.site.register(info)
+admin.site.register(login)
+admin.site.register(comments)
+admin.site.register(otp)
+admin.site.register(tickits)
+admin.site.register(CF_user)
+admin.site.register(AF_admin)
+admin.site.register(AF_session_id)
\ No newline at end of file
diff --git a/introduction/apis.py b/introduction/apis.py
new file mode 100644
index 0000000..2880832
--- /dev/null
+++ b/introduction/apis.py
@@ -0,0 +1,45 @@
+from django.http import JsonResponse
+from django.shortcuts import redirect
+from introduction.playground.ssrf import main
+from django.contrib.auth import login,authenticate
+from .utility import *
+from django.views.decorators.csrf import csrf_exempt
+import time
+# steps --> 
+# 1. covert input code to corrosponding code and write in file
+# 2. extract inputs form 2nd code 
+# 3. Run the code 
+# 4. get the result
+@csrf_exempt
+def ssrf_code_checker(request):
+    if request.user.is_authenticated:
+        if request.method == 'POST':
+            python_code = request.POST['python_code']
+            html_code = request.POST['html_code']
+            if not (ssrf_code_converter(python_code)):
+                return JsonResponse({"status": "error", "message": "Invalid code"})
+            test_bench1 = ssrf_html_input_extractor(html_code)
+            
+            if (len(test_bench1) >4):
+                return JsonResponse({'message':'too many inputs in Html\n Try again'},status = 400)
+            test_bench2 = ['secret.txt']
+            correct_output1 = [{"blog": "blog1-passed"}, {"blog": "blog2-passed"}, {"blog": "blog3-passed"}, {"blog": "blog4-passed"}]
+            outputs = []
+            for inputs in test_bench1:
+                outputs.append(main.ssrf_lab(inputs))
+            if outputs == correct_output1:
+                outputs = []
+            else:
+                return JsonResponse({'message':'Testbench failed, Code is not working\n Try again'},status = 200)
+
+            correct_output2 = [{"blog": "No blog found"}]
+            for inputs in test_bench2:
+                outputs.append(main.ssrf_lab(inputs))
+            if outputs == correct_output2:
+                return JsonResponse({'message':'Congratulation, you have written a secure code.', 'passed':1}, status = 200)
+            
+            return JsonResponse({'message':'Test bench passed but the code is not secure'}, status = 200,safe = False)
+        else:
+            return JsonResponse({'message':'method not allowed'},status = 405)
+    else:
+        return JsonResponse({'message':'UnAuthenticated User'},status = 401)
\ No newline at end of file
diff --git a/introduction/apps.py b/introduction/apps.py
new file mode 100644
index 0000000..1710c5b
--- /dev/null
+++ b/introduction/apps.py
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class IntroductionConfig(AppConfig):
+    name = 'introduction'
diff --git a/introduction/forms.py b/introduction/forms.py
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/lab_code/test.py b/introduction/lab_code/test.py
new file mode 100644
index 0000000..71eda68
--- /dev/null
+++ b/introduction/lab_code/test.py
@@ -0,0 +1,29 @@
+'''
+import subprocess, json
+
+
+cmd_str = "pwd; ls"
+process = subprocess.Popen(
+    cmd_str,
+    shell=True,
+    stdout=subprocess.PIPE, 
+    stderr=subprocess.PIPE)
+stdout, stderr = process.communicate()
+data = stdout.decode('utf-8')
+stderr = stderr.decode('utf-8')
+# res = json.loads(data)
+# print("Stdout\n" + data)
+print(data + stderr)
+'''
+import yaml, subprocess
+stream = open('/home/fox/test.yaml', 'r')
+data = yaml.load(stream)
+
+'''
+stdout, stderr = data.communicate()
+stdout = stdout.decode('utf-8')
+stderr = stderr.decode('utf-8')
+'''
+print(data + "\n")
+# print(stdout + "\n")
+# print(stderr + "\n")
\ No newline at end of file
diff --git a/introduction/migrations/0001_initial.py b/introduction/migrations/0001_initial.py
new file mode 100644
index 0000000..6186a16
--- /dev/null
+++ b/introduction/migrations/0001_initial.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.0.6 on 2021-04-13 18:32
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='FAANG',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('company', models.CharField(max_length=200)),
+                ('ceo', models.CharField(max_length=200)),
+                ('about', models.CharField(max_length=200)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0002_auto_20210414_1510.py b/introduction/migrations/0002_auto_20210414_1510.py
new file mode 100644
index 0000000..0b3b7ee
--- /dev/null
+++ b/introduction/migrations/0002_auto_20210414_1510.py
@@ -0,0 +1,31 @@
+# Generated by Django 3.0.6 on 2021-04-14 09:40
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='faang',
+            name='about',
+        ),
+        migrations.RemoveField(
+            model_name='faang',
+            name='ceo',
+        ),
+        migrations.CreateModel(
+            name='info',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('ceo', models.CharField(max_length=200)),
+                ('about', models.CharField(max_length=200)),
+                ('faang', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='introduction.FAANG')),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0003_password_user.py b/introduction/migrations/0003_password_user.py
new file mode 100644
index 0000000..a78e9f2
--- /dev/null
+++ b/introduction/migrations/0003_password_user.py
@@ -0,0 +1,29 @@
+# Generated by Django 3.0.6 on 2021-04-15 10:50
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0002_auto_20210414_1510'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='user',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('user', models.CharField(max_length=200)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='password',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=300)),
+                ('username', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='introduction.user')),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0004_auto_20210415_1722.py b/introduction/migrations/0004_auto_20210415_1722.py
new file mode 100644
index 0000000..075fb54
--- /dev/null
+++ b/introduction/migrations/0004_auto_20210415_1722.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.0.6 on 2021-04-15 11:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0003_password_user'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='password',
+            field=models.CharField(default=0, max_length=300),
+            preserve_default=False,
+        ),
+        migrations.DeleteModel(
+            name='password',
+        ),
+    ]
diff --git a/introduction/migrations/0005_auto_20210415_1748.py b/introduction/migrations/0005_auto_20210415_1748.py
new file mode 100644
index 0000000..1dc836f
--- /dev/null
+++ b/introduction/migrations/0005_auto_20210415_1748.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.0.6 on 2021-04-15 12:18
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0004_auto_20210415_1722'),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name='user',
+            new_name='login',
+        ),
+    ]
diff --git a/introduction/migrations/0006_comments.py b/introduction/migrations/0006_comments.py
new file mode 100644
index 0000000..e5f09f3
--- /dev/null
+++ b/introduction/migrations/0006_comments.py
@@ -0,0 +1,21 @@
+# Generated by Django 3.0.6 on 2021-04-17 08:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0005_auto_20210415_1748'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='comments',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=200)),
+                ('comment', models.CharField(max_length=400)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0007_auto_20210418_0022.py b/introduction/migrations/0007_auto_20210418_0022.py
new file mode 100644
index 0000000..1208434
--- /dev/null
+++ b/introduction/migrations/0007_auto_20210418_0022.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.0.6 on 2021-04-17 18:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0006_comments'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='comments',
+            name='comment',
+            field=models.CharField(max_length=600),
+        ),
+    ]
diff --git a/introduction/migrations/0008_otp.py b/introduction/migrations/0008_otp.py
new file mode 100644
index 0000000..b7b961c
--- /dev/null
+++ b/introduction/migrations/0008_otp.py
@@ -0,0 +1,21 @@
+# Generated by Django 3.0.6 on 2021-04-24 06:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0007_auto_20210418_0022'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='otp',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('email', models.CharField(max_length=200)),
+                ('otp', models.IntegerField(max_length=300)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0009_auto_20210517_2047.py b/introduction/migrations/0009_auto_20210517_2047.py
new file mode 100644
index 0000000..14cd525
--- /dev/null
+++ b/introduction/migrations/0009_auto_20210517_2047.py
@@ -0,0 +1,19 @@
+# Generated by Django 3.0.6 on 2021-05-17 15:17
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0008_otp'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='otp',
+            name='otp',
+            field=models.IntegerField(validators=[django.core.validators.MaxValueValidator(300)]),
+        ),
+    ]
diff --git a/introduction/migrations/0010_authlogin.py b/introduction/migrations/0010_authlogin.py
new file mode 100644
index 0000000..fe7a7d0
--- /dev/null
+++ b/introduction/migrations/0010_authlogin.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.1.13 on 2022-02-10 08:58
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0009_auto_20210517_2047'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='authLogin',
+            fields=[
+                ('username', models.CharField(max_length=200, unique=True)),
+                ('name', models.CharField(max_length=200)),
+                ('password', models.CharField(max_length=200)),
+                ('userid', models.AutoField(primary_key=True, serialize=False)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0011_tickits.py b/introduction/migrations/0011_tickits.py
new file mode 100644
index 0000000..3279db0
--- /dev/null
+++ b/introduction/migrations/0011_tickits.py
@@ -0,0 +1,22 @@
+# Generated by Django 4.0.3 on 2022-03-19 11:21
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0010_authlogin'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='tickits',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('tickit', models.CharField(max_length=40, unique=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='introduction.authlogin')),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0012_alter_tickits_user.py b/introduction/migrations/0012_alter_tickits_user.py
new file mode 100644
index 0000000..76c0e0a
--- /dev/null
+++ b/introduction/migrations/0012_alter_tickits_user.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.0.3 on 2022-03-19 12:06
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('introduction', '0011_tickits'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='tickits',
+            name='user',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+        ),
+    ]
diff --git a/introduction/migrations/0013_alter_comments_id_alter_faang_id_alter_info_id_and_more.py b/introduction/migrations/0013_alter_comments_id_alter_faang_id_alter_info_id_and_more.py
new file mode 100644
index 0000000..bb01a3e
--- /dev/null
+++ b/introduction/migrations/0013_alter_comments_id_alter_faang_id_alter_info_id_and_more.py
@@ -0,0 +1,43 @@
+# Generated by Django 4.0.2 on 2022-03-21 21:06
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0012_alter_tickits_user'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='comments',
+            name='id',
+            field=models.AutoField(primary_key=True, serialize=False),
+        ),
+        migrations.AlterField(
+            model_name='faang',
+            name='id',
+            field=models.AutoField(primary_key=True, serialize=False),
+        ),
+        migrations.AlterField(
+            model_name='info',
+            name='id',
+            field=models.AutoField(primary_key=True, serialize=False),
+        ),
+        migrations.AlterField(
+            model_name='login',
+            name='id',
+            field=models.AutoField(primary_key=True, serialize=False),
+        ),
+        migrations.AlterField(
+            model_name='otp',
+            name='id',
+            field=models.AutoField(primary_key=True, serialize=False),
+        ),
+        migrations.AlterField(
+            model_name='tickits',
+            name='id',
+            field=models.AutoField(primary_key=True, serialize=False),
+        ),
+    ]
diff --git a/introduction/migrations/0014_sql_lab_table.py b/introduction/migrations/0014_sql_lab_table.py
new file mode 100644
index 0000000..1dbda83
--- /dev/null
+++ b/introduction/migrations/0014_sql_lab_table.py
@@ -0,0 +1,20 @@
+# Generated by Django 4.0.3 on 2022-04-23 09:41
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0013_alter_comments_id_alter_faang_id_alter_info_id_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='sql_lab_table',
+            fields=[
+                ('id', models.CharField(max_length=200, primary_key=True, serialize=False)),
+                ('password', models.CharField(max_length=200)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0015_blogs.py b/introduction/migrations/0015_blogs.py
new file mode 100644
index 0000000..9f9f2e9
--- /dev/null
+++ b/introduction/migrations/0015_blogs.py
@@ -0,0 +1,24 @@
+# Generated by Django 4.0.2 on 2022-06-07 12:40
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('introduction', '0014_sql_lab_table'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Blogs',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('blog_id', models.CharField(max_length=15)),
+                ('author', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0016_alter_blogs_blog_id.py b/introduction/migrations/0016_alter_blogs_blog_id.py
new file mode 100644
index 0000000..55c7d6e
--- /dev/null
+++ b/introduction/migrations/0016_alter_blogs_blog_id.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.0.2 on 2022-06-07 12:42
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0015_blogs'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='blogs',
+            name='blog_id',
+            field=models.CharField(max_length=15, unique=True),
+        ),
+    ]
diff --git a/introduction/migrations/0017_cf_user.py b/introduction/migrations/0017_cf_user.py
new file mode 100644
index 0000000..2aee465
--- /dev/null
+++ b/introduction/migrations/0017_cf_user.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.0.2 on 2022-06-15 09:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0016_alter_blogs_blog_id'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CF_user',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('username', models.CharField(max_length=200)),
+                ('password', models.CharField(max_length=200)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0018_cf_user_password2.py b/introduction/migrations/0018_cf_user_password2.py
new file mode 100644
index 0000000..3ff76b2
--- /dev/null
+++ b/introduction/migrations/0018_cf_user_password2.py
@@ -0,0 +1,19 @@
+# Generated by Django 4.0.2 on 2022-06-17 07:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0017_cf_user'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='cf_user',
+            name='password2',
+            field=models.CharField(default='ok', max_length=64),
+            preserve_default=False,
+        ),
+    ]
diff --git a/introduction/migrations/0019_af_admin.py b/introduction/migrations/0019_af_admin.py
new file mode 100644
index 0000000..2044375
--- /dev/null
+++ b/introduction/migrations/0019_af_admin.py
@@ -0,0 +1,27 @@
+# Generated by Django 4.0.4 on 2022-06-28 15:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0018_cf_user_password2'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AF_admin',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('username', models.CharField(max_length=200)),
+                ('password', models.CharField(max_length=200)),
+                ('session_id', models.CharField(max_length=200)),
+                ('last_login', models.DateTimeField(blank=True, null=True)),
+                ('logged_in', models.BooleanField(default=False)),
+                ('is_locked', models.BooleanField(default=False)),
+                ('failattempt', models.IntegerField(default=0)),
+                ('lockout_cooldown', models.DateField(blank=True, null=True)),
+            ],
+        ),
+    ]
diff --git a/introduction/migrations/0020_af_session_id_alter_af_admin_lockout_cooldown.py b/introduction/migrations/0020_af_session_id_alter_af_admin_lockout_cooldown.py
new file mode 100644
index 0000000..d264a83
--- /dev/null
+++ b/introduction/migrations/0020_af_session_id_alter_af_admin_lockout_cooldown.py
@@ -0,0 +1,26 @@
+# Generated by Django 4.0.4 on 2022-06-30 13:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('introduction', '0019_af_admin'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AF_session_id',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('session_id', models.CharField(max_length=200)),
+                ('user', models.CharField(max_length=200)),
+            ],
+        ),
+        migrations.AlterField(
+            model_name='af_admin',
+            name='lockout_cooldown',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+    ]
diff --git a/introduction/migrations/__init__.py b/introduction/migrations/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/models.py b/introduction/models.py
new file mode 100644
index 0000000..9efbd4f
--- /dev/null
+++ b/introduction/models.py
@@ -0,0 +1,86 @@
+from django.db import models
+from django.core.validators import MaxValueValidator
+from django.conf import settings
+# Create your models here.
+
+class FAANG (models.Model):
+    id = models.AutoField(primary_key=True)
+    company=models.CharField(max_length=200);
+    def __str__(self):
+        return self.company;
+
+class info(models.Model):
+    id = models.AutoField(primary_key=True)
+    faang=models.ForeignKey(to=FAANG,on_delete=models.CASCADE)
+
+    ceo=models.CharField(max_length=200)
+    about=models.CharField(max_length=200)
+
+class login(models.Model):
+    id = models.AutoField(primary_key=True)
+    user=models.CharField(max_length=200)
+    password=models.CharField(max_length=300)
+
+class comments(models.Model):
+    id = models.AutoField(primary_key=True)
+    name=models.CharField(max_length=200)
+    comment=models.CharField(max_length=600)
+
+class authLogin(models.Model):
+    username=models.CharField(max_length=200, unique = True)
+    name=models.CharField(max_length=200)
+    password=models.CharField(max_length=200)
+    userid = models.AutoField(primary_key=True)
+
+class otp(models.Model):
+    id = models.AutoField(primary_key=True)
+    email=models.CharField(max_length=200)
+    otp=models.IntegerField(validators=[MaxValueValidator(300)])
+
+class tickits(models.Model):
+    id = models.AutoField(primary_key=True)
+    user=models.ForeignKey(settings.AUTH_USER_MODEL,on_delete=models.CASCADE)
+    tickit=models.CharField(max_length=40, unique = True)
+
+    def __str__(self):
+        return self.tickit+ " " + self.user.username; 
+
+class sql_lab_table(models.Model):
+    id = models.CharField(primary_key = True, max_length=200)
+    password = models.CharField(max_length=200)
+
+class Blogs(models.Model):
+    id = models.AutoField(primary_key=True)
+    author = models.ForeignKey(settings.AUTH_USER_MODEL,on_delete=models.CASCADE)
+    blog_id = models.CharField(max_length=15, unique=True)
+    def __str__(self):
+        return self.blog_id
+
+class CF_user(models.Model):
+    id = models.AutoField(primary_key=True)
+    username = models.CharField(max_length=200)
+    password = models.CharField(max_length=200)
+    password2 = models.CharField(max_length=64)
+    def __str__(self):
+        return self.username
+
+class AF_admin(models.Model):
+    id = models.AutoField(primary_key=True)
+    username = models.CharField(max_length=200)
+    password = models.CharField(max_length=200)
+    session_id = models.CharField(max_length=200)
+    last_login = models.DateTimeField(blank= True, null = True)
+    logged_in = models.BooleanField(default=False)
+    is_locked = models.BooleanField(default=False)
+    failattempt = models.IntegerField(default=0)
+    lockout_cooldown = models.DateTimeField(blank= True, null = True)
+
+    def __str__(self):
+        return self.username
+
+class AF_session_id(models.Model):
+    id = models.AutoField(primary_key=True)
+    session_id = models.CharField(max_length=200)
+    user = models.CharField(max_length=200)
+    def __str__(self):
+        return self.user
\ No newline at end of file
diff --git a/introduction/playground/__init__.py b/introduction/playground/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/playground/readme.md b/introduction/playground/readme.md
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/playground/ssrf/__init__.py b/introduction/playground/ssrf/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/playground/ssrf/main.py b/introduction/playground/ssrf/main.py
new file mode 100644
index 0000000..f95edd8
--- /dev/null
+++ b/introduction/playground/ssrf/main.py
@@ -0,0 +1,10 @@
+import os
+def ssrf_lab(file):
+    try:
+        dirname = os.path.dirname(__file__)
+        filename = os.path.join(dirname, file)
+        file = open(filename,"r")
+        data = file.read()
+        return {"blog":data}
+    except:
+        return {"blog": "No blog found"}
\ No newline at end of file
diff --git a/introduction/playground/ssrf/secret.txt b/introduction/playground/ssrf/secret.txt
new file mode 100644
index 0000000..e4d7046
--- /dev/null
+++ b/introduction/playground/ssrf/secret.txt
@@ -0,0 +1 @@
+Failed
\ No newline at end of file
diff --git a/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog1.txt b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog1.txt
new file mode 100644
index 0000000..d994caf
--- /dev/null
+++ b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog1.txt
@@ -0,0 +1 @@
+blog1-passed
\ No newline at end of file
diff --git a/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog2.txt b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog2.txt
new file mode 100644
index 0000000..9884fed
--- /dev/null
+++ b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog2.txt
@@ -0,0 +1 @@
+blog2-passed
\ No newline at end of file
diff --git a/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog3.txt b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog3.txt
new file mode 100644
index 0000000..df0152e
--- /dev/null
+++ b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog3.txt
@@ -0,0 +1 @@
+blog3-passed
\ No newline at end of file
diff --git a/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog4.txt b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog4.txt
new file mode 100644
index 0000000..de88946
--- /dev/null
+++ b/introduction/playground/ssrf/templates/Lab/ssrf/blogs/blog4.txt
@@ -0,0 +1 @@
+blog4-passed
\ No newline at end of file
diff --git a/introduction/playground/ssrf/test.py b/introduction/playground/ssrf/test.py
new file mode 100644
index 0000000..5fbdffc
--- /dev/null
+++ b/introduction/playground/ssrf/test.py
@@ -0,0 +1,33 @@
+## input 
+'''
+def ssrf_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":"Read Blog About SSRF"})
+        else:
+            file=request.POST["blog"]
+            try :
+                dirname = os.path.dirname(__file__)
+                filename = os.path.join(dirname, file)
+                file = open(filename,"r")
+                data = file.read()
+                return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":data})
+            except:
+                return render(request, "Lab/ssrf/ssrf_lab.html", {"blog": "No blog found"})
+    else:
+        return redirect('login')'''
+
+## output 
+'''
+def ssrf_lab(file):
+    try :
+        dirname = os.path.dirname(__file__)
+        filename = os.path.join(dirname, file)
+        file = open(filename,"r")
+        data = file.read()
+        print(data)
+        return {"blog":data}
+    except:
+        return {"blog": "No blog found"}
+
+'''
\ No newline at end of file
diff --git a/introduction/static/Lab/icons/pygoat-mini.png b/introduction/static/Lab/icons/pygoat-mini.png
new file mode 100644
index 0000000..0189bb0
Binary files /dev/null and b/introduction/static/Lab/icons/pygoat-mini.png differ
diff --git a/introduction/static/Lab/icons/pygoat-mini.svg b/introduction/static/Lab/icons/pygoat-mini.svg
new file mode 100644
index 0000000..47e5808
--- /dev/null
+++ b/introduction/static/Lab/icons/pygoat-mini.svg
@@ -0,0 +1,26 @@
+<svg width="122" height="123" viewBox="0 0 122 123" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M80.568 49.0039H75.3497V55.2791C75.3497 55.8788 75.0608 57.5083 73.9053 59.2285C72.7498 60.9486 71.7155 61.6819 69.3859 61.9491H58.2969C56.3711 61.8468 52.0908 61.9404 50.3762 63.134C48.6616 64.3275 48.0777 66.2935 48 67.1272V80.1602C48 81.2134 48.5125 82.3104 51.4012 84.0657C54.29 85.821 55.1286 85.9087 61.139 85.9965C67.1494 86.0843 70.5507 84.5045 71.9484 83.3636C73.0666 82.4508 73.3151 81.5498 73.2996 81.2134V74.8066H60.6265V72.788C66.4971 72.8026 76.5331 72.8231 77.9122 72.788C79.6362 72.7441 81.593 72.788 83.5499 71.4715C85.1154 70.4184 86.128 68.1365 86.4386 67.1272C86.9511 64.5528 87.5755 58.342 85.9727 54.0943C84.3699 49.8465 81.7017 48.9308 80.568 49.0039Z" stroke="#FED142"/>
+<circle cx="66" cy="80" r="2" fill="white"/>
+<path d="M73.4193 37.486C73.1744 38.058 71.6841 39.1862 70.9697 39.6788C70.9259 39.6788 70.9171 39.6025 71.2321 39.2974C71.6258 38.9161 71.8445 37.2953 71.8445 36.628C71.8445 35.9606 71.4946 34.9596 70.8384 33.9585C70.1822 32.9575 68.9136 33.0528 68.1262 33.3389C67.3388 33.6249 67.0764 34.2922 67.2951 34.2446C67.5138 34.1969 68.2575 34.1016 69.0449 34.3876C69.6748 34.6164 70.2114 35.4045 70.4009 35.7699C70.2551 35.7699 69.8498 35.8081 69.3948 35.9606C68.8262 36.1513 69.1323 36.4373 68.3887 36.8663C67.7938 37.2095 67.0034 37.2318 66.6827 37.2C66.9743 37.486 67.6713 38.1915 68.1262 38.7254C68.6949 39.3927 69.6135 40.4891 70.1385 41.3948C70.6634 42.3005 71.4071 44.0642 72.3257 47.1627C73.2444 50.2611 72.1507 54.1699 71.4071 56.029C70.6634 57.8881 69.3948 59.6995 68.9574 59.6995C68.6075 59.6995 68.4616 60.1762 68.4325 60.4145L68.0387 61.3202L67.2076 61.0819C67.2076 60.6211 67.0239 59.8997 66.289 60.7005C66.079 61.12 65.9973 61.5744 65.9827 61.7492C65.8224 62.0193 65.4491 62.6263 65.2391 62.8933C64.9767 63.2269 63.9268 62.1782 63.4019 61.7492C62.9819 61.406 62.8769 60.2397 62.8769 59.6995H54.7841C54.0113 60.3827 52.2732 61.835 51.5033 62.1782C50.541 62.6073 50.3222 62.6549 48.7912 63.1793C47.2601 63.7036 47.5226 63.3223 47.1289 63.942C46.8139 64.4377 46.5893 65.6421 46.5164 66.1824L46.2102 74C44.2126 73.9841 39.9373 73.7331 38.8174 72.856C37.4176 71.7596 36.1927 68.2321 35.5366 65.3244C34.8804 62.4166 34.5304 57.9358 36.2802 53.1212C37.6801 49.2696 40.6547 47.9572 41.967 47.7824H51.6346C51.9553 47.687 52.7807 47.4296 53.5156 47.1627C54.4342 46.829 55.3091 46.972 56.7089 46.972C57.8288 46.972 59.4211 47.4487 60.0772 47.687C59.144 47.7029 56.8314 47.7919 55.0466 48.0207C52.8157 48.3067 52.0283 48.6881 51.5033 48.9264C50.9784 49.1648 49.8848 50.1658 48.7912 51.0715C47.6975 51.9772 48.1788 51.7865 46.9539 52.0725C45.974 52.3013 45.4987 51.6435 45.0175 51.7389C45.4112 51.9295 46.4465 52.2918 45.8165 52.4062C45.0291 52.5492 45.105 52.4062 44.755 51.8342C44.3943 51.2446 44.1426 50.9285 44.4488 51.7865C44.755 52.6446 44.6238 52.5016 45.28 52.9306C45.9361 53.3596 46.2102 52.9306 46.8227 52.8352C47.4351 52.7399 47.0414 52.6446 47.5226 52.6446C48.0038 52.6446 48.1788 52.9306 48.9224 53.8363C49.6661 54.742 49.3599 55.171 48.1788 58.3171C47.2339 60.834 46.0644 61.6539 45.5978 61.7492C46.3561 61.6539 48.17 61.4346 49.3599 61.3202C50.8472 61.1772 51.8533 60.4145 53.0781 59.6995C54.058 59.1275 54.7988 58.0946 55.0466 57.6497C54.8425 57.4432 54.338 56.7822 53.953 55.7907C53.4718 54.5513 53.4281 49.7368 53.6906 52.4062C53.953 55.0756 56.4902 56.315 58.4587 57.0301C60.4272 57.7451 59.7711 57.3161 60.7772 57.6497C61.7833 57.9834 61.5208 57.6497 61.4771 57.3161C61.4333 56.9824 60.8647 55.8383 60.7772 55.0756C60.6897 54.313 60.6022 53.7886 60.6022 52.6446C60.6022 51.5005 62.4395 49.8321 61.9145 50.7378C61.3896 51.6435 61.6958 51.8342 62.0895 54.5036C62.4832 57.1731 63.0956 57.2684 63.4019 58.3171C63.7081 59.3658 63.883 60.1285 64.1893 61.0819C64.4955 62.0352 64.7142 61.6062 65.2391 61.0819C65.7641 60.5575 65.3266 60.0332 65.5016 58.9845C65.6766 57.9358 66.464 56.2197 67.2076 55.171C67.9513 54.1223 68.4325 53.5979 68.6512 52.7876C68.8699 51.9772 68.8262 51.5005 68.9574 53.3119C69.0886 55.1233 67.9513 57.1254 68.4325 56.7917C68.9137 56.458 69.4386 55.5523 70.3572 53.5979C71.2759 51.6435 71.1884 49.0694 71.1884 48.4497C71.1884 47.8301 71.1446 47.4487 71.1009 46.5907C71.0571 45.7326 70.4447 44.3503 70.051 43.4446C69.6573 42.5389 68.4325 40.3938 67.9513 39.8694C67.4701 39.3451 66.5077 37.772 66.3327 37.3907C66.1869 37.0728 65.9802 36.5892 65.9155 36.4648C65.9024 36.4521 65.8953 36.4426 65.8953 36.4373C65.8953 36.4294 65.9026 36.4399 65.9155 36.4648C66.0196 36.5654 66.5031 36.8663 66.8139 36.8663C67.1639 36.8663 67.2514 36.8187 67.5576 36.7233C67.8638 36.628 68.3887 36.485 68.6512 35.9606C68.8612 35.5411 69.2345 35.4998 69.3948 35.5316C69.3803 35.5316 69.3249 35.4839 69.2199 35.2933C69.0886 35.0549 68.6512 34.9596 67.82 34.9596C66.9889 34.9596 66.5515 35.1503 66.1578 35.1979C65.7641 35.2456 65.5891 34.9119 65.4141 34.5306C65.2391 34.1492 65.4578 34.0539 65.4141 33.7202C65.3704 33.3865 65.5891 32.9098 65.5891 32.4808V31.0508C65.5891 30.705 65.8449 30.2353 65.9212 30.0911C65.9236 30.074 65.929 30.0606 65.939 30.0497C65.9475 30.0405 65.9395 30.0564 65.9212 30.0911C65.913 30.1485 65.939 30.2473 65.939 30.4311C65.939 30.6694 66.114 30.7171 66.3327 31.0508L66.5515 31.3845C66.5806 31.3686 66.6389 31.3273 66.6389 31.2891C66.6389 31.2415 66.6827 31.1461 66.6827 30.9078C66.6827 30.6694 66.7264 30.7648 66.8139 30.3358C66.9014 29.9067 67.3826 29.4301 67.2951 29.7161C67.2076 30.0021 67.4263 30.0021 67.5576 30.2881C67.6626 30.5169 67.7763 30.6694 67.82 30.7171H68.0388V30.6218C68.0534 30.5423 68.1 30.3262 68.17 30.0974C68.24 29.8686 68.4908 29.6843 68.6074 29.6207L69.0886 30.3358C69.1032 30.447 69.1674 30.6504 69.3074 30.5741C69.4823 30.4788 69.4823 30.2881 69.6573 29.9544C69.7973 29.6875 70.0073 29.6843 70.0948 29.7161V31.0508L70.2697 30.9554C70.2843 30.9396 70.3485 30.8506 70.4885 30.6218C70.6284 30.393 70.8967 30.3358 71.0134 30.3358V31.6705C71.1155 31.7817 71.3983 32.1185 71.7133 32.5762C72.107 33.1482 72.1508 33.5772 72.3695 34.6736C72.5445 35.5507 72.4132 36.7233 72.3257 37.2L72.457 36.7233C72.5445 36.3737 72.7369 35.4744 72.8069 34.6736C72.8944 33.6725 72.8944 32.4332 72.3257 31.2891C71.7571 30.1451 71.0571 29.6684 69.9635 29.144C68.873 28.6212 68.1305 28.7619 67.1286 28.9518L67.1201 28.9534C66.114 29.144 65.6328 29.7637 64.8892 30.5741C64.2942 31.2224 64.3205 32.1154 64.408 32.4808C64.2913 32.5603 63.9093 32.8145 63.3144 33.1959C62.5707 33.6725 62.0895 34.1492 61.5646 34.6736C61.0396 35.1979 60.2085 36.199 59.7711 36.8187C59.4211 37.3144 59.0128 38.2964 58.8524 38.7254C58.8233 38.8207 58.7474 39.0591 58.6774 39.2497C58.59 39.4881 58.59 39.4881 58.4587 39.7741C58.3275 40.0601 58.4587 40.0124 58.8524 39.4881C59.2461 38.9637 59.3774 38.7254 59.2461 39.0114C59.1149 39.2974 59.4211 39.4881 59.4648 39.6788C59.5086 39.8694 59.6836 39.9648 59.4648 40.0601C59.2461 40.1554 59.1149 40.0601 58.8087 40.2984C58.5637 40.4891 58.6483 40.5368 58.7212 40.5368L59.5086 41.2518H60.4272C60.9522 41.2518 60.6897 41.2041 60.5147 40.7275C60.2522 40.4415 60.3397 39.9171 60.3397 40.1078C60.3397 40.2984 60.5585 40.4415 60.7772 40.6321C60.9959 40.8228 61.3021 40.7751 62.0895 40.7275C62.8769 40.6798 62.7019 40.4891 63.883 39.6788C64.8279 39.0305 65.3849 37.6608 65.5453 37.057C65.5162 37.2 65.4753 37.7339 65.5453 38.7254C65.6328 39.9648 64.7142 39.6788 64.7142 40.4891C64.7142 41.2995 64.7579 43.9689 64.1893 44.7316C63.6206 45.4943 62.4395 45.971 62.7019 45.5896C62.9644 45.2083 63.4019 44.4456 63.4019 43.2062C63.4019 42.2147 62.9352 41.7444 62.7019 41.6332C62.4103 41.5378 61.6958 41.4044 61.1709 41.6332C60.6459 41.862 60.1064 42.0145 59.9023 42.0622C59.7127 42.094 59.2111 41.9954 58.7212 41.3471C58.2313 40.6989 57.613 40.505 57.3651 40.4891C57.788 39.3769 58.8874 36.7901 59.9023 35.3409C60.9172 33.8918 62.6582 32.5126 63.4019 32.0041C63.4164 31.7499 63.5331 31.108 63.883 30.5741C64.3205 29.9067 65.3266 28 68.0825 28C70.8384 28 72.282 29.6684 73.4193 31.5751C74.5567 33.4819 73.7256 36.771 73.4193 37.486Z" fill="#fff"/>
+<path d="M62.2903 37C62.1613 37.2667 62.043 37.7778 62 38C62.0202 37.9074 62.1324 37.6333 62.4194 37.2778C62.778 36.8333 63.1613 36.8889 63.5806 36.6111C63.9161 36.3889 64 36.1111 64 36H62.9355C62.7742 36.2222 62.4194 36.7333 62.2903 37Z" fill="#ffffff"/>
+<path d="M75.2388 49H81.0293C82.3727 49.1613 85.319 50.7328 86.3566 55.729C87.6537 61.9742 86.6346 66.768 86.3566 67.5597C86.0787 68.3513 85.1985 70.1105 83.8551 71.2101C82.5117 72.3096 81.261 72.6614 80.0102 72.7494C79.0096 72.8197 66.7151 72.896 60.6929 72.9253V74.7725H73.2005V75.784L71.9034 75.6081H71.0233L70.6063 75.916H70.0968H69.5409C69.4328 75.9599 69.2351 76.0831 69.3092 76.2238C69.3834 76.3645 69.4945 76.9275 69.5409 77.1914L68.7534 76.2238C68.6298 76.1212 68.355 75.916 68.2438 75.916C68.1048 75.916 67.5952 75.6081 67.5489 75.6081C67.5026 75.6081 67.4099 76.3118 67.0394 76.3558C66.6688 76.3997 66.0202 76.3558 65.6033 76.5757C65.1864 76.7956 65.0474 76.7956 64.4452 77.1914C63.843 77.5872 63.6577 77.4113 63.2407 78.1589C62.8238 78.9066 62.6849 79.3464 62.7775 79.4784C62.8702 79.6103 62.1753 79.0825 62.2679 78.6867C62.3606 78.2909 61.8973 78.5108 62.2679 77.983C62.6385 77.4553 62.8238 77.8071 63.1481 77.1474C62.7775 76.0479 62.8238 75.9599 62.5459 76.2238C62.2679 76.4877 62.6385 77.1474 61.8047 77.1474C60.9709 77.1474 60.6003 77.0155 60.5076 76.7956C60.415 76.5757 61.6194 76.3118 61.6194 76.0479C61.6194 75.784 62.9628 75.6521 61.6194 75.4322C60.276 75.2123 60.137 75.3882 60.0907 75.0803C60.0443 74.7725 59.9517 74.8604 60.0907 74.5965C60.2296 74.3327 60.4612 74.1128 60.3686 73.8929L60.3685 73.8925C60.2759 73.673 60.2759 73.6728 60.0907 73.4531C59.9424 73.2771 59.7201 72.7054 59.6274 72.4415C59.8745 72.2216 60.3686 71.7466 60.3686 71.6059C60.3686 71.43 61.2488 71.298 60.3686 70.5943C59.4884 69.8906 59.6737 70.9462 59.0252 69.4508C58.3766 67.9555 58.6546 66.856 59.0252 66.5921C59.3958 66.3282 59.6274 66.2843 59.6274 65.5366C59.6274 65.1681 59.5688 64.9254 59.5058 64.7796C59.4674 64.7188 59.4304 64.663 59.3958 64.613C59.4254 64.6355 59.4665 64.6887 59.5058 64.7796C59.8953 65.3968 60.428 66.5233 60.0907 67.1639C60.3686 69.011 60.4149 69.187 61.1098 69.143C61.8047 69.099 62.3142 68.5712 62.5459 69.011C62.7775 69.4508 63.8892 67.9555 63.565 69.5828C63.2315 71.2013 63.8584 71.8111 64.2135 71.9137C64.5532 71.8991 65.4643 71.8434 66.3908 71.7378C67.5489 71.6059 69.6799 71.7818 68.2438 70.8142C66.8077 69.8467 66.993 70.6823 66.3908 69.5828C65.7886 68.4833 64.8158 67.7356 65.6033 67.5597C66.3908 67.3838 67.2709 68.2634 67.6415 67.4277C67.938 66.7593 68.1666 66.4455 68.2438 66.3722C68.46 66.2549 68.8274 66.2491 68.568 67.1639C68.2438 68.3074 68.2438 68.4393 68.2438 68.6152C68.2438 68.7911 67.1783 69.3189 68.2438 69.4508C69.3092 69.5828 70.2358 70.2425 70.0968 70.5943C69.9856 70.8758 69.8342 71.1221 69.7725 71.2101C70.0813 71.2834 70.7639 71.43 71.0233 71.43H73.5711C73.8799 71.7085 74.5346 72.16 74.6829 71.7378C74.8682 71.2101 77.0454 70.7703 74.8682 70.1105C73.5711 69.011 74.4976 68.6152 74.6829 68.6152C74.8682 68.6152 74.4512 68.0875 75.1924 68.3513C75.9336 68.6152 76.3505 68.0875 76.5358 68.6152C76.7211 69.143 76.1652 69.055 76.9991 69.5828C77.8329 70.1105 78.2498 70.1545 78.2035 70.3744C78.1572 70.5943 77.3697 70.4184 78.2035 70.8142C79.0374 71.2101 79.0374 70.8142 79.269 70.8142C79.5006 70.8142 79.5932 71.6059 80.4734 71.2101C81.3536 70.8142 81.5852 70.6383 81.7242 70.3744C81.8631 70.1105 83.8551 66.5042 83.8551 66.3722C83.8551 66.2403 83.7161 65.5366 83.0676 65.5366C82.419 65.5366 81.7242 65.1408 81.7242 65.7565C81.7242 66.3722 80.0102 67.1199 80.6587 66.1083C81.1775 65.2991 81.5852 64.9502 81.7242 64.8769C81.7396 64.5837 81.7983 63.9357 81.9095 63.6894C82.0484 63.3816 82.9286 63.2496 83.2529 63.4695C83.5771 63.6894 83.2529 64.0852 83.8551 64.1732C84.4573 64.2612 84.6426 63.9533 84.6426 63.4695V62.5899C84.6426 62.37 82.558 58.3678 80.6587 59.0715C78.7594 59.7752 78.2035 60.6108 77.7403 59.5993C76.5173 58.6141 75.7483 59.1888 75.5167 59.5993C75.5167 59.6726 75.4055 59.8895 74.9608 60.171C74.4049 60.5228 75.424 63.8214 75.9799 63.4695C76.5358 63.1177 78.3888 62.8978 76.8601 63.6454C75.3314 64.3931 75.3777 63.6894 74.2659 64.3931C72.274 65.5366 70.3747 65.8005 71.6718 64.3931C72.9689 62.9857 73.2005 63.1177 73.2931 62.9857C73.3858 62.8538 74.8218 62.1501 73.5711 62.1941C72.3203 62.2381 72.6909 61.9742 71.8571 62.1941C71.19 62.37 70.0041 62.6486 69.4945 62.7658L67.8268 64.613L66.3908 64.8769L65.8812 64.0413C65.7731 64.0119 65.5199 63.8565 65.3716 63.4695C65.1863 62.9857 65.2327 62.9418 64.8621 62.7658C64.4915 62.5899 61.851 62.37 61.1098 62.458C60.3686 62.5459 60.7855 62.2821 59.7664 62.6339C58.7473 62.9857 55.1803 62.502 54.6707 62.6339C54.1611 62.7658 53.0494 62.37 52.8641 63.2056C52.6788 64.0413 52.4935 62.9418 53.281 64.8769C52.8641 68.0435 53.6979 68.8351 52.3545 67.9995C51.0111 67.1639 51.289 66.5921 50.6868 66.768C50.0846 66.944 49.9456 66.856 49.9456 67.4277C49.9456 67.9995 50.1309 68.0435 50.0383 68.5273C49.9456 69.011 50.7331 69.011 50.0383 69.4508C49.5194 70.2249 49.3279 70.9462 49.2971 71.2101C49.189 71.2687 48.9821 71.4915 49.0191 71.9137C49.0654 72.4415 48.9728 72.4415 49.0191 73.1012C49.0654 73.7609 48.8338 77.1914 49.2971 78.3349C49.7603 79.4784 51.2427 77.8951 52.1692 78.6867C53.0957 79.4784 53.3273 79.6103 53.0957 79.8742C52.8641 80.1381 52.6788 80.4899 52.1692 80.314C51.3354 80.5339 50.9184 80.5779 51.3817 81.1496C51.8449 81.7214 52.2155 81.6774 52.3545 81.7214C52.4935 81.7653 53.281 81.0177 52.8177 81.7214C52.3545 82.425 52.5861 82.425 51.9839 82.425C51.5207 82.9528 51.706 82.9968 51.8449 83.1287C51.9561 83.2343 52.3236 84.0523 52.4935 84.4481C52.627 84.6699 53.0394 85.0835 53.7861 85.3894C54.0612 85.4856 54.3331 85.5681 54.5985 85.6384C54.6671 85.6532 54.7375 85.667 54.8097 85.6796C56.218 85.9259 57.2495 85.9874 57.5892 85.9874C56.9536 86.0316 55.8474 85.9694 54.5985 85.6384C54.2929 85.5726 54.0227 85.4864 53.7861 85.3894C52.7764 85.0365 51.7223 84.4992 50.7795 83.7005C47.7684 81.1496 48.0463 81.0616 48.0463 79.8742C48.0463 78.9242 48.0154 74.6112 48 72.5734L48.0926 66.9C48.1235 66.2256 48.4632 64.6658 49.575 63.8214C50.9648 62.7658 51.289 62.414 54.6707 62.1941C57.3761 62.0182 62.0672 61.9742 64.0746 61.9742H64.3062C64.4606 62.0768 64.8528 62.3524 65.1864 62.6339C65.6033 62.9857 66.3445 63.6015 66.5761 63.4695C66.8077 63.3376 67.132 62.8978 67.271 62.6339C67.3821 62.4228 67.5643 62.1061 67.6415 61.9742H69.4945C70.1894 61.9156 71.8941 61.4552 73.1542 60.083C74.7292 58.3678 74.9608 57.0044 75.0998 56.3887C75.211 55.8961 75.2388 54.4829 75.2388 53.8378L75.2388 49Z" fill="#fff"/>
+<path d="M75.2388 49H81.0293C82.3727 49.1613 85.319 50.7328 86.3566 55.729C87.6537 61.9742 86.6346 66.768 86.3566 67.5597C86.0787 68.3513 85.1985 70.1105 83.8551 71.2101C82.5117 72.3096 81.261 72.6614 80.0102 72.7494C79.0096 72.8197 66.7151 72.896 60.6929 72.9253V74.7725H73.2005V75.784L71.9034 75.6081H71.0233L70.6063 75.916H70.0968H69.5409C69.4328 75.9599 69.2351 76.0831 69.3092 76.2238C69.3834 76.3645 69.4945 76.9275 69.5409 77.1914L68.7534 76.2238C68.6298 76.1212 68.355 75.916 68.2438 75.916C68.1048 75.916 67.5952 75.6081 67.5489 75.6081C67.5026 75.6081 67.4099 76.3118 67.0394 76.3558C66.6688 76.3997 66.0202 76.3558 65.6033 76.5757C65.1864 76.7956 65.0474 76.7956 64.4452 77.1914C63.843 77.5872 63.6577 77.4113 63.2407 78.1589C62.8238 78.9066 62.6849 79.3464 62.7775 79.4784C62.8702 79.6103 62.1753 79.0825 62.2679 78.6867C62.3606 78.2909 61.8973 78.5108 62.2679 77.983C62.6385 77.4553 62.8238 77.8071 63.1481 77.1474C62.7775 76.0479 62.8238 75.9599 62.5459 76.2238C62.2679 76.4877 62.6385 77.1474 61.8047 77.1474C60.9709 77.1474 60.6003 77.0155 60.5076 76.7956C60.415 76.5757 61.6194 76.3118 61.6194 76.0479C61.6194 75.784 62.9628 75.6521 61.6194 75.4322C60.276 75.2123 60.137 75.3882 60.0907 75.0803C60.0443 74.7725 59.9517 74.8604 60.0907 74.5965C60.2296 74.3327 60.4612 74.1128 60.3686 73.8929C60.2759 73.673 60.276 73.673 60.0907 73.4531C59.9424 73.2771 59.7201 72.7054 59.6274 72.4415C59.8745 72.2216 60.3686 71.7466 60.3686 71.6059C60.3686 71.43 61.2488 71.298 60.3686 70.5943C59.4884 69.8906 59.6737 70.9462 59.0252 69.4508C58.3766 67.9555 58.6546 66.856 59.0252 66.5921C59.3958 66.3282 59.6274 66.2843 59.6274 65.5366C59.6274 64.9385 59.473 64.6717 59.3958 64.613C59.7818 65.1701 60.4613 66.4602 60.0907 67.1639C60.3686 69.011 60.4149 69.187 61.1098 69.143C61.8047 69.099 62.3142 68.5712 62.5459 69.011C62.7775 69.4508 63.8892 67.9555 63.565 69.5828C63.2315 71.2013 63.8584 71.8111 64.2135 71.9137C64.5532 71.8991 65.4643 71.8434 66.3908 71.7378C67.5489 71.6059 69.6799 71.7818 68.2438 70.8142C66.8077 69.8467 66.993 70.6823 66.3908 69.5828C65.7886 68.4833 64.8158 67.7356 65.6033 67.5597C66.3908 67.3838 67.2709 68.2634 67.6415 67.4278C67.938 66.7592 68.1666 66.4455 68.2438 66.3722C68.46 66.2549 68.8274 66.2491 68.568 67.1639C68.2438 68.3074 68.2438 68.4393 68.2438 68.6152C68.2438 68.7911 67.1783 69.3189 68.2438 69.4508C69.3092 69.5828 70.2358 70.2425 70.0968 70.5943C69.9856 70.8758 69.8342 71.1221 69.7725 71.2101C70.0813 71.2834 70.7639 71.43 71.0233 71.43C71.2826 71.43 72.8299 71.43 73.5711 71.43C73.8799 71.7085 74.5346 72.16 74.6829 71.7378C74.8682 71.2101 77.0454 70.7703 74.8682 70.1105C73.5711 69.011 74.4976 68.6152 74.6829 68.6152C74.8682 68.6152 74.4512 68.0875 75.1924 68.3513C75.9336 68.6152 76.3505 68.0875 76.5358 68.6152C76.7211 69.143 76.1652 69.055 76.9991 69.5828C77.8329 70.1105 78.2498 70.1545 78.2035 70.3744C78.1572 70.5943 77.3697 70.4184 78.2035 70.8142C79.0374 71.2101 79.0374 70.8142 79.269 70.8142C79.5006 70.8142 79.5932 71.6059 80.4734 71.2101C81.3536 70.8142 81.5852 70.6383 81.7242 70.3744C81.8631 70.1105 83.8551 66.5042 83.8551 66.3722C83.8551 66.2403 83.7161 65.5366 83.0676 65.5366C82.419 65.5366 81.7242 65.1408 81.7242 65.7565C81.7242 66.3722 80.0102 67.1199 80.6587 66.1083C81.1775 65.2991 81.5852 64.9502 81.7242 64.8769C81.7396 64.5837 81.7983 63.9357 81.9095 63.6894C82.0484 63.3816 82.9286 63.2496 83.2529 63.4695C83.5771 63.6894 83.2529 64.0852 83.8551 64.1732C84.4573 64.2612 84.6426 63.9533 84.6426 63.4695C84.6426 62.9857 84.6426 62.8098 84.6426 62.5899C84.6426 62.37 82.558 58.3678 80.6587 59.0715C78.7594 59.7752 78.2035 60.6108 77.7403 59.5993C76.5173 58.6141 75.7483 59.1888 75.5167 59.5993C75.5167 59.6726 75.4055 59.8895 74.9608 60.171C74.4049 60.5228 75.424 63.8214 75.9799 63.4695C76.5358 63.1177 78.3888 62.8978 76.8601 63.6454C75.3314 64.3931 75.3777 63.6894 74.2659 64.3931C72.274 65.5366 70.3747 65.8005 71.6718 64.3931C72.9689 62.9857 73.2005 63.1177 73.2931 62.9857C73.3858 62.8538 74.8218 62.1501 73.5711 62.1941C72.3203 62.2381 72.6909 61.9742 71.8571 62.1941C71.19 62.37 70.0041 62.6486 69.4945 62.7658L67.8268 64.613L66.3908 64.8769L65.8812 64.0413C65.7731 64.0119 65.5199 63.8565 65.3716 63.4695C65.1864 62.9857 65.2327 62.9418 64.8621 62.7658C64.4915 62.5899 61.851 62.37 61.1098 62.458C60.3686 62.5459 60.7855 62.2821 59.7664 62.6339C58.7473 62.9857 55.1803 62.502 54.6707 62.6339C54.1611 62.7658 53.0494 62.37 52.8641 63.2056C52.6788 64.0413 52.4935 62.9418 53.281 64.8769C52.8641 68.0435 53.6979 68.8351 52.3545 67.9995C51.0111 67.1639 51.289 66.5921 50.6868 66.768C50.0846 66.944 49.9456 66.856 49.9456 67.4278C49.9456 67.9995 50.1309 68.0435 50.0383 68.5273C49.9456 69.011 50.7331 69.011 50.0383 69.4508C49.5194 70.2249 49.3279 70.9462 49.2971 71.2101C49.189 71.2687 48.9821 71.4915 49.0191 71.9137C49.0654 72.4415 48.9728 72.4415 49.0191 73.1012C49.0654 73.7609 48.8338 77.1914 49.2971 78.3349C49.7603 79.4784 51.2427 77.8951 52.1692 78.6867C53.0957 79.4784 53.3273 79.6103 53.0957 79.8742C52.8641 80.1381 52.6788 80.4899 52.1692 80.314C51.3354 80.5339 50.9184 80.5779 51.3817 81.1496C51.8449 81.7214 52.2155 81.6774 52.3545 81.7214C52.4935 81.7653 53.281 81.0177 52.8177 81.7214C52.3545 82.425 52.5861 82.425 51.9839 82.425C51.5207 82.9528 51.706 82.9968 51.8449 83.1287C51.9561 83.2343 52.3236 84.0523 52.4935 84.4481C52.6788 84.756 53.4014 85.4333 54.8097 85.6796C56.218 85.9259 57.2495 85.9874 57.5892 85.9874C56.323 86.0754 53.1883 85.7412 50.7795 83.7005C47.7684 81.1496 48.0463 81.0616 48.0463 79.8742C48.0463 78.9242 48.0154 74.6112 48 72.5734L48.0926 66.9C48.1235 66.2256 48.4632 64.6658 49.575 63.8214C50.9648 62.7658 51.289 62.414 54.6707 62.1941C57.3761 62.0182 62.0672 61.9742 64.0746 61.9742H64.3062C64.4606 62.0768 64.8528 62.3524 65.1864 62.6339C65.6033 62.9857 66.3445 63.6015 66.5761 63.4695C66.8077 63.3376 67.132 62.8978 67.271 62.6339C67.3821 62.4228 67.5643 62.1061 67.6415 61.9742H69.4945C70.1894 61.9156 71.8941 61.4552 73.1542 60.083C74.7292 58.3678 74.9608 57.0044 75.0998 56.3887C75.211 55.8961 75.2388 54.4829 75.2388 53.8378L75.2388 49Z" stroke="#ffffff"/>
+<path d="M65 79.9592L65.8667 78L67 79.9592L66.1333 82L65 79.9592Z" fill="#ffffff"/>
+<circle cx="61.0005" cy="61.4819" r="42.4868" transform="rotate(37.6917 61.0005 61.4819)" stroke="#ffffff" stroke-width="2"/>
+<mask id="path-9-inside-1_23_220" fill="white">
+<path d="M95.4122 88.0703C91.9206 92.5893 87.573 96.3763 82.6178 99.2151C77.6626 102.054 72.1968 103.889 66.5324 104.615L65.1276 93.6614C69.3534 93.1194 73.4312 91.7504 77.128 89.6325C80.8248 87.5146 84.0682 84.6893 86.6731 81.318L95.4122 88.0703Z"/>
+</mask>
+<path d="M95.4122 88.0703C91.9206 92.5893 87.573 96.3763 82.6178 99.2151C77.6626 102.054 72.1968 103.889 66.5324 104.615L65.1276 93.6614C69.3534 93.1194 73.4312 91.7504 77.128 89.6325C80.8248 87.5146 84.0682 84.6893 86.6731 81.318L95.4122 88.0703Z" stroke="#ffffff" stroke-width="4" mask="url(#path-9-inside-1_23_220)"/>
+<mask id="path-10-inside-2_23_220" fill="white">
+<path d="M34.4122 95.8936C25.2857 88.8419 19.3342 78.4536 17.867 67.0139L28.8211 65.609C29.9157 74.1435 34.3557 81.8936 41.1645 87.1545L34.4122 95.8936Z"/>
+</mask>
+<path d="M34.4122 95.8936C25.2857 88.8419 19.3342 78.4536 17.867 67.0139L28.8211 65.609C29.9157 74.1435 34.3557 81.8936 41.1645 87.1545L34.4122 95.8936Z" stroke="#ffffff" stroke-width="4" mask="url(#path-10-inside-2_23_220)"/>
+<mask id="path-11-inside-3_23_220" fill="white">
+<path d="M26.5889 34.8936C33.6406 25.7671 44.0289 19.8156 55.4686 18.3484L56.8735 29.3025C48.339 30.397 40.5888 34.8371 35.328 41.6459L26.5889 34.8936Z"/>
+</mask>
+<path d="M26.5889 34.8936C33.6406 25.7671 44.0289 19.8156 55.4686 18.3484L56.8735 29.3025C48.339 30.397 40.5888 34.8371 35.328 41.6459L26.5889 34.8936Z" stroke="#ffffff" stroke-width="4" mask="url(#path-11-inside-3_23_220)"/>
+<mask id="path-12-inside-4_23_220" fill="white">
+<path d="M87.5889 27.0703C96.7154 34.1219 102.667 44.5103 104.134 55.95L93.18 57.3549C92.0854 48.8203 87.6454 41.0702 80.8366 35.8094L87.5889 27.0703Z"/>
+</mask>
+<path d="M87.5889 27.0703C96.7154 34.1219 102.667 44.5103 104.134 55.95L93.18 57.3549C92.0854 48.8203 87.6454 41.0702 80.8366 35.8094L87.5889 27.0703Z" stroke="#ffffff" stroke-width="4" mask="url(#path-12-inside-4_23_220)"/>
+</svg>
diff --git a/introduction/static/Lab/icons/pygoat-small.png b/introduction/static/Lab/icons/pygoat-small.png
new file mode 100644
index 0000000..a26ce35
Binary files /dev/null and b/introduction/static/Lab/icons/pygoat-small.png differ
diff --git a/introduction/static/Lab/icons/pygoat-small.svg b/introduction/static/Lab/icons/pygoat-small.svg
new file mode 100644
index 0000000..f64e636
--- /dev/null
+++ b/introduction/static/Lab/icons/pygoat-small.svg
@@ -0,0 +1,26 @@
+<svg width="247" height="247" viewBox="0 0 247 247" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M162.136 97.0083H151.699V110.237C151.699 111.501 151.122 114.936 148.811 118.563C146.5 122.189 144.431 123.735 139.772 124.298H117.594C113.742 124.082 105.182 124.28 101.752 126.796C98.3232 129.312 97.1553 133.456 97 135.214V162.689C97 164.909 98.025 167.222 103.802 170.922C109.58 174.623 111.257 174.808 123.278 174.993C135.299 175.178 142.101 171.847 144.897 169.442C147.133 167.518 147.63 165.618 147.599 164.909V151.403H122.253V147.148C133.994 147.179 154.066 147.222 156.824 147.148C160.272 147.055 164.186 147.148 168.1 144.372C171.231 142.152 173.256 137.342 173.877 135.214C174.902 129.787 176.151 116.694 172.945 107.739C169.74 98.7845 164.403 96.8541 162.136 97.0083Z" stroke="#FED142"/>
+<circle cx="133.5" cy="162.5" r="4.5" fill="white"/>
+<path d="M151.764 76.5596C151.243 77.6788 148.071 79.886 146.551 80.8497C146.458 80.8497 146.439 80.7005 147.109 80.1036C147.947 79.3575 148.413 76.1865 148.413 74.8808C148.413 73.5751 147.668 71.6166 146.271 69.658C144.875 67.6995 142.175 67.886 140.499 68.4456C138.824 69.0052 138.265 70.3109 138.731 70.2176C139.196 70.1244 140.779 69.9378 142.454 70.4974C143.795 70.9451 144.937 72.487 145.34 73.2021C145.03 73.2021 144.167 73.2767 143.199 73.5751C141.989 73.9482 142.641 74.5078 141.058 75.3472C139.792 76.0187 138.11 76.0622 137.427 76C138.048 76.5596 139.531 77.9399 140.499 78.9845C141.71 80.2902 143.665 82.4352 144.782 84.2073C145.899 85.9793 147.482 89.4301 149.437 95.4922C151.392 101.554 149.064 109.202 147.482 112.839C145.899 116.477 143.199 120.021 142.268 120.021C141.524 120.021 141.213 120.953 141.151 121.42L140.313 123.192L138.544 122.725C138.544 121.824 138.153 120.412 136.589 121.979C136.142 122.8 135.969 123.689 135.938 124.031C135.596 124.56 134.802 125.747 134.355 126.269C133.796 126.922 131.562 124.87 130.445 124.031C129.551 123.36 129.328 121.078 129.328 120.021H112.105C110.46 121.358 106.761 124.199 105.122 124.87C103.074 125.71 102.609 125.803 99.3504 126.829C96.0921 127.855 96.6506 127.109 95.8127 128.321C95.1424 129.291 94.6645 131.648 94.5093 132.705L93.8576 148C89.6062 147.969 80.5075 147.478 78.1242 145.762C75.1451 143.617 72.5384 136.715 71.1419 131.026C69.7455 125.337 69.0007 116.57 72.7246 107.15C75.7037 99.6145 82.0343 97.0466 84.8272 96.7047H105.402C106.084 96.5181 107.841 96.0145 109.405 95.4922C111.36 94.8394 113.222 95.1192 116.201 95.1192C118.584 95.1192 121.973 96.0518 123.37 96.5181C121.383 96.5492 116.462 96.7233 112.663 97.171C107.915 97.7306 106.24 98.4767 105.122 98.943C104.005 99.4093 101.678 101.368 99.3504 103.14C97.023 104.912 98.0471 104.539 95.4403 105.098C93.3549 105.546 92.3434 104.259 91.3193 104.446C92.1572 104.819 94.3604 105.527 93.0198 105.751C91.3441 106.031 91.5055 105.751 90.7607 104.632C89.993 103.479 89.4573 102.86 90.109 104.539C90.7607 106.218 90.4814 105.938 91.8779 106.777C93.2743 107.617 93.8577 106.777 95.1611 106.591C96.4644 106.404 95.6266 106.218 96.6506 106.218C97.6747 106.218 98.0471 106.777 99.6297 108.549C101.212 110.321 100.561 111.161 98.0471 117.316C96.0362 122.24 93.5474 123.845 92.5543 124.031C94.168 123.845 98.0285 123.416 100.561 123.192C103.726 122.912 105.867 121.42 108.474 120.021C110.559 118.902 112.136 116.881 112.663 116.01C112.229 115.606 111.155 114.313 110.336 112.373C109.312 109.948 109.219 100.528 109.777 105.751C110.336 110.974 115.736 113.399 119.925 114.798C124.114 116.197 122.718 115.358 124.859 116.01C127 116.663 126.442 116.01 126.349 115.358C126.256 114.705 125.045 112.466 124.859 110.974C124.673 109.482 124.487 108.456 124.487 106.218C124.487 103.979 128.397 100.715 127.28 102.487C126.162 104.259 126.814 104.632 127.652 109.855C128.49 115.078 129.793 115.264 130.445 117.316C131.097 119.368 131.469 120.86 132.121 122.725C132.772 124.591 133.238 123.751 134.355 122.725C135.472 121.699 134.541 120.674 134.914 118.622C135.286 116.57 136.962 113.212 138.544 111.161C140.127 109.109 141.151 108.083 141.617 106.497C142.082 104.912 141.989 103.979 142.268 107.523C142.548 111.067 140.127 114.984 141.151 114.332C142.175 113.679 143.292 111.907 145.247 108.083C147.202 104.259 147.016 99.2228 147.016 98.0104C147.016 96.7979 146.923 96.0518 146.83 94.3731C146.737 92.6943 145.434 89.9896 144.596 88.2176C143.758 86.4456 141.151 82.2487 140.127 81.2228C139.103 80.1969 137.055 77.1192 136.682 76.3731C136.372 75.7511 135.932 74.8051 135.794 74.5615C135.767 74.5368 135.752 74.5182 135.752 74.5078C135.752 74.4923 135.767 74.5129 135.794 74.5615C136.016 74.7584 137.045 75.3472 137.707 75.3472C138.451 75.3472 138.638 75.2539 139.289 75.0674C139.941 74.8808 141.058 74.601 141.617 73.5751C142.064 72.7544 142.858 72.6736 143.199 72.7358C143.168 72.7358 143.05 72.6425 142.827 72.2694C142.548 71.8031 141.617 71.6166 139.848 71.6166C138.079 71.6166 137.148 71.9896 136.31 72.0829C135.472 72.1762 135.1 71.5233 134.727 70.7772C134.355 70.0311 134.821 69.8446 134.727 69.1917C134.634 68.5389 135.1 67.6062 135.1 66.7668V63.9689C135.1 63.2924 135.644 62.3734 135.807 62.0912C135.812 62.0579 135.823 62.0317 135.845 62.0104C135.863 61.9923 135.846 62.0233 135.807 62.0912C135.789 62.2036 135.845 62.3968 135.845 62.7565C135.845 63.2228 136.217 63.3161 136.682 63.9689L137.148 64.6218C137.21 64.5907 137.334 64.5098 137.334 64.4352C137.334 64.342 137.427 64.1554 137.427 63.6891C137.427 63.2228 137.52 63.4093 137.707 62.5699C137.893 61.7306 138.917 60.7979 138.731 61.3575C138.544 61.9171 139.01 61.9171 139.289 62.4767C139.513 62.9244 139.755 63.2228 139.848 63.3161H140.313V63.1295C140.344 62.9741 140.444 62.5513 140.593 62.1036C140.742 61.656 141.275 61.2953 141.524 61.171L142.548 62.5699C142.579 62.7876 142.715 63.1855 143.013 63.0363C143.385 62.8497 143.385 62.4767 143.758 61.8238C144.056 61.3016 144.503 61.2953 144.689 61.3575V63.9689L145.061 63.7824C145.092 63.7513 145.229 63.5772 145.527 63.1295C145.825 62.6819 146.396 62.5699 146.644 62.5699V65.1813C146.861 65.399 147.463 66.058 148.133 66.9534C148.971 68.0725 149.064 68.9119 149.53 71.057C149.902 72.7731 149.623 75.0674 149.437 76L149.716 75.0674C149.902 74.3834 150.312 72.6238 150.461 71.057C150.647 69.0984 150.647 66.6736 149.437 64.4352C148.227 62.1969 146.737 61.2642 144.41 60.2383C142.089 59.2153 140.508 59.4907 138.376 59.8621L138.358 59.8653C136.217 60.2383 135.193 61.4508 133.61 63.0363C132.344 64.3047 132.4 66.0518 132.586 66.7668C132.338 66.9223 131.525 67.4197 130.259 68.1658C128.676 69.0984 127.652 70.0311 126.535 71.057C125.418 72.0829 123.649 74.0415 122.718 75.2539C121.973 76.2238 121.104 78.1451 120.763 78.9845C120.701 79.171 120.539 79.6373 120.39 80.0104C120.204 80.4767 120.204 80.4767 119.925 81.0363C119.646 81.5959 119.925 81.5026 120.763 80.4767C121.601 79.4508 121.88 78.9845 121.601 79.544C121.321 80.1036 121.973 80.4767 122.066 80.8497C122.159 81.2228 122.532 81.4093 122.066 81.5959C121.601 81.7824 121.321 81.5959 120.67 82.0622C120.148 82.4352 120.328 82.5285 120.484 82.5285L122.159 83.9275H124.114C125.232 83.9275 124.673 83.8342 124.301 82.9016C123.742 82.342 123.928 81.3161 123.928 81.6891C123.928 82.0622 124.394 82.342 124.859 82.715C125.325 83.0881 125.976 82.9948 127.652 82.9016C129.328 82.8083 128.955 82.4352 131.469 80.8497C133.48 79.5813 134.665 76.9016 135.007 75.7202C134.945 76 134.858 77.0446 135.007 78.9845C135.193 81.4093 133.238 80.8497 133.238 82.4352C133.238 84.0207 133.331 89.2435 132.121 90.7358C130.91 92.228 128.397 93.1606 128.955 92.4145C129.514 91.6684 130.445 90.1762 130.445 87.7513C130.445 85.8114 129.452 84.8912 128.955 84.6736C128.335 84.487 126.814 84.2259 125.697 84.6736C124.58 85.1212 123.432 85.4197 122.997 85.513C122.594 85.5751 121.526 85.3824 120.484 84.114C119.441 82.8456 118.125 82.4663 117.598 82.4352C118.497 80.2591 120.837 75.1979 122.997 72.3627C125.157 69.5275 128.862 66.829 130.445 65.8342C130.476 65.3368 130.724 64.0808 131.469 63.0363C132.4 61.7306 134.541 58 140.406 58C146.272 58 149.344 61.2642 151.764 64.9948C154.185 68.7254 152.416 75.1606 151.764 76.5596Z" fill="black"/>
+<path d="M126.871 74.5C126.484 74.9 126.129 75.6667 126 76C126.061 75.8611 126.397 75.45 127.258 74.9167C128.334 74.25 129.484 74.3333 130.742 73.9167C131.748 73.5833 132 73.1667 132 73H128.806C128.323 73.3333 127.258 74.1 126.871 74.5Z" fill="black"/>
+<path d="M151.478 97H163.059C165.745 97.34 171.638 100.653 173.713 111.185C176.307 124.351 174.269 134.457 173.713 136.126C173.157 137.795 171.397 141.503 168.71 143.821C166.023 146.139 163.522 146.881 161.02 147.066C159.019 147.215 134.43 147.375 122.386 147.437V151.331H147.401V153.464L144.807 153.093H143.047L142.213 153.742H141.194H140.082C139.866 153.834 139.47 154.094 139.618 154.391C139.767 154.687 139.989 155.874 140.082 156.43L138.507 154.391C138.26 154.174 137.71 153.742 137.488 153.742C137.21 153.742 136.19 153.093 136.098 153.093C136.005 153.093 135.82 154.576 135.079 154.669C134.338 154.762 133.04 154.669 132.207 155.132C131.373 155.596 131.095 155.596 129.89 156.43C128.686 157.265 128.315 156.894 127.481 158.47C126.648 160.046 126.37 160.974 126.555 161.252C126.74 161.53 125.351 160.417 125.536 159.583C125.721 158.748 124.795 159.212 125.536 158.099C126.277 156.987 126.648 157.728 127.296 156.338C126.555 154.02 126.648 153.834 126.092 154.391C125.536 154.947 126.277 156.338 124.609 156.338C122.942 156.338 122.201 156.06 122.015 155.596C121.83 155.132 124.239 154.576 124.239 154.02C124.239 153.464 126.926 153.185 124.239 152.722C121.552 152.258 121.274 152.629 121.181 151.98C121.089 151.331 120.903 151.517 121.181 150.96C121.459 150.404 121.922 149.94 121.737 149.477L121.737 149.476C121.552 149.013 121.552 149.013 121.181 148.55C120.885 148.179 120.44 146.974 120.255 146.417C120.749 145.954 121.737 144.952 121.737 144.656C121.737 144.285 123.498 144.007 121.737 142.523C119.977 141.04 120.347 143.265 119.05 140.113C117.753 136.96 118.309 134.642 119.05 134.086C119.792 133.53 120.255 133.437 120.255 131.861C120.255 131.084 120.138 130.573 120.012 130.265C119.935 130.137 119.861 130.019 119.792 129.914C119.851 129.961 119.933 130.074 120.012 130.265C120.791 131.566 121.856 133.941 121.181 135.291C121.737 139.185 121.83 139.556 123.22 139.464C124.609 139.371 125.628 138.258 126.092 139.185C126.555 140.113 128.778 136.96 128.13 140.391C127.463 143.803 128.717 145.088 129.427 145.305C130.106 145.274 131.929 145.156 133.782 144.934C136.098 144.656 140.36 145.027 137.488 142.987C134.615 140.947 134.986 142.709 133.782 140.391C132.577 138.073 130.632 136.497 132.207 136.126C133.782 135.755 135.542 137.609 136.283 135.848C136.876 134.438 137.333 133.777 137.488 133.623C137.92 133.375 138.655 133.363 138.136 135.291C137.488 137.702 137.488 137.98 137.488 138.351C137.488 138.722 135.357 139.834 137.488 140.113C139.618 140.391 141.472 141.781 141.194 142.523C140.971 143.117 140.668 143.636 140.545 143.821C141.163 143.976 142.528 144.285 143.047 144.285H148.142C148.76 144.872 150.069 145.824 150.366 144.934C150.736 143.821 155.091 142.894 150.736 141.503C148.142 139.185 149.995 138.351 150.366 138.351C150.736 138.351 149.902 137.238 151.385 137.795C152.867 138.351 153.701 137.238 154.072 138.351C154.442 139.464 153.33 139.278 154.998 140.391C156.666 141.503 157.5 141.596 157.407 142.06C157.314 142.523 155.739 142.152 157.407 142.987C159.075 143.821 159.075 142.987 159.538 142.987C160.001 142.987 160.186 144.656 161.947 143.821C163.707 142.987 164.17 142.616 164.448 142.06C164.726 141.503 168.71 133.901 168.71 133.623C168.71 133.344 168.432 131.861 167.135 131.861C165.838 131.861 164.448 131.027 164.448 132.325C164.448 133.623 161.02 135.199 162.317 133.066C163.355 131.36 164.17 130.625 164.448 130.47C164.479 129.852 164.597 128.486 164.819 127.967C165.097 127.318 166.857 127.04 167.506 127.503C168.154 127.967 167.506 128.801 168.71 128.987C169.915 129.172 170.285 128.523 170.285 127.503V125.649C170.285 125.185 166.116 116.748 162.317 118.232C158.519 119.715 157.407 121.477 156.481 119.344C154.035 117.268 152.497 118.479 152.033 119.344C152.033 119.499 151.811 119.956 150.922 120.55C149.81 121.291 151.848 128.245 152.96 127.503C154.072 126.762 157.778 126.298 154.72 127.874C151.663 129.45 151.755 127.967 149.532 129.45C145.548 131.861 141.749 132.417 144.344 129.45C146.938 126.483 147.401 126.762 147.586 126.483C147.772 126.205 150.644 124.722 148.142 124.815C145.641 124.907 146.382 124.351 144.714 124.815C143.38 125.185 141.008 125.773 139.989 126.02L136.654 129.914L133.782 130.47L132.762 128.709C132.546 128.647 132.04 128.319 131.743 127.503C131.373 126.483 131.465 126.391 130.724 126.02C129.983 125.649 124.702 125.185 123.22 125.371C121.737 125.556 122.571 125 120.533 125.742C118.495 126.483 111.361 125.464 110.341 125.742C109.322 126.02 107.099 125.185 106.728 126.947C106.358 128.709 105.987 126.391 107.562 130.47C106.728 137.146 108.396 138.815 105.709 137.053C103.022 135.291 103.578 134.086 102.374 134.457C101.169 134.828 100.891 134.642 100.891 135.848C100.891 137.053 101.262 137.146 101.077 138.166C100.891 139.185 102.466 139.185 101.077 140.113C100.039 141.744 99.6559 143.265 99.5941 143.821C99.3779 143.945 98.9641 144.415 99.0382 145.305C99.1309 146.417 98.9456 146.417 99.0382 147.808C99.1309 149.199 98.6676 156.43 99.5941 158.841C100.521 161.252 103.485 157.914 105.338 159.583C107.191 161.252 107.655 161.53 107.191 162.086C106.728 162.642 106.358 163.384 105.338 163.013C103.671 163.477 102.837 163.57 103.763 164.775C104.69 165.98 105.431 165.887 105.709 165.98C105.987 166.073 107.562 164.497 106.635 165.98C105.709 167.464 106.172 167.464 104.968 167.464C104.041 168.576 104.412 168.669 104.69 168.947C104.912 169.17 105.647 170.894 105.987 171.728C106.254 172.196 107.079 173.068 108.572 173.713C109.122 173.916 109.666 174.089 110.197 174.238C110.334 174.269 110.475 174.298 110.619 174.325C113.436 174.844 115.499 174.974 116.178 174.974C114.907 175.067 112.695 174.935 110.197 174.238C109.586 174.099 109.045 173.917 108.572 173.713C106.553 172.969 104.445 171.836 102.559 170.152C96.5368 164.775 97.0927 164.589 97.0927 162.086C97.0927 160.083 97.0309 150.991 97 146.695L97.1853 134.735C97.2471 133.313 97.9265 130.025 100.15 128.245C102.93 126.02 103.578 125.278 110.341 124.815C115.752 124.444 125.134 124.351 129.149 124.351H129.612C129.921 124.567 130.706 125.148 131.373 125.742C132.207 126.483 133.689 127.781 134.152 127.503C134.615 127.225 135.264 126.298 135.542 125.742C135.764 125.297 136.129 124.629 136.283 124.351H139.989C141.379 124.227 144.788 123.257 147.308 120.364C150.458 116.748 150.922 113.874 151.2 112.576C151.422 111.538 151.478 108.559 151.478 107.199L151.478 97Z" fill="black"/>
+<path d="M151.478 97H163.059C165.745 97.34 171.638 100.653 173.713 111.185C176.307 124.351 174.269 134.457 173.713 136.126C173.157 137.795 171.397 141.503 168.71 143.821C166.023 146.139 163.522 146.881 161.02 147.066C159.019 147.215 134.43 147.375 122.386 147.437V151.331H147.401V153.464L144.807 153.093H143.047L142.213 153.742H141.194H140.082C139.866 153.834 139.47 154.094 139.618 154.391C139.767 154.687 139.989 155.874 140.082 156.43L138.507 154.391C138.26 154.174 137.71 153.742 137.488 153.742C137.21 153.742 136.19 153.093 136.098 153.093C136.005 153.093 135.82 154.576 135.079 154.669C134.338 154.762 133.04 154.669 132.207 155.132C131.373 155.596 131.095 155.596 129.89 156.43C128.686 157.265 128.315 156.894 127.481 158.47C126.648 160.046 126.37 160.974 126.555 161.252C126.74 161.53 125.351 160.417 125.536 159.583C125.721 158.748 124.795 159.212 125.536 158.099C126.277 156.987 126.648 157.728 127.296 156.338C126.555 154.02 126.648 153.834 126.092 154.391C125.536 154.947 126.277 156.338 124.609 156.338C122.942 156.338 122.201 156.06 122.015 155.596C121.83 155.132 124.239 154.576 124.239 154.02C124.239 153.464 126.926 153.185 124.239 152.722C121.552 152.258 121.274 152.629 121.181 151.98C121.089 151.331 120.903 151.517 121.181 150.96C121.459 150.404 121.922 149.94 121.737 149.477C121.552 149.013 121.552 149.013 121.181 148.55C120.885 148.179 120.44 146.974 120.255 146.417C120.749 145.954 121.737 144.952 121.737 144.656C121.737 144.285 123.498 144.007 121.737 142.523C119.977 141.04 120.347 143.265 119.05 140.113C117.753 136.96 118.309 134.642 119.05 134.086C119.792 133.53 120.255 133.437 120.255 131.861C120.255 130.6 119.946 130.038 119.792 129.914C120.564 131.088 121.923 133.808 121.181 135.291C121.737 139.185 121.83 139.556 123.22 139.464C124.609 139.371 125.628 138.258 126.092 139.185C126.555 140.113 128.778 136.96 128.13 140.391C127.463 143.803 128.717 145.088 129.427 145.305C130.106 145.274 131.929 145.156 133.782 144.934C136.098 144.656 140.36 145.027 137.488 142.987C134.615 140.947 134.986 142.709 133.782 140.391C132.577 138.073 130.632 136.497 132.207 136.126C133.782 135.755 135.542 137.609 136.283 135.848C136.876 134.438 137.333 133.777 137.488 133.623C137.92 133.375 138.655 133.363 138.136 135.291C137.488 137.702 137.488 137.98 137.488 138.351C137.488 138.722 135.357 139.834 137.488 140.113C139.618 140.391 141.472 141.781 141.194 142.523C140.971 143.117 140.668 143.636 140.545 143.821C141.163 143.976 142.528 144.285 143.047 144.285C143.565 144.285 146.66 144.285 148.142 144.285C148.76 144.872 150.069 145.824 150.366 144.934C150.736 143.821 155.091 142.894 150.736 141.503C148.142 139.185 149.995 138.351 150.366 138.351C150.736 138.351 149.902 137.238 151.385 137.795C152.867 138.351 153.701 137.238 154.072 138.351C154.442 139.464 153.33 139.278 154.998 140.391C156.666 141.503 157.5 141.596 157.407 142.06C157.314 142.523 155.739 142.152 157.407 142.987C159.075 143.821 159.075 142.987 159.538 142.987C160.001 142.987 160.186 144.656 161.947 143.821C163.707 142.987 164.17 142.616 164.448 142.06C164.726 141.503 168.71 133.901 168.71 133.623C168.71 133.344 168.432 131.861 167.135 131.861C165.838 131.861 164.448 131.026 164.448 132.325C164.448 133.623 161.02 135.199 162.317 133.066C163.355 131.36 164.17 130.625 164.448 130.47C164.479 129.852 164.597 128.486 164.819 127.967C165.097 127.318 166.857 127.04 167.506 127.503C168.154 127.967 167.506 128.801 168.71 128.987C169.915 129.172 170.285 128.523 170.285 127.503C170.285 126.483 170.285 126.113 170.285 125.649C170.285 125.185 166.116 116.748 162.317 118.232C158.519 119.715 157.407 121.477 156.481 119.344C154.035 117.268 152.497 118.479 152.033 119.344C152.033 119.499 151.811 119.956 150.922 120.55C149.81 121.291 151.848 128.245 152.96 127.503C154.072 126.762 157.778 126.298 154.72 127.874C151.663 129.45 151.755 127.967 149.532 129.45C145.548 131.861 141.749 132.417 144.344 129.45C146.938 126.483 147.401 126.762 147.586 126.483C147.772 126.205 150.644 124.722 148.142 124.815C145.641 124.907 146.382 124.351 144.714 124.815C143.38 125.185 141.008 125.773 139.989 126.02L136.654 129.914L133.782 130.47L132.762 128.709C132.546 128.647 132.04 128.319 131.743 127.503C131.373 126.483 131.465 126.391 130.724 126.02C129.983 125.649 124.702 125.185 123.22 125.371C121.737 125.556 122.571 125 120.533 125.742C118.495 126.483 111.361 125.464 110.341 125.742C109.322 126.02 107.099 125.185 106.728 126.947C106.358 128.709 105.987 126.391 107.562 130.47C106.728 137.146 108.396 138.815 105.709 137.053C103.022 135.291 103.578 134.086 102.374 134.457C101.169 134.828 100.891 134.642 100.891 135.848C100.891 137.053 101.262 137.146 101.077 138.166C100.891 139.185 102.466 139.185 101.077 140.113C100.039 141.744 99.6559 143.265 99.5941 143.821C99.3779 143.945 98.9641 144.415 99.0382 145.305C99.1309 146.417 98.9456 146.417 99.0382 147.808C99.1309 149.199 98.6676 156.43 99.5941 158.841C100.521 161.252 103.485 157.914 105.338 159.583C107.191 161.252 107.655 161.53 107.191 162.086C106.728 162.642 106.358 163.384 105.338 163.013C103.671 163.477 102.837 163.57 103.763 164.775C104.69 165.98 105.431 165.887 105.709 165.98C105.987 166.073 107.562 164.497 106.635 165.98C105.709 167.464 106.172 167.464 104.968 167.464C104.041 168.576 104.412 168.669 104.69 168.947C104.912 169.17 105.647 170.894 105.987 171.728C106.358 172.378 107.803 173.805 110.619 174.325C113.436 174.844 115.499 174.974 116.178 174.974C113.646 175.159 107.377 174.454 102.559 170.152C96.5368 164.775 97.0927 164.589 97.0927 162.086C97.0927 160.083 97.0309 150.991 97 146.695L97.1853 134.735C97.2471 133.313 97.9265 130.025 100.15 128.245C102.93 126.02 103.578 125.278 110.341 124.815C115.752 124.444 125.134 124.351 129.149 124.351H129.612C129.921 124.567 130.706 125.148 131.373 125.742C132.207 126.483 133.689 127.781 134.152 127.503C134.615 127.225 135.264 126.298 135.542 125.742C135.764 125.297 136.129 124.629 136.283 124.351H139.989C141.379 124.227 144.788 123.257 147.308 120.364C150.458 116.748 150.922 113.874 151.2 112.576C151.422 111.538 151.478 108.559 151.478 107.199L151.478 97Z" stroke="black"/>
+<path d="M132 162.408L133.3 158L135 162.408L133.7 167L132 162.408Z" fill="black"/>
+<circle cx="123.759" cy="123.241" r="85.3583" transform="rotate(37.6917 123.759 123.241)" stroke="black" stroke-width="5"/>
+<mask id="path-9-inside-1_23_207" fill="white">
+<path d="M193.282 176.959C186.228 186.088 177.444 193.74 167.433 199.475C157.422 205.21 146.379 208.918 134.935 210.385L132.097 188.255C140.635 187.16 148.873 184.394 156.342 180.115C163.811 175.836 170.363 170.128 175.626 163.317L193.282 176.959Z"/>
+</mask>
+<path d="M193.282 176.959C186.228 186.088 177.444 193.74 167.433 199.475C157.422 205.21 146.379 208.918 134.935 210.385L132.097 188.255C140.635 187.16 148.873 184.394 156.342 180.115C163.811 175.836 170.363 170.128 175.626 163.317L193.282 176.959Z" stroke="black" stroke-width="10" mask="url(#path-9-inside-1_23_207)"/>
+<mask id="path-10-inside-2_23_207" fill="white">
+<path d="M70.0413 192.764C51.6025 178.518 39.5785 157.53 36.6144 134.417L58.7453 131.579C60.9567 148.822 69.9271 164.48 83.6832 175.108L70.0413 192.764Z"/>
+</mask>
+<path d="M70.0413 192.764C51.6025 178.518 39.5785 157.53 36.6144 134.417L58.7453 131.579C60.9567 148.822 69.9271 164.48 83.6832 175.108L70.0413 192.764Z" stroke="black" stroke-width="10" mask="url(#path-10-inside-2_23_207)"/>
+<mask id="path-11-inside-3_23_207" fill="white">
+<path d="M54.2355 69.5233C68.4823 51.0846 89.4703 39.0606 112.582 36.0964L115.421 58.2274C98.1781 60.4388 82.5202 69.4092 71.8915 83.1653L54.2355 69.5233Z"/>
+</mask>
+<path d="M54.2355 69.5233C68.4823 51.0846 89.4703 39.0606 112.582 36.0964L115.421 58.2274C98.1781 60.4388 82.5202 69.4092 71.8915 83.1653L54.2355 69.5233Z" stroke="black" stroke-width="10" mask="url(#path-11-inside-3_23_207)"/>
+<mask id="path-12-inside-4_23_207" fill="white">
+<path d="M177.476 53.7176C195.915 67.9644 207.939 88.9524 210.903 112.065L188.772 114.903C186.561 97.6602 177.591 82.0023 163.835 71.3735L177.476 53.7176Z"/>
+</mask>
+<path d="M177.476 53.7176C195.915 67.9644 207.939 88.9524 210.903 112.065L188.772 114.903C186.561 97.6602 177.591 82.0023 163.835 71.3735L177.476 53.7176Z" stroke="black" stroke-width="10" mask="url(#path-12-inside-4_23_207)"/>
+</svg>
diff --git a/introduction/static/Lab/icons/pygoat.png b/introduction/static/Lab/icons/pygoat.png
new file mode 100644
index 0000000..5637dcc
Binary files /dev/null and b/introduction/static/Lab/icons/pygoat.png differ
diff --git a/introduction/static/Lab/icons/pygoat.svg b/introduction/static/Lab/icons/pygoat.svg
new file mode 100644
index 0000000..990c010
--- /dev/null
+++ b/introduction/static/Lab/icons/pygoat.svg
@@ -0,0 +1,25 @@
+<svg width="1320" height="1320" viewBox="0 0 1320 1320" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M864.982 517.527H808.982V589.027C808.982 595.86 805.882 614.427 793.482 634.027C781.082 653.627 769.982 661.982 744.982 665.027H625.982C605.315 663.86 559.382 664.927 540.982 678.527C522.582 692.127 516.315 714.527 515.482 724.027V872.527C515.482 884.527 520.982 897.027 551.982 917.027C582.982 937.027 591.982 938.027 656.482 939.027C720.982 940.027 757.482 922.027 772.482 909.027C784.482 898.627 787.149 888.36 786.982 884.527V811.527H650.982V788.527C713.982 788.693 821.682 788.927 836.482 788.527C854.982 788.027 875.982 788.527 896.982 773.527C913.782 761.527 924.649 735.527 927.982 724.027C933.482 694.693 940.182 623.927 922.982 575.527C905.782 527.127 877.149 516.693 864.982 517.527Z" stroke="#FED142"/>
+<circle cx="713.482" cy="870.482" r="25" fill="white"/>
+<path d="M809.615 411.982C806.815 417.982 789.782 429.815 781.615 434.982C781.115 434.982 781.015 434.182 784.615 430.982C789.115 426.982 791.615 409.982 791.615 402.982C791.615 395.982 787.615 385.482 780.115 374.982C772.615 364.482 758.115 365.482 749.115 368.482C740.115 371.482 737.115 378.482 739.615 377.982C742.115 377.482 750.615 376.482 759.615 379.482C766.815 381.882 772.948 390.148 775.115 393.982C773.448 393.982 768.815 394.382 763.615 395.982C757.116 397.982 760.615 400.982 752.115 405.482C745.315 409.082 736.281 409.315 732.615 408.982C735.948 411.982 743.915 419.382 749.115 424.982C755.614 431.982 766.115 443.482 772.115 452.982C778.115 462.482 786.615 480.982 797.115 513.482C807.616 545.982 795.115 586.982 786.615 606.482C778.115 625.982 763.615 644.982 758.615 644.982C754.615 644.982 752.949 649.982 752.615 652.482L748.115 661.982L738.615 659.482C738.615 654.648 736.515 647.082 728.115 655.482C725.715 659.882 724.781 664.648 724.615 666.482C722.782 669.315 718.515 675.682 716.115 678.482C713.115 681.982 701.115 670.982 695.115 666.482C690.316 662.882 689.115 650.648 689.115 644.982H596.615C587.781 652.148 567.915 667.382 559.115 670.982C548.115 675.482 545.615 675.982 528.115 681.482C510.615 686.982 513.615 682.982 509.115 689.482C505.515 694.682 502.948 707.315 502.115 712.982L498.615 794.982C475.781 794.815 426.915 792.182 414.115 782.982C398.115 771.482 384.115 734.482 376.615 703.982C369.115 673.482 365.115 626.482 385.115 575.982C401.115 535.582 435.115 521.815 450.115 519.982H560.615C564.282 518.982 573.715 516.282 582.115 513.482C592.615 509.982 602.615 511.482 618.615 511.482C631.415 511.482 649.615 516.482 657.115 518.982C646.448 519.148 620.015 520.082 599.615 522.482C574.115 525.482 565.115 529.482 559.115 531.982C553.115 534.482 540.615 544.982 528.115 554.482C515.615 563.982 521.115 561.982 507.115 564.982C495.915 567.382 490.482 560.482 484.982 561.482C489.482 563.482 501.315 567.282 494.115 568.482C485.115 569.982 485.982 568.482 481.982 562.482C477.859 556.297 474.982 552.982 478.482 561.982C481.982 570.982 480.482 569.482 487.982 573.982C495.482 578.482 498.615 573.982 505.615 572.982C512.615 571.982 508.115 570.982 513.615 570.982C519.115 570.982 521.115 573.982 529.615 583.482C538.115 592.982 534.615 597.482 521.115 630.482C510.315 656.882 496.948 665.482 491.615 666.482C500.282 665.482 521.015 663.182 534.615 661.982C551.615 660.482 563.115 652.482 577.115 644.982C588.315 638.982 596.782 628.148 599.615 623.482C597.282 621.315 591.515 614.382 587.115 603.982C581.615 590.982 581.115 540.482 584.115 568.482C587.115 596.482 616.115 609.482 638.615 616.982C661.115 624.482 653.615 619.982 665.115 623.482C676.615 626.982 673.615 623.482 673.115 619.982C672.615 616.482 666.115 604.482 665.115 596.482C664.115 588.482 663.115 582.982 663.115 570.982C663.115 558.982 684.115 541.482 678.115 550.982C672.115 560.482 675.615 562.482 680.115 590.482C684.615 618.482 691.615 619.482 695.115 630.482C698.615 641.482 700.615 649.482 704.115 659.482C707.615 669.482 710.115 664.982 716.115 659.482C722.115 653.982 717.115 648.482 719.115 637.482C721.115 626.482 730.115 608.482 738.615 597.482C747.115 586.482 752.615 580.982 755.115 572.482C757.615 563.982 757.115 558.982 758.615 577.982C760.115 596.982 747.115 617.982 752.615 614.482C758.115 610.982 764.115 601.482 774.615 580.982C785.115 560.482 784.115 533.482 784.115 526.982C784.115 520.482 783.615 516.482 783.115 507.482C782.615 498.482 775.615 483.982 771.115 474.482C766.615 464.982 752.615 442.482 747.115 436.982C741.615 431.482 730.615 414.982 728.615 410.982C726.948 407.647 724.586 402.576 723.846 401.27C723.696 401.137 723.615 401.038 723.615 400.982C723.615 400.899 723.698 401.009 723.846 401.27C725.036 402.326 730.562 405.482 734.115 405.482C738.115 405.482 739.115 404.982 742.615 403.982C746.115 402.982 752.115 401.482 755.115 395.982C757.498 391.613 761.721 391.155 763.575 391.475C763.361 391.408 762.735 390.847 761.615 388.982C760.115 386.482 755.115 385.482 745.615 385.482C736.115 385.482 731.115 387.482 726.615 387.982C722.115 388.482 720.115 384.982 718.115 380.982C716.115 376.982 718.615 375.982 718.115 372.482C717.615 368.982 720.115 363.982 720.115 359.482V344.482C720.115 340.855 723.039 335.928 723.911 334.415C723.939 334.237 724.001 334.096 724.115 333.982C724.212 333.885 724.121 334.051 723.911 334.415C723.818 335.018 724.115 336.054 724.115 337.982C724.115 340.482 726.115 340.982 728.615 344.482L731.115 347.982C731.449 347.815 732.115 347.382 732.115 346.982C732.115 346.482 732.615 345.482 732.615 342.982C732.615 340.482 733.115 341.482 734.115 336.982C735.115 332.482 740.615 327.482 739.615 330.482C738.615 333.482 741.115 333.482 742.615 336.482C743.815 338.882 745.115 340.482 745.615 340.982H748.115V339.982C748.282 339.148 748.815 336.882 749.615 334.482C750.415 332.082 753.282 330.148 754.615 329.482L760.115 336.982C760.282 338.148 761.015 340.282 762.615 339.482C764.615 338.482 764.615 336.482 766.615 332.982C768.215 330.182 770.615 330.148 771.615 330.482V344.482L773.615 343.482C773.782 343.315 774.515 342.382 776.115 339.982C777.715 337.582 780.782 336.982 782.115 336.982V350.982C783.282 352.148 786.515 355.682 790.115 360.482C794.615 366.482 795.115 370.982 797.615 382.482C799.615 391.682 798.115 403.982 797.115 408.982L798.615 403.982C799.615 400.315 801.815 390.882 802.615 382.482C803.615 371.982 803.615 358.982 797.115 346.982C790.615 334.982 782.615 329.982 770.115 324.482C757.65 318.997 749.163 320.473 737.712 322.465L737.615 322.482C726.115 324.482 720.615 330.982 712.115 339.482C705.315 346.282 705.615 355.648 706.615 359.482C705.282 360.315 700.915 362.982 694.115 366.982C685.615 371.982 680.115 376.982 674.115 382.482C668.115 387.982 658.615 398.482 653.615 404.982C649.615 410.182 644.949 420.482 643.115 424.982C642.782 425.982 641.915 428.482 641.115 430.482C640.115 432.982 640.115 432.982 638.615 435.982C637.115 438.982 638.615 438.482 643.115 432.982C647.615 427.482 649.115 424.982 647.615 427.982C646.115 430.982 649.615 432.982 650.115 434.982C650.615 436.982 652.615 437.982 650.115 438.982C647.615 439.982 646.115 438.982 642.615 441.482C639.815 443.482 640.782 443.982 641.615 443.982L650.615 451.482H661.115C667.115 451.482 664.115 450.982 662.115 445.982C659.115 442.982 660.115 437.482 660.115 439.482C660.115 441.482 662.615 442.982 665.115 444.982C667.615 446.982 671.115 446.482 680.115 445.982C689.115 445.482 687.115 443.482 700.615 434.982C711.415 428.182 717.782 413.815 719.615 407.482C719.282 408.982 718.815 414.582 719.615 424.982C720.615 437.982 710.115 434.982 710.115 443.482C710.115 451.982 710.615 479.982 704.115 487.982C697.615 495.982 684.115 500.982 687.115 496.982C690.115 492.982 695.115 484.982 695.115 471.982C695.115 461.582 689.782 456.648 687.115 455.482C683.782 454.482 675.615 453.082 669.615 455.482C663.615 457.882 657.449 459.482 655.115 459.982C652.949 460.315 647.215 459.282 641.615 452.482C636.015 445.682 628.949 443.648 626.115 443.482C630.949 431.815 643.515 404.682 655.115 389.482C666.715 374.282 686.615 359.815 695.115 354.482C695.282 351.815 696.615 345.082 700.615 339.482C705.615 332.482 717.115 312.482 748.615 312.482C780.115 312.482 796.615 329.982 809.615 349.982C822.615 369.982 813.115 404.482 809.615 411.982Z" fill="black"/>
+<path d="M676.982 400.482C674.982 402.882 673.149 407.482 672.482 409.482C672.795 408.648 674.534 406.182 678.982 402.982C684.542 398.982 690.482 399.482 696.982 396.982C702.182 394.982 703.482 392.482 703.482 391.482H686.982C684.482 393.482 678.982 398.082 676.982 400.482Z" fill="black"/>
+<path d="M808.482 517.482H870.982C885.482 519.315 917.282 537.182 928.482 593.982C942.482 664.982 931.482 719.482 928.482 728.482C925.482 737.482 915.982 757.482 901.482 769.982C886.982 782.482 873.482 786.482 859.982 787.482C849.182 788.282 716.482 789.148 651.482 789.482V810.482H786.482V821.982L772.482 819.982H762.982L758.482 823.482H752.982H746.982C745.815 823.982 743.682 825.382 744.482 826.982C745.282 828.582 746.482 834.982 746.982 837.982L738.482 826.982C737.149 825.815 734.182 823.482 732.982 823.482C731.482 823.482 725.982 819.982 725.482 819.982C724.982 819.982 723.982 827.982 719.982 828.482C715.982 828.982 708.982 828.482 704.482 830.982C699.982 833.482 698.482 833.482 691.982 837.982C685.482 842.482 683.482 840.482 678.982 848.982C674.482 857.482 672.982 862.482 673.982 863.982C674.982 865.482 667.482 859.482 668.482 854.982C669.482 850.482 664.482 852.982 668.482 846.982C672.482 840.982 674.482 844.982 677.982 837.482C673.982 824.982 674.482 823.982 671.482 826.982C668.482 829.982 672.482 837.482 663.482 837.482C654.482 837.482 650.482 835.982 649.482 833.482C648.482 830.982 661.482 827.982 661.482 824.982C661.482 821.982 675.982 820.482 661.482 817.982C646.982 815.482 645.482 817.482 644.982 813.982C644.482 810.482 643.482 811.482 644.982 808.482C646.482 805.482 648.982 802.982 647.982 800.482L647.98 800.478C646.982 797.982 646.981 797.981 644.982 795.482C643.382 793.482 640.982 786.982 639.982 783.982C642.648 781.482 647.982 776.082 647.982 774.482C647.982 772.482 657.482 770.982 647.982 762.982C638.482 754.982 640.482 766.982 633.482 749.982C626.482 732.982 629.482 720.482 633.482 717.482C637.482 714.482 639.982 713.982 639.982 705.482C639.982 701.293 639.349 698.534 638.669 696.876C638.255 696.185 637.856 695.55 637.482 694.982C637.802 695.238 638.245 695.843 638.669 696.876C642.873 703.892 648.623 716.699 644.982 723.982C647.982 744.982 648.482 746.982 655.982 746.482C663.482 745.982 668.982 739.982 671.482 744.982C673.982 749.982 685.982 732.982 682.482 751.482C678.882 769.882 685.649 776.815 689.482 777.982C693.148 777.815 702.982 777.182 712.982 775.982C725.482 774.482 748.482 776.482 732.982 765.482C717.482 754.482 719.482 763.982 712.982 751.482C706.482 738.982 695.982 730.482 704.482 728.482C712.982 726.482 722.482 736.482 726.482 726.982C729.682 719.382 732.149 715.815 732.982 714.982C735.315 713.648 739.282 713.582 736.482 723.982C732.982 736.982 732.982 738.482 732.982 740.482C732.982 742.482 721.482 748.482 732.982 749.982C744.482 751.482 754.482 758.982 752.982 762.982C751.782 766.182 750.148 768.982 749.482 769.982C752.815 770.815 760.182 772.482 762.982 772.482H790.482C793.815 775.648 800.882 780.782 802.482 775.982C804.482 769.982 827.982 764.982 804.482 757.482C790.482 744.982 800.482 740.482 802.482 740.482C804.482 740.482 799.982 734.482 807.982 737.482C815.982 740.482 820.482 734.482 822.482 740.482C824.482 746.482 818.482 745.482 827.482 751.482C836.482 757.482 840.982 757.982 840.482 760.482C839.982 762.982 831.482 760.982 840.482 765.482C849.482 769.982 849.482 765.482 851.982 765.482C854.482 765.482 855.482 774.482 864.982 769.982C874.482 765.482 876.982 763.482 878.482 760.482C879.982 757.482 901.482 716.482 901.482 714.982C901.482 713.482 899.982 705.482 892.982 705.482C885.982 705.482 878.482 700.982 878.482 707.982C878.482 714.982 859.982 723.482 866.982 711.982C872.582 702.782 876.982 698.815 878.482 697.982C878.649 694.648 879.282 687.282 880.482 684.482C881.982 680.982 891.482 679.482 894.982 681.982C898.482 684.482 894.982 688.982 901.482 689.982C907.982 690.982 909.982 687.482 909.982 681.982V671.982C909.982 669.482 887.482 623.982 866.982 631.982C846.482 639.982 840.482 649.482 835.482 637.982C822.282 626.782 813.982 633.315 811.482 637.982C811.482 638.815 810.282 641.282 805.482 644.482C799.482 648.482 810.482 685.982 816.482 681.982C822.482 677.982 842.482 675.482 825.982 683.982C809.482 692.482 809.982 684.482 797.982 692.482C776.482 705.482 755.982 708.482 769.982 692.482C783.982 676.482 786.482 677.982 787.482 676.482C788.482 674.982 803.982 666.982 790.482 667.482C776.982 667.982 780.982 664.982 771.982 667.482C764.782 669.482 751.982 672.648 746.482 673.982L728.482 694.982L712.982 697.982L707.482 688.482C706.315 688.148 703.582 686.382 701.982 681.982C699.982 676.482 700.482 675.982 696.482 673.982C692.482 671.982 663.982 669.482 655.982 670.482C647.982 671.482 652.482 668.482 641.482 672.482C630.482 676.482 591.982 670.982 586.482 672.482C580.982 673.982 568.982 669.482 566.982 678.982C564.982 688.482 562.982 675.982 571.482 697.982C566.982 733.982 575.982 742.982 561.482 733.482C546.982 723.982 549.982 717.482 543.482 719.482C536.982 721.482 535.482 720.482 535.482 726.982C535.482 733.482 537.482 733.982 536.482 739.482C535.482 744.982 543.982 744.982 536.482 749.982C530.882 758.782 528.815 766.982 528.482 769.982C527.315 770.648 525.082 773.182 525.482 777.982C525.982 783.982 524.982 783.982 525.482 791.482C525.982 798.982 523.482 837.982 528.482 850.982C533.482 863.982 549.482 845.982 559.482 854.982C569.482 863.982 571.982 865.482 569.482 868.482C566.982 871.482 564.982 875.482 559.482 873.482C550.482 875.982 545.982 876.482 550.982 882.982C555.982 889.482 559.981 888.982 561.482 889.482C562.982 889.982 571.482 881.482 566.482 889.482C561.482 897.482 563.982 897.482 557.482 897.482C552.482 903.482 554.482 903.982 555.982 905.482C557.182 906.682 561.149 915.982 562.982 920.482C564.423 923.003 568.874 927.705 576.933 931.183C579.903 932.276 582.838 933.214 585.702 934.014C586.443 934.182 587.203 934.338 587.982 934.482C603.182 937.282 614.315 937.982 617.982 937.982C611.122 938.484 599.182 937.776 585.702 934.014C582.404 933.265 579.488 932.286 576.933 931.183C566.036 927.171 554.659 921.063 544.482 911.982C511.982 882.982 514.982 881.982 514.982 868.482C514.982 857.682 514.649 808.648 514.482 785.482L515.482 720.982C515.815 713.315 519.482 695.582 531.482 685.982C546.482 673.982 549.982 669.982 586.482 667.482C615.682 665.482 666.315 664.982 687.982 664.982H690.482C692.149 666.148 696.382 669.282 699.982 672.482C704.482 676.482 712.482 683.482 714.982 681.982C717.482 680.482 720.982 675.482 722.482 672.482C723.682 670.082 725.649 666.482 726.482 664.982H746.482C753.982 664.315 772.382 659.082 785.982 643.482C802.982 623.982 805.482 608.482 806.982 601.482C808.182 595.882 808.482 579.815 808.482 572.482L808.482 517.482Z" fill="black" stroke="black"/>
+<path d="M705.482 869.982L711.982 845.982L720.482 869.982L713.982 894.982L705.482 869.982Z" fill="black"/>
+<circle cx="659.982" cy="659.982" r="452.5" transform="rotate(37.6917 659.982 659.982)" stroke="black" stroke-width="36"/>
+<mask id="path-8-inside-1_23_174" fill="white">
+<path d="M1032.29 947.651C994.517 996.544 947.48 1037.52 893.868 1068.23C840.256 1098.95 781.119 1118.8 719.834 1126.66L704.634 1008.14C750.355 1002.28 794.474 987.468 834.471 964.554C874.468 941.639 909.56 911.072 937.743 874.596L1032.29 947.651Z"/>
+</mask>
+<path d="M1032.29 947.651C994.517 996.544 947.48 1037.52 893.868 1068.23C840.256 1098.95 781.119 1118.8 719.834 1126.66L704.634 1008.14C750.355 1002.28 794.474 987.468 834.471 964.554C874.468 941.639 909.56 911.072 937.743 874.596L1032.29 947.651Z" stroke="black" stroke-width="72" mask="url(#path-8-inside-1_23_174)"/>
+<mask id="path-9-inside-2_23_174" fill="white">
+<path d="M372.313 1032.29C273.569 956 209.178 843.604 193.304 719.834L311.821 704.634C323.663 796.972 371.702 880.824 445.368 937.743L372.313 1032.29Z"/>
+</mask>
+<path d="M372.313 1032.29C273.569 956 209.178 843.604 193.304 719.834L311.821 704.634C323.663 796.972 371.702 880.824 445.368 937.743L372.313 1032.29Z" stroke="black" stroke-width="72" mask="url(#path-9-inside-2_23_174)"/>
+<mask id="path-10-inside-3_23_174" fill="white">
+<path d="M287.67 372.312C363.964 273.569 476.359 209.178 600.13 193.304L615.33 311.82C522.992 323.663 439.14 371.701 382.221 445.368L287.67 372.312Z"/>
+</mask>
+<path d="M287.67 372.312C363.964 273.569 476.359 209.178 600.13 193.304L615.33 311.82C522.992 323.663 439.14 371.701 382.221 445.368L287.67 372.312Z" stroke="black" stroke-width="72" mask="url(#path-10-inside-3_23_174)"/>
+<mask id="path-11-inside-4_23_174" fill="white">
+<path d="M947.651 287.669C1046.39 363.964 1110.79 476.359 1126.66 600.13L1008.14 615.329C996.301 522.991 948.262 439.14 874.596 382.221L947.651 287.669Z"/>
+</mask>
+<path d="M947.651 287.669C1046.39 363.964 1110.79 476.359 1126.66 600.13L1008.14 615.329C996.301 522.991 948.262 439.14 874.596 382.221L947.651 287.669Z" stroke="black" stroke-width="72" mask="url(#path-11-inside-4_23_174)"/>
+</svg>
diff --git a/introduction/static/Lab/image/xxe.jpg b/introduction/static/Lab/image/xxe.jpg
new file mode 100644
index 0000000..08ec4e5
Binary files /dev/null and b/introduction/static/Lab/image/xxe.jpg differ
diff --git a/introduction/static/Lab/ssrf.css b/introduction/static/Lab/ssrf.css
new file mode 100644
index 0000000..18acafc
--- /dev/null
+++ b/introduction/static/Lab/ssrf.css
@@ -0,0 +1,148 @@
+@import url('https://fonts.googleapis.com/css2?family=Ubuntu+Mono&display=swap');
+
+.playground{
+    background-color: rgb(214, 252, 255);
+    padding: 10px;
+    padding-top: 20px;
+    padding-bottom: 20px;
+    border-radius: 10px;
+    /* visibility: hidden; */
+}
+
+#ssrf-progress-bar {
+    margin-top : 30px;
+    position: relative;
+    width: 100%;
+    height: 30px;
+    background-color: #d5ecff;
+    display: none;
+    flex-direction: row;
+    border-radius: 15px;
+    border: 2px solid #4B8BBE;
+}
+
+
+.circle{
+    /* width: 5%; */
+    border: 5px solid #033157;
+    border-radius: 100px;
+    height: auto;
+    width : 26px
+}
+.ssrf-progress-element{
+    width: 30%;
+    background-color: #d5ecee;
+    border-radius: 15px;
+}
+
+.ssrf-bar-status{
+    height: 90%;
+    background-color: #033157;
+    border-radius: 15px;
+    margin: 1px;
+}
+
+#ssrf-frame-1{
+    display: flex;
+    flex-direction: row;
+    justify-content: space-between;
+}
+#ssrf-frame-2{
+    display: none;
+    margin-top: 20px;
+    flex-direction: column;
+    align-items: center;
+}
+
+.code{
+    background-color: #fafafa;
+    border-radius: 10px;
+    padding: 0;
+}
+
+.code-bar{
+    background-color: #d5ecee;
+    width: 100%;
+    height: 30px;
+    border-radius: 10px 10px 0px 0px;
+    display: flex;
+    justify-content: space-between
+}
+
+.code form {
+    margin: 30px;
+    margin-top: 10px;
+    margin-bottom: 10px;
+    font-family: 'Ubuntu Mono', monospace;
+}
+
+.code-circle {
+    height: 18px;
+    width: 18px;
+    border-radius: 10px;
+    border : 0px solid;
+    margin: 5px;
+}
+.red {
+    background-color: red;
+}
+.green{
+    background-color: green;
+}
+.yellow{
+    background-color: yellow;
+}
+
+#ssrf-frame-3{
+    display: none;
+    margin-top: 20px;
+    flex-direction: column;
+    align-items: center;
+}
+
+/* frame 4  */
+
+#ssrf-frame-4{
+    display: none;
+    margin-top: 20px;
+    flex-direction: column;
+    align-items: center;
+}
+
+textarea {
+    min-height: 250px;
+    overflow: scroll;
+    margin: 20px;
+    display: inline-block;
+    background: #f4f4f9;
+    outline: none;
+    font-family: Courier, sans-serif;
+    min-width: 500px;
+    height: 500px;
+    border-radius: 10px;
+    font-size: 13px;
+    padding: 10px;
+
+  }
+#textarea-container{
+    display: flex;
+    flex-direction: row;
+    margin : 10px;
+    flex-wrap: wrap
+}
+
+#textarea1{
+    display: flex;
+    flex-direction: column;
+}
+.problem-Statement-desc{
+    margin-left: 50px;
+    margin-right: 50px;
+}
+
+#ssrf-frame-5{
+    display: none;
+    margin-top: 20px;
+    flex-direction: column;
+    align-items: center;
+}
\ No newline at end of file
diff --git a/introduction/static/Lab/ssrf.js b/introduction/static/Lab/ssrf.js
new file mode 100644
index 0000000..63aae84
--- /dev/null
+++ b/introduction/static/Lab/ssrf.js
@@ -0,0 +1,84 @@
+
+function frame1to2(){
+    // frame 1 to 2
+    document.getElementById('ssrf-frame-1').style.display = 'none';
+    document.getElementById('ssrf-frame-2').style.display = 'flex';
+    document.getElementById('ssrf-progress-bar').style.display = 'flex';
+}
+
+function frame2to3(){
+    var markedCheckbox = document.querySelectorAll('input[type="checkbox"]:checked');
+    var arr = [];
+    for (var checkbox of markedCheckbox){
+        arr.push(parseInt(checkbox.value));
+    }
+    var score = 0;
+    var result = [8,9,10,11,12];
+    for (var items of arr){
+        if(result.includes(items)){
+            score++;
+        }
+        else{
+            score--;
+        }
+    }
+    if( score >= 4 ){
+        document.getElementById('ssrf-frame-2').style.display = 'none';
+        document.getElementById('ssrf-bar-status1').classList.add('ssrf-bar-status')
+        alert('Congratulation! You have figure this out !!');
+        document.getElementById('ssrf-frame-3').style.display = 'flex';
+    }
+}
+
+function frame3to4(){
+    var markedCheckbox = document.querySelectorAll('input[name="form2"]:checked');
+    var arr = [];
+    for (var checkbox of markedCheckbox){
+        arr.push(parseInt(checkbox.value));
+    }
+    var score = 0;
+    var result = [3,7,11,15];
+    for (var items of arr){
+        if(result.includes(items)){
+            score++;
+        }
+        else{
+            score--;
+        }
+    }
+    if( score >=4 ){
+        document.getElementById('ssrf-frame-3').style.display = 'none';
+        document.getElementById('ssrf-bar-status2').classList.add('ssrf-bar-status')
+        alert('Congratulation! you have detected defective codes in html');
+        document.getElementById('ssrf-frame-4').style.display = 'flex';
+    }
+}
+
+
+function checkcode(){
+    var python_code = document.getElementById('python').value
+    var html_code = document.getElementById('html').value
+
+    var formdata = new FormData();
+    formdata.append('python_code', python_code);
+    formdata.append('html_code', html_code);
+    var requestOptions = {
+        method: 'POST',
+        body: formdata,
+        redirect: 'follow'
+      };
+      
+    fetch("api/ssrf", requestOptions)
+    .then(response => response.text())
+    .then((result) => {
+        console.log(result);
+        var obj = JSON.parse(result);
+        alert(obj.message);
+        if (obj.passed == 1 ){
+            document.getElementById('ssrf-frame-4').style.display = 'none';
+            document.getElementById('ssrf-bar-status3').classList.add('ssrf-bar-status')
+            document.getElementById('ssrf-frame-5').style.display = 'flex';
+        }
+    })
+    .catch(error => console.log('error', error));
+}
\ No newline at end of file
diff --git a/introduction/static/Lab/ssti.css b/introduction/static/Lab/ssti.css
new file mode 100644
index 0000000..57136c4
--- /dev/null
+++ b/introduction/static/Lab/ssti.css
@@ -0,0 +1,26 @@
+.container{align-items: center;
+max-width: 720px;
+display: flex;
+flex-direction: column;}
+
+#ssti-inner-div2{
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+}
+
+.ssti-form{
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+}
+ul{
+    padding: 5px;
+}
+li{
+    list-style-type: none;
+}
+
+.code{
+    background-color: #fafafaaa;
+}
\ No newline at end of file
diff --git a/introduction/static/Lab/xss.js b/introduction/static/Lab/xss.js
new file mode 100644
index 0000000..99d0a09
--- /dev/null
+++ b/introduction/static/Lab/xss.js
@@ -0,0 +1,40 @@
+var coll = document.getElementsByClassName("coll");
+var coll2 = document.getElementsByClassName("coll2");
+var i;
+
+for (i = 0; i < coll.length; i++) {
+  coll[i].addEventListener("click", function() {
+    this.classList.toggle("active");
+    var content = this.nextElementSibling;
+    if (content.style.display === "block") {
+      content.style.display = "none";
+    } else {
+      content.style.display = "block";
+    }
+  });
+}
+for (i = 0; i < coll2.length; i++) {
+  coll2[i].addEventListener("click", function() {
+    this.classList.toggle("active");
+    var content = this.nextElementSibling;
+    if (content.style.display === "block") {
+      content.style.display = "none";
+    } else {
+      content.style.display = "block";
+    }
+  });
+}
+function SendToServer(){
+
+        comment=document.getElementById("comment").value;
+
+
+        var xhr;
+        xhr = new XMLHttpRequest();
+        xml="<?xml version='1.0'?>"+"<comm>"+"<text>"+comment+"</text>"+"</comm>";
+        var url = $("#Url").attr("data-url");
+       xhr.open("POST", url, true);
+       xhr.setRequestHeader("Content-Type", "text/xml");
+       xhr.send(xml);
+
+}
\ No newline at end of file
diff --git a/introduction/static/css/common.css b/introduction/static/css/common.css
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/static/css/dark-theme.css b/introduction/static/css/dark-theme.css
new file mode 100644
index 0000000..98292b5
--- /dev/null
+++ b/introduction/static/css/dark-theme.css
@@ -0,0 +1,510 @@
+/*
+    DEMO STYLE
+*/
+
+@import "https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700";
+body {
+  font-family: "Poppins", sans-serif;
+  background: #000000;
+}
+
+body::-webkit-scrollbar {
+  display: none;
+}
+body {
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none; /* Firefox */
+}
+
+p {
+  font-family: "Poppins", sans-serif;
+  font-size: 1.1em;
+  font-weight: 300;
+  line-height: 1.7em;
+  color: #999;
+}
+
+a,
+a:hover,
+a:focus {
+  color: inherit;
+  text-decoration: none;
+  transition: all 0.3s;
+}
+
+.navbar {
+  padding: 15px 10px;
+  background-image: linear-gradient(45deg, hsl(0, 0%, 25.9%), #80a9c9);
+  border: 0px solid;
+  border-radius: 0px 10px 0px 0px;
+  margin-bottom: 40px;
+  /* box-shadow: 1px 1px 3px rgba(0, 0, 0, 0.1); */
+}
+
+.navbar-btn {
+  box-shadow: none;
+  outline: none !important;
+  border: none;
+}
+
+.line {
+  width: 100%;
+  height: 1px;
+  border-bottom: 1px dashed #ddd;
+  margin: 40px 0;
+}
+
+i,
+span {
+  display: inline-block;
+}
+.login-form {
+  margin-left: 10px;
+  margin-right: 10px;
+}
+.card {
+  border: #306998;
+  border-radius: 10px;
+}
+/* ---------------------------------------------------
+    SIDEBAR STYLE
+----------------------------------------------------- */
+.sidebar-list-items {
+  background-color: #79a9cf40;
+}
+.wrapper {
+  display: flex;
+  align-items: stretch;
+  margin: 10px;
+  background-color: #424242;
+  height: 97vh;
+  border-radius: 20px;
+}
+
+#sidebar {
+  height: 97vh;
+  overflow: scroll;
+  min-width: 315px;
+  max-width: 315px;
+  background: #373c40;
+  color: #fff;
+  transition: all 0.3s;
+  border-radius: 20px 0px 20px 0px;
+}
+
+.sidebarClass::-webkit-scrollbar {
+  display: none;
+}
+.sidebarClass {
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none; /* Firefox */
+}
+
+#sidebar.active {
+  min-width: 80px;
+  max-width: 80px;
+  text-align: center;
+  height: 97vh;
+  overflow: scroll;
+}
+
+#sidebar.active .sidebar-header div h3,
+#sidebar.active .sidebar-header div img,
+#sidebar.active .CTAs {
+  display: none;
+}
+
+#sidebar.active .sidebar-header strong {
+  display: block;
+}
+
+#sidebar.active ul li a {
+  padding: 20px 10px;
+  text-align: center;
+  font-size: 0.85em;
+}
+
+#sidebar.active ul li a i {
+  margin-right: 0;
+  display: block;
+  font-size: 1.8em;
+  /* margin-bottom: 5px; */
+}
+
+#sidebar.active ul ul a {
+  padding: 10px !important;
+}
+
+#sidebar.active .dropdown-toggle::after {
+  top: auto;
+  bottom: 10px;
+  right: 50%;
+  -webkit-transform: translateX(50%);
+  -ms-transform: translateX(50%);
+  transform: translateX(50%);
+}
+
+#sidebar .sidebar-header {
+  padding: 20px;
+  background: #283036;
+}
+
+#sidebar .sidebar-header strong {
+  display: none;
+  font-size: 1.8em;
+}
+
+#sidebar ul.components {
+  padding: 20px 0;
+  border-bottom: 1px solid #4b8bbe;
+}
+
+#sidebar ul li a {
+  padding: 10px;
+  font-size: 1.1em;
+  display: block;
+}
+
+#sidebar ul li a:hover {
+  color: #306998;
+  background: #fff;
+}
+
+#sidebar ul li a i {
+  margin-right: 10px;
+}
+
+#sidebar ul li.active > a,
+a[aria-expanded="true"] {
+  color: #fff;
+  background: #4b8bbe;
+}
+
+a[data-toggle="collapse"] {
+  position: relative;
+}
+
+.dropdown-toggle::after {
+  display: block;
+  position: absolute;
+  top: 50%;
+  right: 20px;
+  transform: translateY(-50%);
+}
+
+ul ul a {
+  font-size: 0.9em !important;
+  padding-left: 30px !important;
+  background: #ffd43b;
+}
+
+ul.CTAs {
+  padding: 20px;
+}
+
+ul.CTAs a {
+  text-align: center;
+  font-size: 0.9em !important;
+  display: block;
+  border-radius: 5px;
+  margin-bottom: 5px;
+}
+
+/* a.download {
+    background: #fff;
+    color: #7386D5;
+} */
+
+/* a.article,
+a.article:hover {
+    background: #6d7fcc !important;
+    color: #fff !important;
+} */
+
+/* ---------------------------------------------------
+    CONTENT STYLE
+----------------------------------------------------- */
+
+#content {
+  width: 100%;
+  padding: 20px;
+  /* min-height: cal(100vh -20px); */
+  transition: all 0.3s;
+  overflow: scroll;
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none;
+}
+
+#content::-webkit-scrollbar {
+  display: none;
+}
+
+.box {
+  margin-top: 2rem;
+  border-radius: 10px;
+  padding: 2rem;
+  background-color: #f8ede345;
+  color: aliceblue;
+}
+.bp {
+  font-size: 1em;
+  font-height: 1.2em;
+  color: black;
+}
+.coll {
+  background-color: #159c80;
+  color: black;
+  cursor: pointer;
+  padding: auto;
+  width: auto;
+  margin-bottom: 20px;
+  text-align: center;
+  outline: none;
+  font-size: 20px;
+}
+
+/* Add a background color to the button if it is clicked on (add the .active class with JS), and when you move the mouse over it (hover) */
+.active,
+.coll:hover {
+  background-color: #bfb051;
+}
+
+/* Style the collapsible content. Note: hidden by default */
+.lab {
+  padding: 18px;
+  display: none;
+  overflow: hidden;
+  background-color: #f1f1f199;
+  border-radius: 1rem;
+}
+.display {
+  padding: 20px;
+}
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #c7254e;
+  background-color: #f9f2f4;
+  border-radius: 4px;
+}
+.img {
+  border-radius: 8px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  width: 50%;
+}
+.pg{
+  display: none;
+}
+/* ---------------------------------------------------
+    MEDIAQUERIES
+----------------------------------------------------- */
+
+@media (max-width: 768px) {
+  #sidebar {
+    min-width: 242px;
+  }
+  .pg{
+    display: block;
+    position: fixed;
+    font-size: 35px;
+    z-index: 1000;
+    color: #fff;
+    font-weight: 500;
+    left: 29px;
+    top: 36px;
+  }
+  .pg.active{
+    display: none;
+  }
+  .dropdown-toggle::after {
+    top: auto;
+    bottom: 10px;
+    right: 50%;
+    -webkit-transform: translateX(50%);
+    -ms-transform: translateX(50%);
+    transform: translateX(50%);
+  }
+  #sidebar.active {
+    margin-left: -95px !important;
+  }
+  #sidebar .sidebar-header{
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+  }
+
+  #sidebar .sidebar-header h3,
+  #sidebar .CTAs {
+    display: none;
+  }
+  #sidebar .sidebar-header strong {
+    display: block;
+  }
+  #sidebar ul li a {
+    padding: 20px 10px;
+  }
+  #sidebar ul li a span {
+    font-size: 0.85em;
+  }
+  #sidebar ul li a i {
+    margin-right: 0;
+    display: block;
+  }
+  #sidebar ul ul a {
+    padding: 10px !important;
+  }
+  #sidebar ul li a i {
+    font-size: 1.3em;
+  }
+  #sidebar {
+    margin-left: 0;
+  }
+  #sidebarCollapse span {
+    display: none;
+  }
+  .navbar{
+    margin-right: -17px;
+  }
+}
+
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #033157;
+  border-radius: 4px;
+  background-color: #159c8100;
+}
+
+.code {
+  /* background-image: linear-gradient(to right, #000000, #30989a); */
+  background-color: #8dc2ed;
+  padding: 30px;
+  margin-top: 30px;
+}
+
+#sidebarCollapse {
+  display: none;
+}
+
+.h2,
+h2 {
+  font-size: 4rem;
+}
+
+#owasp10_2021 {
+  width: 90%;
+  background: #283036;
+  margin-top: 15px;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+#owasp10_2017 {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+
+#sidebar li ul a #owasp10_2021 {
+  padding: 13% 0 0 0;
+}
+
+#OWASP10_2021 {
+  width: 95%;
+  padding-left: 5%;
+}
+#OWASP10_2017 {
+  width: 95%;
+  padding-left: 5%;
+}
+
+#sidebar-home {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+
+#homeSubmenu {
+  width: 95%;
+  padding-left: 5%;
+}
+
+.active,
+.coll:hover {
+  background-color: #bfb05100;
+}
+
+#challengeMenu {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+#challengeSubmenu {
+  width: 95%;
+  padding-left: 5%;
+}
+#Mitre25 {
+  width: 95%;
+  padding-left: 5%;
+}
+#sans25 {
+  width: 95%;
+  padding-left: 5%;
+}
+
+#help {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+#mitre25 {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+
+#stylesheet-toggle{
+  background: #f0f8ff8a;
+  border: 0px;
+  border-radius: 2px;
+  margin-right: 5px;
+}
+
+.Mitigation li {
+  list-style-type: disc;
+}
\ No newline at end of file
diff --git a/introduction/static/css/home.css b/introduction/static/css/home.css
new file mode 100644
index 0000000..96fa7fe
--- /dev/null
+++ b/introduction/static/css/home.css
@@ -0,0 +1,12 @@
+
+#home-section1 {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    flex-wrap: wrap;
+}
+#home-section1-img{
+    opacity: .25;
+    width: 400px;
+}
diff --git a/introduction/static/css/light.css b/introduction/static/css/light.css
new file mode 100644
index 0000000..652349f
--- /dev/null
+++ b/introduction/static/css/light.css
@@ -0,0 +1,524 @@
+/*
+    DEMO STYLE
+*/
+
+@import "https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700";
+body {
+  font-family: "Poppins", sans-serif;
+  /* background: #000000; */
+  background: #fff;
+}
+
+body::-webkit-scrollbar {
+  display: none;
+}
+body {
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none; /* Firefox */
+}
+
+p{
+  font-family: "Poppins", sans-serif;
+  font-size: 1.1em;
+  font-weight: 300;
+  line-height: 1.7em;
+  color: #999;
+}
+
+a,
+a:hover,
+a:focus {
+  color: inherit;
+  text-decoration: none;
+  transition: all 0.3s;
+}
+
+.navbar {
+  padding: 15px 10px;
+  background-image: linear-gradient(45deg, hsl(0deg 0% 95%), #80a9c9);
+  border: 0px solid;
+  border-radius: 0px 10px 0px 0px;
+  margin-bottom: 40px;
+  /* box-shadow: 1px 1px 3px rgba(0, 0, 0, 0.1); */
+}
+
+.navbar-btn {
+  box-shadow: none;
+  outline: none !important;
+  border: none;
+}
+
+.line {
+  width: 100%;
+  height: 1px;
+  border-bottom: 1px dashed #ddd;
+  margin: 40px 0;
+}
+
+i,
+span {
+  display: inline-block;
+}
+.login-form {
+  margin-left: 10px;
+  margin-right: 10px;
+}
+.card {
+  border: #306998;
+  border-radius: 10px;
+}
+/* ---------------------------------------------------
+    SIDEBAR STYLE
+----------------------------------------------------- */
+.sidebar-list-items {
+  background-color: #79a9cf40;
+  color : #0b446e;
+}
+.wrapper {
+  display: flex;
+  align-items: stretch;
+  margin: 10px;
+  background-color: #424242;
+  background-color: #f1f1f1;
+  height: 97vh;
+  border-radius: 20px;
+}
+
+#sidebar {
+  height: 97vh;
+  overflow: scroll;
+  min-width: 315px;
+  max-width: 315px;
+  background: #373c40;
+  background: #c5cfd7;
+  color: #fff;
+  transition: all 0.3s;
+  border-radius: 20px 0px 20px 0px;
+}
+
+.sidebarClass::-webkit-scrollbar {
+  display: none;
+}
+.sidebarClass {
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none; /* Firefox */
+}
+
+#sidebar.active {
+  min-width: 80px;
+  max-width: 80px;
+  text-align: center;
+  height: 97vh;
+  overflow: scroll;
+}
+
+#sidebar.active .sidebar-header div h3,
+#sidebar.active .sidebar-header div img,
+#sidebar.active .CTAs {
+  display: none;
+}
+
+#sidebar.active .sidebar-header strong {
+  display: block;
+}
+
+#sidebar.active ul li a {
+  padding: 20px 10px;
+  text-align: center;
+  font-size: 0.85em;
+}
+
+#sidebar.active ul li a i {
+  margin-right: 0;
+  display: block;
+  font-size: 1.8em;
+  /* margin-bottom: 5px; */
+}
+
+#sidebar.active ul ul a {
+  padding: 10px !important;
+}
+
+#sidebar.active .dropdown-toggle::after {
+  top: auto;
+  bottom: 10px;
+  right: 50%;
+  -webkit-transform: translateX(50%);
+  -ms-transform: translateX(50%);
+  transform: translateX(50%);
+}
+
+#sidebar .sidebar-header {
+  padding: 20px;
+  /* background: #283036; */
+  background: #4e93c7
+}
+
+#sidebar .sidebar-header strong {
+  display: none;
+  font-size: 1.8em;
+}
+
+#sidebar ul.components {
+  padding: 20px 0;
+  border-bottom: 1px solid #4b8bbe;
+}
+
+#sidebar ul li a {
+  padding: 10px;
+  font-size: 1.1em;
+  display: block;
+}
+
+#sidebar ul li a:hover {
+  color: #306998;
+  background: #fff;
+}
+
+#sidebar ul li a i {
+  margin-right: 10px;
+}
+
+#sidebar ul li.active > a,
+a[aria-expanded="true"] {
+  color: #fff;
+  background: #4b8bbe;
+}
+
+a[data-toggle="collapse"] {
+  position: relative;
+}
+
+.dropdown-toggle::after {
+  display: block;
+  position: absolute;
+  top: 50%;
+  right: 20px;
+  transform: translateY(-50%);
+}
+
+ul ul a {
+  font-size: 0.9em !important;
+  padding-left: 30px !important;
+  background: #ffd43b;
+}
+
+ul.CTAs {
+  padding: 20px;
+}
+
+ul.CTAs a {
+  text-align: center;
+  font-size: 0.9em !important;
+  display: block;
+  border-radius: 5px;
+  margin-bottom: 5px;
+}
+
+/* a.download {
+    background: #fff;
+    color: #7386D5;
+} */
+
+/* a.article,
+a.article:hover {
+    background: #6d7fcc !important;
+    color: #fff !important;
+} */
+
+/* ---------------------------------------------------
+    CONTENT STYLE
+----------------------------------------------------- */
+
+#content {
+  width: 100%;
+  padding: 20px;
+  /* min-height: cal(100vh -20px); */
+  transition: all 0.3s;
+  overflow: scroll;
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none;
+}
+
+#content::-webkit-scrollbar {
+  display: none;
+}
+
+.box {
+  margin-top: 2rem;
+  border-radius: 10px;
+  padding: 2rem;
+  background-color: #f8ede345;
+  color: #20303e
+}
+.bp {
+  font-size: 1em;
+  font-height: 1.2em;
+  color: black;
+}
+.coll {
+  background-color: #159c80;
+  color: black;
+  cursor: pointer;
+  padding: auto;
+  width: auto;
+  margin-bottom: 20px;
+  text-align: center;
+  outline: none;
+  font-size: 20px;
+}
+
+/* Add a background color to the button if it is clicked on (add the .active class with JS), and when you move the mouse over it (hover) */
+.active,
+.coll:hover {
+  background-color: #bfb051;
+}
+
+/* Style the collapsible content. Note: hidden by default */
+.lab {
+  padding: 18px;
+  display: none;
+  overflow: hidden;
+  background-color: #f1f1f1;
+  border-radius: 1rem;
+}
+.display {
+  padding: 20px;
+}
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #c7254e;
+  background-color: #f9f2f4;
+  border-radius: 4px;
+}
+.img {
+  border-radius: 8px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  width: 50%;
+}
+
+.pg{
+  display: none;
+}
+/* ---------------------------------------------------
+    MEDIAQUERIES
+----------------------------------------------------- */
+
+@media (max-width: 768px) {
+  #sidebar {
+    min-width: 242px;
+  }
+
+  .pg{
+    display: block;
+    position: fixed;
+    font-size: 35px;
+    z-index: 1000;
+    color: #397aab;
+    font-weight: 500;
+    left: 29px;
+    top: 36px;
+  }
+  .pg.active{
+    display: none;
+  }
+
+  .dropdown-toggle::after {
+    top: auto;
+    bottom: 10px;
+    right: 50%;
+    -webkit-transform: translateX(50%);
+    -ms-transform: translateX(50%);
+    transform: translateX(50%);
+  }
+  #sidebar.active {
+    margin-left: -95px !important;
+  }
+  #sidebar .sidebar-header{
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+  }
+
+  #sidebar .sidebar-header h3,
+  #sidebar .CTAs {
+    display: none;
+  }
+  #sidebar .sidebar-header strong {
+    display: block;
+  }
+  #sidebar ul li a {
+    padding: 20px 10px;
+  }
+  #sidebar ul li a span {
+    font-size: 0.85em;
+  }
+  #sidebar ul li a i {
+    margin-right: 0;
+    display: block;
+  }
+  #sidebar ul ul a {
+    padding: 10px !important;
+  }
+  #sidebar ul li a i {
+    font-size: 1.3em;
+  }
+  #sidebar {
+    margin-left: 0;
+  }
+  #sidebarCollapse span {
+    display: none;
+  }
+  .navbar{
+    margin-right: -17px;
+  }
+}
+
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #033157;
+  border-radius: 4px;
+  background-color: #159c8100;
+}
+
+.code {
+  /* background-image: linear-gradient(to right, #000000, #30989a); */
+  background-color: #8dc2ed;
+  padding: 30px;
+  margin-top: 30px;
+}
+
+#sidebarCollapse {
+  display: none;
+}
+
+.h2,
+h2 {
+  font-size: 4rem;
+}
+
+#owasp10_2021 {
+  width: 90%;
+  background: #283036;
+  background: #4e93c7;
+  margin-top: 15px;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+#owasp10_2017 {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+
+#sidebar li ul a #owasp10_2021 {
+  padding: 13% 0 0 0;
+}
+
+#OWASP10_2021 {
+  width: 95%;
+  padding-left: 5%;
+}
+#OWASP10_2017 {
+  width: 95%;
+  padding-left: 5%;
+}
+
+#sidebar-home {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+
+#homeSubmenu {
+  width: 95%;
+  padding-left: 5%;
+}
+
+.active,
+.coll:hover {
+  background-color: #bfb05100;
+}
+
+#challengeMenu {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+#challengeSubmenu {
+  width: 95%;
+  padding-left: 5%;
+}
+#Mitre25 {
+  width: 95%;
+  padding-left: 5%;
+}
+#sans25 {
+  width: 95%;
+  padding-left: 5%;
+}
+
+#help {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+#mitre25 {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+
+#stylesheet-toggle{
+    background: #f0f8ff8a;
+    border: 0px;
+    border-radius: 2px;
+    margin-right: 5px;
+}
+
+.Mitigation li {
+  list-style-type: disc;
+}
\ No newline at end of file
diff --git a/introduction/static/css/style.css b/introduction/static/css/style.css
new file mode 100644
index 0000000..62a37d5
--- /dev/null
+++ b/introduction/static/css/style.css
@@ -0,0 +1,491 @@
+/*
+    DEMO STYLE
+*/
+
+@import "https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700";
+body {
+  font-family: "Poppins", sans-serif;
+  /* background: #000000; */
+  background: #fff;
+}
+
+body::-webkit-scrollbar {
+  display: none;
+}
+body {
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none; /* Firefox */
+}
+
+p {
+  font-family: "Poppins", sans-serif;
+  font-size: 1.1em;
+  font-weight: 300;
+  line-height: 1.7em;
+  color: #999;
+}
+
+a,
+a:hover,
+a:focus {
+  color: inherit;
+  text-decoration: none;
+  transition: all 0.3s;
+}
+
+.navbar {
+  padding: 15px 10px;
+  background-image: linear-gradient(45deg, hsl(0deg 0% 95%), #80a9c9);
+  border: 0px solid;
+  border-radius: 0px 10px 0px 0px;
+  margin-bottom: 40px;
+  /* box-shadow: 1px 1px 3px rgba(0, 0, 0, 0.1); */
+}
+
+.navbar-btn {
+  box-shadow: none;
+  outline: none !important;
+  border: none;
+}
+
+.line {
+  width: 100%;
+  height: 1px;
+  border-bottom: 1px dashed #ddd;
+  margin: 40px 0;
+}
+
+i,
+span {
+  display: inline-block;
+}
+.login-form {
+  margin-left: 10px;
+  margin-right: 10px;
+}
+.card {
+  border: #306998;
+  border-radius: 10px;
+}
+/* ---------------------------------------------------
+    SIDEBAR STYLE
+----------------------------------------------------- */
+.sidebar-list-items {
+  background-color: #79a9cf40;
+  color : #0b446e;
+}
+.wrapper {
+  display: flex;
+  align-items: stretch;
+  margin: 10px;
+  background-color: #424242;
+  background-color: #f1f1f1;
+  height: 97vh;
+  border-radius: 20px;
+}
+
+#sidebar {
+  height: 97vh;
+  overflow: scroll;
+  min-width: 315px;
+  max-width: 315px;
+  background: #373c40;
+  background: #c5cfd7;
+  color: #fff;
+  transition: all 0.3s;
+  border-radius: 20px 0px 20px 0px;
+}
+
+.sidebarClass::-webkit-scrollbar {
+  display: none;
+}
+.sidebarClass {
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none; /* Firefox */
+}
+
+#sidebar.active {
+  min-width: 80px;
+  max-width: 80px;
+  text-align: center;
+  height: 97vh;
+  overflow: scroll;
+}
+
+#sidebar.active .sidebar-header div h3,
+#sidebar.active .sidebar-header div img,
+#sidebar.active .CTAs {
+  display: none;
+}
+
+#sidebar.active .sidebar-header strong {
+  display: block;
+}
+
+#sidebar.active ul li a {
+  padding: 20px 10px;
+  text-align: center;
+  font-size: 0.85em;
+}
+
+#sidebar.active ul li a i {
+  margin-right: 0;
+  display: block;
+  font-size: 1.8em;
+  /* margin-bottom: 5px; */
+}
+
+#sidebar.active ul ul a {
+  padding: 10px !important;
+}
+
+#sidebar.active .dropdown-toggle::after {
+  top: auto;
+  bottom: 10px;
+  right: 50%;
+  -webkit-transform: translateX(50%);
+  -ms-transform: translateX(50%);
+  transform: translateX(50%);
+}
+
+#sidebar .sidebar-header {
+  padding: 20px;
+  /* background: #283036; */
+  background: #4e93c7
+}
+
+#sidebar .sidebar-header strong {
+  display: none;
+  font-size: 1.8em;
+}
+
+#sidebar ul.components {
+  padding: 20px 0;
+  border-bottom: 1px solid #4b8bbe;
+}
+
+#sidebar ul li a {
+  padding: 10px;
+  font-size: 1.1em;
+  display: block;
+}
+
+#sidebar ul li a:hover {
+  color: #306998;
+  background: #fff;
+}
+
+#sidebar ul li a i {
+  margin-right: 10px;
+}
+
+#sidebar ul li.active > a,
+a[aria-expanded="true"] {
+  color: #fff;
+  background: #4b8bbe;
+}
+
+a[data-toggle="collapse"] {
+  position: relative;
+}
+
+.dropdown-toggle::after {
+  display: block;
+  position: absolute;
+  top: 50%;
+  right: 20px;
+  transform: translateY(-50%);
+}
+
+ul ul a {
+  font-size: 0.9em !important;
+  padding-left: 30px !important;
+  background: #ffd43b;
+}
+
+ul.CTAs {
+  padding: 20px;
+}
+
+ul.CTAs a {
+  text-align: center;
+  font-size: 0.9em !important;
+  display: block;
+  border-radius: 5px;
+  margin-bottom: 5px;
+}
+
+/* a.download {
+    background: #fff;
+    color: #7386D5;
+} */
+
+/* a.article,
+a.article:hover {
+    background: #6d7fcc !important;
+    color: #fff !important;
+} */
+
+/* ---------------------------------------------------
+    CONTENT STYLE
+----------------------------------------------------- */
+
+#content {
+  width: 100%;
+  padding: 20px;
+  /* min-height: cal(100vh -20px); */
+  transition: all 0.3s;
+  overflow: scroll;
+  -ms-overflow-style: none; /* IE and Edge */
+  scrollbar-width: none;
+}
+
+#content::-webkit-scrollbar {
+  display: none;
+}
+
+.box {
+  margin-top: 2rem;
+  border-radius: 10px;
+  padding: 2rem;
+  background-color: #f8ede345;
+  color: #20303e
+}
+.bp {
+  font-size: 1em;
+  font-height: 1.2em;
+  color: black;
+}
+.coll {
+  background-color: #159c80;
+  color: black;
+  cursor: pointer;
+  padding: auto;
+  width: auto;
+  margin-bottom: 20px;
+  text-align: center;
+  outline: none;
+  font-size: 20px;
+}
+
+/* Add a background color to the button if it is clicked on (add the .active class with JS), and when you move the mouse over it (hover) */
+.active,
+.coll:hover {
+  background-color: #bfb051;
+}
+
+/* Style the collapsible content. Note: hidden by default */
+.lab {
+  padding: 0 18px;
+  display: none;
+  overflow: hidden;
+  background-color: #f1f1f1;
+  border-radius: 1rem;
+}
+.display {
+  padding: 20px;
+}
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #c7254e;
+  background-color: #f9f2f4;
+  border-radius: 4px;
+}
+.img {
+  border-radius: 8px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  width: 50%;
+}
+/* ---------------------------------------------------
+    MEDIAQUERIES
+----------------------------------------------------- */
+
+@media (max-width: 768px) {
+  #sidebar {
+    min-width: 80px;
+    max-width: 80px;
+    text-align: center;
+    margin-left: -95px !important;
+    height: 100vh;
+    overflow: scroll;
+  }
+  .dropdown-toggle::after {
+    top: auto;
+    bottom: 10px;
+    right: 50%;
+    -webkit-transform: translateX(50%);
+    -ms-transform: translateX(50%);
+    transform: translateX(50%);
+  }
+  #sidebar.active {
+    margin-left: 0 !important;
+  }
+  #sidebar .sidebar-header h3,
+  #sidebar .CTAs {
+    display: none;
+  }
+  #sidebar .sidebar-header strong {
+    display: block;
+  }
+  #sidebar ul li a {
+    padding: 20px 10px;
+  }
+  #sidebar ul li a span {
+    font-size: 0.85em;
+  }
+  #sidebar ul li a i {
+    margin-right: 0;
+    display: block;
+  }
+  #sidebar ul ul a {
+    padding: 10px !important;
+  }
+  #sidebar ul li a i {
+    font-size: 1.3em;
+  }
+  #sidebar {
+    margin-left: 0;
+  }
+  #sidebarCollapse span {
+    display: none;
+  }
+}
+
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #033157;
+  border-radius: 4px;
+  background-color: #159c8100;
+}
+
+.code {
+  /* background-image: linear-gradient(to right, #000000, #30989a); */
+  background-color: #8dc2ed;
+  padding: 30px;
+  margin-top: 30px;
+}
+
+#sidebarCollapse {
+  display: none;
+}
+
+.h2,
+h2 {
+  font-size: 4rem;
+}
+
+#owasp10_2021 {
+  width: 90%;
+  background: #283036;
+  background: #4e93c7;
+  margin-top: 15px;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+#owasp10_2017 {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+
+#sidebar li ul a #owasp10_2021 {
+  padding: 13% 0 0 0;
+}
+
+#OWASP10_2021 {
+  width: 95%;
+  padding-left: 5%;
+}
+#OWASP10_2017 {
+  width: 95%;
+  padding-left: 5%;
+}
+
+#sidebar-home {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0 0 0;
+}
+
+#homeSubmenu {
+  width: 95%;
+  padding-left: 5%;
+}
+
+.active,
+.coll:hover {
+  background-color: #bfb05100;
+}
+
+#challengeMenu {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+#challengeSubmenu {
+  width: 95%;
+  padding-left: 5%;
+}
+#Mitre25 {
+  width: 95%;
+  padding-left: 5%;
+}
+#sans25 {
+  width: 95%;
+  padding-left: 5%;
+}
+
+#help {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+#mitre25 {
+  width: 90%;
+  margin-top: 15px;
+  background: #283036;
+  background: #4e93c7;
+  left: 5%;
+  height: 110px;
+  padding: 17px;
+  border-radius: 10px;
+  text-align: center;
+  padding: 13% 0% 0% 0%;
+}
+
diff --git a/introduction/static/fake.txt b/introduction/static/fake.txt
new file mode 100644
index 0000000..a709404
--- /dev/null
+++ b/introduction/static/fake.txt
@@ -0,0 +1 @@
+this is malicious file
\ No newline at end of file
diff --git a/introduction/static/google.jpg b/introduction/static/google.jpg
new file mode 100644
index 0000000..caf2e87
Binary files /dev/null and b/introduction/static/google.jpg differ
diff --git a/introduction/static/real.txt b/introduction/static/real.txt
new file mode 100644
index 0000000..bcfe693
--- /dev/null
+++ b/introduction/static/real.txt
@@ -0,0 +1 @@
+This is real file 
\ No newline at end of file
diff --git a/introduction/templates/Lab/A10/a10.html b/introduction/templates/Lab/A10/a10.html
new file mode 100644
index 0000000..6780344
--- /dev/null
+++ b/introduction/templates/Lab/A10/a10.html
@@ -0,0 +1,68 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Insufficient Logging & Monitoring</title>
+{% endblock %}
+<div class="content">
+  <h3>Insufficient Logging & Monitoring</h3>
+  <div class="box">
+    <h4>What does Insufficient Logging & Monitoring means?</h4>
+    <p class="bp">
+      Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely
+      on the lack of monitoring and timely response to achieve their goals without being detected. <br>
+      Most successful attacks start with vulnerability probing. Allowing such probes to continue can raise the
+      likelihood of successful exploit to nearly 100%. <br>
+      In 2016, identifying a breach took an average of 191 days – plenty of time for damage to be inflicted.
+    </p>
+    <button class="coll btn btn-info">Lab 1 Details</button>
+    <div class="lab">
+      <p class="bp">
+        This lab helps you to get an idea of how sometimes improper logging can result in information disclosure.
+
+        The user on accessing the lab is given with a login page which tells us that the logs have been leaked.
+        The user needs to find the leak and try to gain the credentials that have been leaked in the logs.
+
+        <br><b>Finding the Log</b>
+      <ul>
+        <li>The log has been exposed in <code>/debug</code> route </li>
+        <li>This can be found out with subdomain brute-forcing or just by guess</li>
+        <li>On seeing the Log try to get the required login details as there is a leak and the logging is improperly
+          handled.</li>
+
+      </ul>
+
+      </p>
+      <br>
+      <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/a10_lab'">Access
+          Lab</button></div>
+    </div>
+    <button class="coll btn btn-info">Lab 2 Details</button>
+    <div class="lab">
+      <p class="bp">
+        It seems this application is logging every action performed in this logging page. 
+        But is there a way to inject some fake logs to the application?
+
+        <br>
+        <span>Login credentials are same as lab1</span>
+      <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/a10_lab_2'">Access
+          Lab</button></div>
+    </div>
+    <div>
+      <br>
+      <h4>Mitigation</h4>
+      <p class="bp">
+      <ul>
+        <li>Ensure that logs are created in a format that can be easily used by central log management tools.</li>
+        <li>High-value transactions should have an audit trail with integrity controls to prevent manipulation or
+          deletion.</li>
+        <li>Effective monitoring and alerting should be established so that suspicious activities can be detected and
+          responded to in a timely manner.</li>
+        <li>Make sure that there aren't any sensitive information like passwords are being logged</li>
+      </ul>
+      </p>
+    </div>
+  </div>
+
+
+
+  {% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/A10/a10_lab.html b/introduction/templates/Lab/A10/a10_lab.html
new file mode 100644
index 0000000..d4e905c
--- /dev/null
+++ b/introduction/templates/Lab/A10/a10_lab.html
@@ -0,0 +1,44 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Insufficient Logging & Monitoring</title>
+{% endblock %}
+
+
+<div class="jumbotron">
+    <h4 style="text-align:center">The Logs have been Leaked. </h4>
+    <div class="login">
+        <form method="post" action="/a10_lab">
+            {% csrf_token %}
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+
+
+</div>
+
+<div class="container">
+    {% if name %}
+    <h2>Success! Logged in as
+        <pre>{{name}}</pre>
+    </h2>
+    {% else %}
+    <h2>
+        <pre>{{error}}</pre>
+    </h2>
+    {% endif %}
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/a10'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/A10/a10_lab2.html b/introduction/templates/Lab/A10/a10_lab2.html
new file mode 100644
index 0000000..d0acadb
--- /dev/null
+++ b/introduction/templates/Lab/A10/a10_lab2.html
@@ -0,0 +1,78 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Insufficient Logging & Monitoring</title>
+{% endblock %}
+
+
+<div class="jumbotron">
+    <h4 style="text-align:center">Logs are strickty monitored</h4>
+    <div class="login">
+        <form method="post" >
+            {% csrf_token %}
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+        </form>
+    </div>
+
+
+</div>
+
+<div class="container">
+    {% if name %}
+    <h2>Success! Logged in as
+        <pre>{{name}}</pre>
+    </h2>
+    {% else %}
+    <h2>
+        <pre>{{error}}</pre>
+    </h2>
+    {% endif %}
+
+</div>
+
+<br>
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+<div class="lab code">
+   <code>   
+    logging.basicConfig(level=logging.DEBUG,filename='app.log')<br>
+    <br>
+    @authentication_decorator<br>
+    def a10_lab2(request):<br>
+    &emsp;now = datetime.datetime.now()<br>
+    &emsp;if request.method == "GET":<br>
+    &emsp;&emsp;x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')<br>
+    <br>
+    &emsp;&emsp;if x_forwarded_for:<br>
+    &emsp;&emsp;&emsp;ip = x_forwarded_for.split(',')[0]<br>
+    &emsp;&emsp;else:<br>
+    &emsp;&emsp;&emsp;ip = request.META.get('REMOTE_ADDR')<br>
+    &emsp;&emsp;logging.info(f"{now}:{ip}")<br>
+    &emsp;&emsp;return render (request,"Lab/A10/a10_lab2.html")<br>
+    &emsp;else:<br>
+    &emsp;&emsp;user=request.POST.get("name")<br>
+    &emsp;&emsp;password=request.POST.get("pass")<br>
+    &emsp;&emsp;x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')<br>
+    <br>
+    &emsp;&emsp;if x_forwarded_for:<br>
+    &emsp;&emsp;&emsp;ip = x_forwarded_for.split(',')[0]<br>
+    &emsp;&emsp;else:<br>
+    &emsp;&emsp;&emsp;ip = request.META.get('REMOTE_ADDR')<br>
+    <br>
+    &emsp;&emsp;if login.objects.filter(user=user,password=password):<br>
+    &emsp;&emsp;&emsp;if ip != '127.0.0.1':<br>
+    &emsp;&emsp;&emsp;&emsp;logging.warning(f"{now}:{ip}:{user}")<br>
+    &emsp;&emsp;&emsp;logging.info(f"{now}:{ip}:{user}")<br>
+    &emsp;&emsp;&emsp;return render(request,"Lab/A10/a10_lab2.html",{"name":user})<br>
+    &emsp;&emsp;else:<br>
+    &emsp;&emsp;&emsp;logging.error(f"{now}:{ip}:{user}")<br>
+    &emsp;&emsp;&emsp;return render(request, "Lab/A10/a10_lab2.html", {"error": " Wrong username or Password"})<br>
+   </code>
+</p>
+</div>
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/a10'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/A10/debug.log b/introduction/templates/Lab/A10/debug.log
new file mode 100644
index 0000000..7e28b53
--- /dev/null
+++ b/introduction/templates/Lab/A10/debug.log
@@ -0,0 +1,317 @@
+INFO "GET /static/admin/css/dashboard.css HTTP/1.1" 304 0
+INFO "GET /static/admin/css/base.css HTTP/1.1" 304 0
+INFO "GET /static/admin/css/responsive.css HTTP/1.1" 304 0
+INFO "GET /static/admin/css/fonts.css HTTP/1.1" 304 0
+INFO "GET /static/admin/img/icon-addlink.svg HTTP/1.1" 304 0
+INFO "GET /static/admin/img/icon-changelink.svg HTTP/1.1" 304 0
+INFO "GET /static/admin/fonts/Roboto-Light-webfont.woff HTTP/1.1" 304 0
+INFO "GET /static/admin/fonts/Roboto-Regular-webfont.woff HTTP/1.1" 304 0
+INFO "GET /static/admin/fonts/Roboto-Bold-webfont.woff HTTP/1.1" 304 0
+INFO "GET /admin/logout/ HTTP/1.1" 200 1207
+INFO "GET /admin/logout/ HTTP/1.1" 302 0
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO "GET /admin/login/?next=/admin/ HTTP/1.1" 200 1913
+INFO "GET /static/admin/css/login.css HTTP/1.1" 304 0
+INFO Watching for file changes with StatReloader
+INFO "GET / HTTP/1.1" 200 8157
+INFO "GET /static/introduction/style4.css HTTP/1.1" 304 0
+WARNING Not Found: /favicon.ico
+WARNING "GET /favicon.ico HTTP/1.1" 404 9350
+INFO "GET /login HTTP/1.1" 301 0
+INFO "GET /login/ HTTP/1.1" 200 7978
+INFO "GET /a10_lab?username=Hacker&password=Hacker HTTP/1.1" 301 0
+INFO "GET /logout HTTP/1.1" 301 0
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /static/admin/css/base.css HTTP/1.1" 304 0
+INFO "GET /static/admin/css/responsive.css HTTP/1.1" 304 0
+INFO "GET /static/admin/css/fonts.css HTTP/1.1" 200 423
+INFO "GET /static/admin/fonts/Roboto-Regular-webfont.woff HTTP/1.1" 200 85876
+INFO "GET /static/admin/fonts/Roboto-Light-webfont.woff HTTP/1.1" 200 85692
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO "GET /admin/login/?next=/admin/ HTTP/1.1" 200 1913
+INFO "GET /static/admin/css/login.css HTTP/1.1" 200 1233
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /login/ HTTP/1.1" 200 7978
+INFO A:\wsl\Pygoat\pygoat\pygoat\pygoat\urls.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+ERROR Internal Server Error: /register
+Traceback (most recent call last):
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\core\handlers\exception.py", line 34, in inner
+    response = get_response(request)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\core\handlers\base.py", line 124, in _get_response
+    raise ValueError(
+ValueError: The view introduction.views.register didn't return an HttpResponse object. It returned None instead.
+ERROR "GET /register HTTP/1.1" 500 63038
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /register HTTP/1.1" 200 18
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /register HTTP/1.1" 200 9207
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /register HTTP/1.1" 200 9341
+INFO "POST /register HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 7978
+INFO "GET / HTTP/1.1" 200 8157
+INFO "GET /admin HTTP/1.1" 301 0
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO A:\wsl\Pygoat\pygoat\pygoat\pygoat\settings.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\pygoat\settings.py changed, reloading.
+INFO Watching for file changes with StatReloader
+ERROR Internal Server Error: /register
+Traceback (most recent call last):
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\backends\django.py", line 61, in render
+    return self.template.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 171, in render
+    return self._render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 163, in _render
+    return self.nodelist.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 936, in render
+    bit = node.render_annotated(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 903, in render_annotated
+    return self.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\loader_tags.py", line 150, in render
+    return compiled_parent._render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 163, in _render
+    return self.nodelist.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 936, in render
+    bit = node.render_annotated(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 903, in render_annotated
+    return self.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\loader_tags.py", line 62, in render
+    result = block.nodelist.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 936, in render
+    bit = node.render_annotated(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 903, in render_annotated
+    return self.render(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 986, in render
+    output = self.filter_expression.resolve(context)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\base.py", line 697, in resolve
+    new_obj = func(obj, *arg_vals)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\crispy_forms\templatetags\crispy_forms_filters.py", line 61, in as_crispy_form
+    template = uni_form_template(template_pack)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\crispy_forms\templatetags\crispy_forms_filters.py", line 22, in uni_form_template
+    return get_template("%s/uni_form.html" % template_pack)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\loader.py", line 19, in get_template
+    raise TemplateDoesNotExist(template_name, chain=chain)
+django.template.exceptions.TemplateDoesNotExist: boostrap4/uni_form.html
+
+The above exception was the direct cause of the following exception:
+
+Traceback (most recent call last):
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\core\handlers\exception.py", line 34, in inner
+    response = get_response(request)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\core\handlers\base.py", line 115, in _get_response
+    response = self.process_exception_by_middleware(e, request)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\core\handlers\base.py", line 113, in _get_response
+    response = wrapped_callback(request, *callback_args, **callback_kwargs)
+  File "A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py", line 32, in register
+    return render(request,"registration/register.html",{"form":form})
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\shortcuts.py", line 19, in render
+    content = loader.render_to_string(template_name, context, request, using=using)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\loader.py", line 62, in render_to_string
+    return template.render(context, request)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\backends\django.py", line 63, in render
+    reraise(exc, self.backend)
+  File "A:\wsl\Pygoat\venv\lib\site-packages\django\template\backends\django.py", line 84, in reraise
+    raise new from exc
+django.template.exceptions.TemplateDoesNotExist: boostrap4/uni_form.html
+ERROR "GET /register HTTP/1.1" 500 176529
+INFO A:\wsl\Pygoat\pygoat\pygoat\pygoat\settings.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /register HTTP/1.1" 200 9946
+INFO "GET /register HTTP/1.1" 200 9928
+INFO "GET /register HTTP/1.1" 200 9928
+INFO "GET /login HTTP/1.1" 301 0
+INFO "GET /login/ HTTP/1.1" 200 8931
+INFO "POST /login/ HTTP/1.1" 302 0
+WARNING Not Found: /accounts/profile/
+WARNING "GET /accounts/profile/ HTTP/1.1" 404 9497
+INFO "GET /login/ HTTP/1.1" 200 8931
+INFO "POST /login/ HTTP/1.1" 200 9120
+INFO "GET /login/ HTTP/1.1" 200 8993
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "GET /register HTTP/1.1" 200 9928
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /register HTTP/1.1" 200 9928
+INFO "GET / HTTP/1.1" 200 8157
+INFO "GET /logout HTTP/1.1" 301 0
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO "GET /admin/login/?next=/admin/ HTTP/1.1" 200 1913
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET / HTTP/1.1" 200 8303
+INFO "GET / HTTP/1.1" 200 8303
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET / HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "GET /register HTTP/1.1" 200 9928
+INFO "GET / HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "POST /login/ HTTP/1.1" 302 0
+WARNING Not Found: /accounts/profile/
+WARNING "GET /accounts/profile/ HTTP/1.1" 404 9497
+INFO A:\wsl\Pygoat\pygoat\pygoat\pygoat\settings.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "POST /login/ HTTP/1.1" 302 0
+WARNING Not Found: /home
+WARNING "GET /home HTTP/1.1" 404 9458
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "GET / HTTP/1.1" 200 8157
+INFO "GET / HTTP/1.1" 200 8157
+INFO "GET / HTTP/1.1" 200 8157
+INFO A:\wsl\Pygoat\pygoat\pygoat\pygoat\settings.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO "GET /admin/login/?next=/admin/ HTTP/1.1" 200 1913
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO "GET /admin/login/?next=/admin/ HTTP/1.1" 200 1913
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET / HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9004
+INFO "POST /login/ HTTP/1.1" 302 0
+INFO "GET / HTTP/1.1" 200 8157
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET /register HTTP/1.1" 200 9941
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /register HTTP/1.1" 200 9941
+INFO "POST /register HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "POST /login/ HTTP/1.1" 302 0
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET /admin/ HTTP/1.1" 302 0
+INFO "GET /admin/login/?next=/admin/ HTTP/1.1" 200 2069
+INFO "POST /admin/login/?next=/admin/ HTTP/1.1" 302 0
+INFO "GET /admin/ HTTP/1.1" 200 8514
+INFO "GET /admin/auth/user/ HTTP/1.1" 200 7858
+INFO "GET /admin/jsi18n/ HTTP/1.1" 200 3223
+INFO "GET /admin/jsi18n/ HTTP/1.1" 200 3223
+INFO "POST /admin/auth/user/ HTTP/1.1" 200 3468
+INFO "GET /static/admin/js/cancel.js HTTP/1.1" 200 409
+INFO "GET /static/admin/js/cancel.js HTTP/1.1" 200 409
+INFO "POST /admin/auth/user/ HTTP/1.1" 302 0
+INFO "GET /admin/auth/user/ HTTP/1.1" 200 7147
+INFO "GET /admin/jsi18n/ HTTP/1.1" 200 3223
+INFO "GET /admin/jsi18n/ HTTP/1.1" 200 3223
+INFO "GET /admin/auth/user/1/change/ HTTP/1.1" 200 15887
+INFO "GET /admin/jsi18n/ HTTP/1.1" 200 3223
+INFO "GET /admin/jsi18n/ HTTP/1.1" 200 3223
+INFO Watching for file changes with StatReloader
+INFO "GET / HTTP/1.1" 200 8170
+WARNING Not Found: /favicon.ico
+WARNING "GET /favicon.ico HTTP/1.1" 404 9479
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET / HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /bau HTTP/1.1" 200 13044
+INFO "GET /bau_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /register HTTP/1.1" 200 9941
+INFO "GET /sec_mis HTTP/1.1" 200 10652
+INFO "GET /sec_mis_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /a10 HTTP/1.1" 200 8674
+INFO "GET /a10_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9017
+INFO "GET /login/ HTTP/1.1" 200 9072
+INFO "GET / HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9072
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET /login/ HTTP/1.1" 200 9072
+INFO "GET / HTTP/1.1" 200 8170
+INFO "GET /cmd HTTP/1.1" 200 11401
+INFO "GET /cmd_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9072
+INFO "GET /register HTTP/1.1" 200 9941
+INFO "GET /sql HTTP/1.1" 200 11784
+INFO "GET /sql HTTP/1.1" 200 11876
+INFO "GET /sql HTTP/1.1" 200 11876
+INFO "GET /data_exp HTTP/1.1" 200 9800
+INFO "GET / HTTP/1.1" 200 8262
+INFO Watching for file changes with StatReloader
+INFO "GET / HTTP/1.1" 200 8262
+INFO "GET /register HTTP/1.1" 200 10033
+INFO "GET /login/ HTTP/1.1" 200 9164
+INFO "GET /xxe HTTP/1.1" 200 13098
+INFO "GET /xxe_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9164
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET / HTTP/1.1" 200 8255
+INFO A:\wsl\Pygoat\pygoat\pygoat\introduction\views.py changed, reloading.
+INFO Watching for file changes with StatReloader
+INFO "GET / HTTP/1.1" 200 8255
+INFO "GET /sql HTTP/1.1" 200 11869
+INFO "GET /sql_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "GET /register HTTP/1.1" 200 10026
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "GET /register HTTP/1.1" 200 10026
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "GET /register HTTP/1.1" 200 10026
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "GET /register HTTP/1.1" 200 10026
+INFO "GET /sql HTTP/1.1" 200 11869
+INFO "GET /sql_lab HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "POST /login/ HTTP/1.1" 200 9350
+INFO "GET /register HTTP/1.1" 200 10026
+INFO "POST /register HTTP/1.1" 302 0
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "POST /login/ HTTP/1.1" 302 0
+INFO "GET / HTTP/1.1" 200 8081
+INFO "GET /sql HTTP/1.1" 200 11695
+INFO "GET /bau HTTP/1.1" 200 12955
+INFO "GET /data_exp HTTP/1.1" 200 9619
+INFO "GET /xxe HTTP/1.1" 200 12917
+INFO "GET /ba HTTP/1.1" 200 10505
+INFO "GET /sec_mis HTTP/1.1" 200 10563
+INFO "GET /sql HTTP/1.1" 200 11695
+INFO "GET /bau HTTP/1.1" 200 12955
+INFO "GET /data_exp HTTP/1.1" 200 9619
+INFO "GET /sql HTTP/1.1" 200 11695
+INFO "GET /logout/ HTTP/1.1" 200 1207
+INFO "GET /sql HTTP/1.1" 200 11869
+INFO "GET /login/ HTTP/1.1" 200 9157
+INFO "POST /login/ HTTP/1.1" 302 0
+INFO "GET / HTTP/1.1" 200 8081
diff --git a/introduction/templates/Lab/A11/a11.html b/introduction/templates/Lab/A11/a11.html
new file mode 100644
index 0000000..075e9cd
--- /dev/null
+++ b/introduction/templates/Lab/A11/a11.html
@@ -0,0 +1,57 @@
+{% extends 'introduction/base.html' %} {% block content %} {% block title %}
+<title>Insecure Design</title>
+{% endblock %}
+<div class="content">
+  <h3>Insecure Design</h3>
+  <div class="box">
+    <h4>What is Insecure Design</h4>
+    <p class="bp">
+      Insecure design is a broad category representing different weaknesses,
+      expressed as “missing or ineffective control design.” Insecure design is
+      not the source for all other Top 10 risk categories. There is a difference
+      between insecure design and insecure implementation. We differentiate
+      between design flaws and implementation defects for a reason, they have
+      different root causes and remediation. A secure design can still have
+      implementation defects leading to vulnerabilities that may be exploited.
+      An insecure design cannot be fixed by a perfect implementation as by
+      definition, needed security controls were never created to defend against
+      specific attacks. One of the factors that contribute to insecure design is
+      the lack of business risk profiling inherent in the software or system
+      being developed, and thus the failure to determine what level of security
+      design is required.
+    </p>
+    <button class="coll btn btn-info">Lab Details</button>
+    <div class="lab">
+        <p class="bp">
+        This lab helps you to get an idea of how Insecure Design can result in major Security flaw.
+
+        In the next page,user can get 5 free tickets for a Movie. But he/she have to wait untill all the tickets are sold out.
+        For this particular situation, we can get advantage of the Insecure Design and somehow get all the tickets for the movie.
+
+        <ul><code>Hint</code></ul>
+        <ul> Logout and then think.</ul>
+        
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/insecure-design_lab'">Access
+            Lab</button></div>
+    </div>
+  <div>
+    <br>
+    <h4>Mitigation</h4>
+    <p class="bp">
+    <ul>
+      <li>Establish and use a secure development lifecycle with AppSec professionals to help evaluate and design security and privacy-related controls</li>
+      <li>Establish and use a library of secure design patterns or paved road ready to use components</li>
+      <li>Use threat modeling for critical authentication, access control, business logic, and key flows</li>
+      <li>Integrate security language and controls into user stories</li>
+      <li>Integrate plausibility checks at each tier of your application (from frontend to backend)</li>
+      <li>Write unit and integration tests to validate that all critical flows are resistant to the threat model. Compile use-cases and misuse-cases for each tier of your application.s</li>
+      <li>Segregate tier layers on the system and network layers depending on the exposure and protection needs</li>
+      <li>Segregate tenants robustly by design throughout all tiers</li>
+      <li>Limit resource consumption by user or service</li>
+    </ul>
+    </p>
+  </div>
+</div>
+
+{% endblock %}
diff --git a/introduction/templates/Lab/A11/a11_lab.html b/introduction/templates/Lab/A11/a11_lab.html
new file mode 100644
index 0000000..7e7543f
--- /dev/null
+++ b/introduction/templates/Lab/A11/a11_lab.html
@@ -0,0 +1,53 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Insecure Design Lab</title>
+{% endblock %}
+{% block header %}
+
+{% endblock %}
+<div style="display:flex; flex-direction: row-reverse; align-items:center; justify-content:space-evenly; align-content:center">
+    <div style="display:flex; flex-direction: column; align-items:center">    
+        <div class="jumbotron">
+            <h4 style="text-align:center">My Tickets </h4>
+            <div class="login" style="text-align:center">
+                {% for i in tickets %}
+                <div> {{i}} </div>
+                {% endfor %}
+            </div>
+        </div>
+    </div>
+    <div style="display:flex; flex-direction: column; align-items:center">
+        <div class="btn btn-info" style="text-align:center ,">
+            {{error}}
+        </div>
+        <br>
+        <div class="jumbotron">
+            <h4 style="text-align:center">Claim Upto 5 Free Tickits  </h4>
+            <div class="login" style="text-align:center">
+                <form method="post" action="/insecure-design_lab">
+                    {% csrf_token %}
+                    <input id="input" type="number" name="count" placeholder="0"><br>
+                    <button style="margin-top:20px" class="btn btn-info" type="submit"> Claim </button>
+                </form>
+            </div>
+        </div>
+        <br>
+        <div class="jumbotron">
+            <h4 style="text-align:center"> Watch Movie </h4>
+            <div class="login" style="text-align:center">
+                <form method="post" action="/insecure-design_lab">
+                    {% csrf_token %}
+                    <input id="input" type="text" name="ticket" placeholder="Tickit"><br>
+                    <button style="margin-top:20px" class="btn btn-info" type="submit"> Watch </button>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/insecure-design'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
diff --git a/introduction/templates/Lab/A9/a9.html b/introduction/templates/Lab/A9/a9.html
new file mode 100644
index 0000000..840fedc
--- /dev/null
+++ b/introduction/templates/Lab/A9/a9.html
@@ -0,0 +1,94 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Using Components with Known Vulnerabilities</title>
+{% endblock %}
+<div class="content">
+    <h3>Using Components with Known Vulnerabilities</h3>
+    <div class="box">
+
+        <h4>What does Using Components with Know Vulnerability means?</h4>
+        <p class="bp"> When a developer uses a piece of code or library which already has a known vulnerability, then
+            this may result in compromise of the entire application. This occurs when the components such as libraries
+            and frameworks used within the app mostly execute with full privileges. If a vulnerable component is
+            exploited, it makes the hacker’s job easier to cause a serious data loss or server takeover.
+
+        </p>
+        </p>
+        <button class="coll btn btn-info">Lab 1 Details</button>
+        <div class="lab">
+            <p class="bp">
+                This lab helps us to understand why components with known vulnerabilities can be a serious issue.
+                <br>
+                The user on accessing the lab is provided with a feature to convert yaml files into json objects.
+                A yaml file needs to be chosen and uploaded to get the json data.
+                There is also a get version feature which tells the user the version of the library the app uses.
+
+                <b>Exploiting the vulnerability.</b>
+            <ul>
+                <li>The app uses <code>pyyaml 5.1</code> Which is vulnerable to code execution.</li>
+                <li>You can google the library with the version to get the poc and vulnerability details</li>
+                <li>Libraries known for the infamous code injection vulnerabilities are PyYAML 5.4 and Log4J </li>
+                <li> Create An yaml file with this payload:</li>
+                <code>!!python/object/apply:subprocess.Popen<br>
+                - ls
+            </code>
+                <li> On Uploading this file the user should be able to see the output of the command executed in the
+                    Terminal running Django.</li>
+
+            </ul>
+
+            </p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/a9_lab'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <button class="coll btn btn-info">Lab 2 Details</button>
+        <div class="lab">
+            <p class="bp">
+                This lab helps us to understand why components with known vulnerabilities can be a serious issue.
+                <br>
+                This is website for some image manupulation.    
+
+                <b>Exploiting the vulnerability.</b>
+                <ul>
+                    <li>The app uses <code>Pillow 8.0.0</code> Which is vulnerable to code execution.</li>
+                    <li>You can google the library with the version to get the poc and vulnerability details</li>
+                </ul>
+
+            </p>
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/a9_lab2'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <br>
+        <h4>Mitigation</h4>
+        <p class="bp">
+        <ul>
+            <li>Remove unused dependencies, unnecessary features, components, files, and documentation.</li>
+            <li>Only obtain components from official sources over secure links. Prefer signed packages to reduce the
+                chance of including a modified, malicious component.</li>
+            <li>Monitor for libraries and components that are unmaintained or do not create security patches for older
+                versions. If patching is not possible, consider deploying a virtual patch to monitor, detect, or protect
+                against the discovered issue.</li>
+            <li>Use Library scanners to test for Vulnerabilities in packages.</li>
+
+
+
+        </ul>
+        </p>
+
+
+
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/A9/a9_lab.html b/introduction/templates/Lab/A9/a9_lab.html
new file mode 100644
index 0000000..5a70b46
--- /dev/null
+++ b/introduction/templates/Lab/A9/a9_lab.html
@@ -0,0 +1,37 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>A9</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Yaml To Json Converter</h4>
+    <form enctype="multipart/form-data" method="post" action="/a9_lab">
+        <input type="file" name="file"><br>
+        <br>
+        <button class="btn btn-info" type="submit">Upload</button>
+    </form>
+</div> <br>
+<br>
+<div class="container">
+    {% if data %}
+    <h5>Here is your output:</h5><br>
+    <pre>{{data}}</pre><br>
+    <b>Check Django Terminal for Command's output</b>
+    {% endif %}
+</div>
+<br>
+<div class="container">
+    <button class="btn btn-info" onclick="window.location.href='/get_version'">Get
+        Version</button><code>{{version}}</code>
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/a9'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/A9/a9_lab2.html b/introduction/templates/Lab/A9/a9_lab2.html
new file mode 100644
index 0000000..cace076
--- /dev/null
+++ b/introduction/templates/Lab/A9/a9_lab2.html
@@ -0,0 +1,96 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>A9</title>
+{% endblock %}
+
+<div class="container">
+    <h3> In this page you can upload a image and apply different math equation on it's rgb layer</h3><br><br>
+    <h4>Varriable reffernence</h4>
+    <code>img --> actual image file | r --> red chennel | g --> green chennel</code>
+    <code>b --> blue chennel | g --> green chennel</code><br><br>
+
+    <h4>Some Example</h4>
+    <ul>
+        <li>convert(r, '1')</li>
+        <li>convert(r+g+b, 'L')</li>
+        <li>convert(r-g, '1')</li>
+    </ul>
+    
+    <form enctype="multipart/form-data" id="a9_form2" method="POST" style="display: flex;flex-direction: column;align-items: center;margin-bottom: 50px;">
+        <input type="file" name="file" id="a9_file" />
+        <input type="text" name="function" id="a9_function" placeholder="function"/>
+        <button type="submit" id="a9_submit" >Submit</button>
+    </form><br><br>
+
+    {% if success %}
+    <div id="img_container" style="margin-bottom : 50px">
+        <img src='data:image/jpeg;base64,{{img_str_ref}}' style="width: 48%"/>
+        <img src='data:image/jpeg;base64,{{img_str}}' style="width: 48%"/>
+    </div>
+    {% endif %}
+
+    </div>
+
+    <button class="coll2 btn btn-info" style= "position : fixed ; right :330px; bottom : 7px">Hint</button>
+    <div class="lab code">
+        This lab uses pillow==8.0.0 package, google for vulnerability 
+    </div>
+
+    <button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+
+    <div class="lab code">
+    <code>   
+        def a9_lab2(request):<br>
+        &emsp;if not request.user.is_authenticated:<br>
+        &emsp;&emsp;return redirect('login')<br>
+        &emsp;<br>
+        &emsp;if request.method == "GET":<br>
+        &emsp;&emsp;return render (request,"Lab/A9/a9_lab2.html")<br>
+        &emsp;elif request.method == "POST":<br>
+        &emsp;&emsp;try :<br>
+        &emsp;&emsp;&emsp;file=request.FILES["file"]<br>
+        &emsp;&emsp;&emsp;function_str = request.POST.get("function")<br>
+        &emsp;&emsp;&emsp;img  = Image.open(file)<br>
+        &emsp;&emsp;&emsp;img = img.convert("RGB")<br>
+        &emsp;&emsp;&emsp;r,g,b  = img.split()<br>
+        &emsp;&emsp;&emsp;output = ImageMath.eval(function_str,img = img, b=b, r=r, g=g)<br>
+        
+        &emsp;&emsp;&emsp;# saving the image <br>
+        &emsp;&emsp;&emsp;buffered = BytesIO()<br>
+        &emsp;&emsp;&emsp;output.save(buffered, format="JPEG")<br>
+        &emsp;&emsp;&emsp;img_str = base64.b64encode(buffered.getvalue()).decode("utf-8")<br>
+        
+        &emsp;&emsp;&emsp;bufferd_ref = BytesIO()<br>
+        &emsp;&emsp;&emsp;img.save(bufferd_ref, format="JPEG")<br>
+        &emsp;&emsp;&emsp;img_str_ref = base64.b64encode(bufferd_ref.getvalue()).decode("utf-8")<br>
+        &emsp;&emsp;&emsp;try :<br>
+        &emsp;&emsp;&emsp;&emsp;return render(request,"Lab/A9/a9_lab2.html",{"img_str": img_str,"img_str_ref":img_str_ref, "success": True})<br>
+        &emsp;&emsp;&emsp;except Exception as e:<br>
+        &emsp;&emsp;&emsp;&emsp;print(e)<br>
+        &emsp;&emsp;&emsp;&emsp;return render(request, "Lab/A9/a9_lab2.html", {"data": "Error", "error": True})<br>
+        &emsp;&emsp;except Exception as e:<br>
+        &emsp;&emsp;&emsp;print(e)<br>
+        &emsp;&emsp;&emsp;return render(request, "Lab/A9/a9_lab2.html", {"data":"Please Upload a file", "error":True})<br>
+    </code>
+        
+    </div>
+    <div>
+
+    <div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/a9'">Back to Lab
+        Details</button></div>
+
+<script>
+    function submite_form(){
+        console.log("Submited")
+        var form = document.getElementById('a9_form2');
+        form.submit();
+    }
+    {% if error %}
+    alert("{{ data }}");
+    {% endif %}
+
+</script>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/AUTH/auth_home.html b/introduction/templates/Lab/AUTH/auth_home.html
new file mode 100644
index 0000000..28422e3
--- /dev/null
+++ b/introduction/templates/Lab/AUTH/auth_home.html
@@ -0,0 +1,54 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Broken Authentication</title>
+{% endblock %}
+<div class="content">
+  <h3>Description</h3>
+  <div class="box">
+
+    <h4>What is Broken Authentication<h4>
+        <p class="bp">
+          Broken authentication is an umbrella term for several vulnerabilities that attackers exploit to impersonate
+          legitimate users online. Broadly, broken authentication refers to weaknesses in two areas: session management
+          and credential management. Both are classified as broken authentication because attackers can use either
+          avenue to masquerade as a user: hijacked session IDs or stolen login credentials.
+          <br>
+        <h4>Broken Authentication errors occur when:</h4>
+        <ul>
+          <li> Permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames
+            and passwords.</li>
+          <li> Permits brute force or other automated attacks.</li>
+          <li> Permits default, weak, or well-known passwords, such as “Password1” or “admin/admin“.</li>
+          <li> Uses weak or ineffective credential recovery and forgot-password processes, such as “knowledge-based
+            answers”, which cannot be made safe.</li>
+          <li> Uses plain text, encrypted, or weakly hashed passwords.</li>
+          <li> Has missing or ineffective multi-factor authentication.</li>
+          <li> Exposes Session IDs in the URL (e.g., URL rewriting).</li>
+          <li> Does not rotate Session IDs after successful login.</li>
+          <li> Does not properly invalidate Session IDs. User sessions or authentication tokens (particularly single
+            sign-on (SSO) tokens) aren’t properly invalidated during logout or a period of inactivity.</li>
+        </ul>
+        <br>
+        <h4>The main consequences are:
+          <ul>
+            <li>Unauthorized users can acess the system.</li>
+            <li>User information is leaked</li>
+          </ul>
+
+          <br>
+          <div align="right"> <button class="btn btn-info" type="button"
+              onclick="window.location.href='/auth_lab'">Access Lab</button></div>
+          </p>
+  </div>
+  <h4>Mitigation<h4>
+      <p class="bp">Try thinking about cookies and how they can expose secrets !!!!</p>
+
+
+
+</div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/AUTH/auth_lab.html b/introduction/templates/Lab/AUTH/auth_lab.html
new file mode 100644
index 0000000..7bde3b8
--- /dev/null
+++ b/introduction/templates/Lab/AUTH/auth_lab.html
@@ -0,0 +1,20 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>BROKEN AUTH LAB</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Can You Log in as other user?</h4>
+    <div class="login" style="text-align:center">
+        <button style="margin-top:20px" class="btn btn-info" onclick="location.href = '/auth_lab/signup'"> Sign
+            up</button>
+        <button style="margin-top:20px" class="btn btn-info" onclick="location.href = '/auth_lab/login'"> Log
+            in</button>
+    </div>
+</div>
+<br>
+<i>
+    <pre>{{ err_msg }}</pre>
+</i>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/AUTH/auth_lab_login.html b/introduction/templates/Lab/AUTH/auth_lab_login.html
new file mode 100644
index 0000000..6b57460
--- /dev/null
+++ b/introduction/templates/Lab/AUTH/auth_lab_login.html
@@ -0,0 +1,23 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>BROKEN AUTH LAB</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <div class="login" style="text-align:center">
+        <form method="post" action="/auth_lab/login">
+            {% csrf_token %}
+            <input id="input" type="text" name="username" placeholder="User Name" required><br>
+            <input id="input" type="password" name="pass" placeholder="Password" required><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Login</button>
+        </form>
+    </div>
+    <br>
+    <div style="text-align:center">
+        <button onclick="window.location.href='/auth_lab'" class="btn btn-info">Lab Home</button>
+    </div>
+</div>
+
+<i>{{ err_msg }}</i>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/AUTH/auth_lab_signup.html b/introduction/templates/Lab/AUTH/auth_lab_signup.html
new file mode 100644
index 0000000..b9de6c9
--- /dev/null
+++ b/introduction/templates/Lab/AUTH/auth_lab_signup.html
@@ -0,0 +1,25 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>BROKEN AUTH LAB</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <div class="login" style="text-align:center">
+        <form method="post" action="/auth_lab/signup">
+            {% csrf_token %}
+            <input id="input" type="text" name="name" placeholder="Name" required><br>
+            <input id="input" type="text" name="username" placeholder="User Name" required><br>
+            <input id="input" type="password" name="pass" placeholder="Password" required><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Sign Up</button>
+        </form>
+    </div>
+    <br>
+    <div style="text-align:center">
+        <button onclick="window.location.href='/auth_lab'" class="btn btn-info">Lab Home</button>
+    </div>
+</div>
+
+<i>{{ err_msg }}</i>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/AUTH/auth_success.html b/introduction/templates/Lab/AUTH/auth_success.html
new file mode 100644
index 0000000..2f19e7f
--- /dev/null
+++ b/introduction/templates/Lab/AUTH/auth_success.html
@@ -0,0 +1,24 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>BROKEN AUTH LAB</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Your Information</h4>
+    <div class="login" style="text-align:center">
+        Username : {{username}}
+        <br>
+        Name : {{name}}
+        <br>
+        UserId : {{userid}}
+    </div>
+    <br>
+    <div style="text-align:center">
+        <button onclick="window.location.href='/auth_lab/logout'" class="btn btn-info">Logout</button>
+    </div>
+</div>
+<i>
+    <pre>{{err_msg}}</pre>
+</i>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/BrokenAccess/ba.html b/introduction/templates/Lab/BrokenAccess/ba.html
new file mode 100644
index 0000000..5f0dc37
--- /dev/null
+++ b/introduction/templates/Lab/BrokenAccess/ba.html
@@ -0,0 +1,66 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Broken Access Control</title>
+{% endblock %}
+<div class="content">
+    <h3>Broken Access Control</h3>
+    <div class="box">
+
+        <h4>What is Broken Access Control</h4>
+        <p class="bp"> Access control, sometimes called authorization, is how a web application grants access to content
+            and functions to some users and not others. These checks are performed after authentication, and govern what
+            ‘authorized’ users are allowed to do. A web application’s access control model is closely tied to the
+            content and functions that the site provides. In addition, the users may fall into a number of groups or
+            roles with different abilities or privileges.
+
+        </p>
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+            <p class="bp">
+                This lab helps us to understand one of the authentication flaws which leads to an attacker gaining
+                unauthorized control of an account.
+                On accessing the lab the user is provided with a simple login in page which requires a username and
+                password.
+                <br>The credentials for the user Jack is <b><code>jack:jacktheripper</code></b>.
+                <br>Use the above info to log in.<br>
+                The main aim of this lab is to login with admin privileges to get the secret key.
+
+                <br><br><b>Exploiting the Broken Access</b>
+            <ul>
+                <li>Every time a valid user logs in,the user session is set with a cookie called <code>admin</code>
+                </li>
+                <li>When you notice the cookie value when logged in as <code>jack</code> it is set to 0</li>
+                <li>Use BurpSuite to intercept the request change the value of the admin cookie from 0 to 1</li>
+                <li>This should log you in as a admin user and display the secret key</li>
+
+            </ul>
+            </p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/ba_lab'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <h4>Mitigation</h4>
+        <p class="bp">
+        <ul>
+            <li>Using proper Session management techniques</li>
+            <li>Using Tokens such as JWT to authorize the users.</li>
+            <li>Unless a resource is intended to be publicly accessible, deny access by default</li>
+            <li>Thoroughly audit and test access controls to ensure they are working as designed</li>
+
+        </ul>
+        </p>
+
+
+
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/BrokenAccess/ba_lab.html b/introduction/templates/Lab/BrokenAccess/ba_lab.html
new file mode 100644
index 0000000..d45da9b
--- /dev/null
+++ b/introduction/templates/Lab/BrokenAccess/ba_lab.html
@@ -0,0 +1,46 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Broken Access Control.</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Admins Have the Secretkey</h4>
+    <div class="login">
+        <form method="post" action="/ba_lab">
+
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+</div>
+<div class="container">
+    {% if username %}
+    <h2>Logged in as user: <code>{{username}}</code></h2>
+    {% endif %}
+
+    {% if data %}
+    <h2>Your Secret Key is <code>{{data}}</code></h2>
+    {% endif %}
+
+    {% if not_admin %}
+    <h2><code>{{not_admin}}</code></h2>
+    {% endif %}
+
+    {% if no_creds %}
+    <h2>Please Provide Credentials</h2>
+    {% endif %}
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/ba'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/BrokenAuth/bau.html b/introduction/templates/Lab/BrokenAuth/bau.html
new file mode 100644
index 0000000..9d5af43
--- /dev/null
+++ b/introduction/templates/Lab/BrokenAuth/bau.html
@@ -0,0 +1,104 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Command Injection</title>
+{% endblock %}
+<div class="content">
+    <h3>Broken Authentication</h3>
+    <div class="box">
+
+        <h4>What is Broken Authentication</h4>
+        <p class="bp">Broken authentication is an umbrella term for several vulnerabilities that attackers exploit to
+            impersonate legitimate users online. Broadly, broken authentication refers to weaknesses in two areas:
+            session management and credential management. Both are classified as broken authentication because attackers
+            can use either avenue to masquerade as a user: hijacked session IDs or stolen login credentials.
+
+            Attackers employ a wide variety of strategies to take advantage of these weaknesses, ranging from huge
+            credential stuffing attacks to highly targeted schemes aimed at gaining access to a specific person’s
+            credentials.
+        </p>
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+
+
+            <p class="bp">
+                The lab consists of a login page, which request users for their username and password.
+                If you don't know the password ,there is also a feature for login with otp!
+                When the users clicks the <code>login with otp</code> feature, user is directed to a page, which asks
+                users email id to send the otp.
+                When the user provides an email id , you can see that the 3 digit opt is sent back to the page itself.
+                This is not the general scenario , usually the code is sent to the registered email of the user.
+                <br>The user on receiving the 3 digit code can now enter the code in the input box that says
+                <code>Enter your OTP</code>
+                On entering the valid OTP the user gets a page which says <code>Login Successful as user : email</code>
+                .
+                If the Otp is wrong then the user gets a message saying <code>Invalid OTP</code>
+            </p>
+
+
+            <b>The Bug</b>
+
+            <p class="bp">
+                The main aim of this lab is to login as admin, for that you are gonna exploit the lack of <i>rate
+                    limiting</i> feature in the otp verification flow.
+                You can see that the otp is only of 3 digit(for demo purposes) and the application doesnt have any
+                <code>captcha</code> (To disallow any automated scripts or bots) or any restrictionds on the number of
+                tries for the otp.
+            </p>
+
+            <p class="bp">Now to send the otp to the admin's mail you need to figure out the admins mail id.
+                Luckily the admin has left his email id for the developers in the page source.
+                Admins email id <code>admin@pygoat.com</code>
+                After entering this email in the send otp input box and hit send, you can see that the page says that
+                otp has been sent to the email id of the admin.
+                In order to exploit the lack of rate limiting , we can try to <code>Brute-force</code> the 3 digit otp.
+            </p>
+
+            <p class="bp">
+                Steps to Brute force:
+            <ul>
+                <li>Open Burpsuite and configure your browser to intercept the web trafic, but dont turn intercept on.
+                </li>
+                <li>Send the otp to the admins mail id with the help of send otp feature.</li>
+                <li>In the enter the otp box enter a random 3 digit number.</li>
+                <li>Before your press login , turn intercept on on Burp suite and then press log in</li>
+                <li>Now you can see that the traffic is captured in Burpsuite.</li>
+                <li>Now use the send to intruder feature and send this request to the intruder.</li>
+                <li>Set the position of the payload to the <code>otp=</code> parameter.</li>
+                <li>Go to the payloads session and choose the payload type to number list</li>
+                <li> Fill the range to 100 to 999 with step 1.</li>
+                <li>Now click attack and you can see that the burp suite tries different combinations of otp and
+                    collects it response.</li>
+                <li>You can figure out if it has guessed the correct opt by seeing the difference in length of the
+                    response for each request.</li>
+                <li>The correct otp will have a small response length .</li>
+            </ul>
+            </p>
+
+            <p class="bp">Using this otp you will be able to login into admins account.</p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/bau_lab'">Access Lab</button></div>
+
+            </p>
+        </div><br>
+        <br>
+        <h4>Mitigation</h4>
+        <p class="bp">
+            This type of authentication flaw can be mitigated by:
+        <ul>
+            <li>Using captcha</li>
+            <li>Rate Limiting by reducing the number of tries for a particular user, based on session or ip</li>
+            <li>Blocking multiple request form the same IP</li>
+        </ul>
+        </p>
+
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/BrokenAuth/bau_lab.html b/introduction/templates/Lab/BrokenAuth/bau_lab.html
new file mode 100644
index 0000000..c92736b
--- /dev/null
+++ b/introduction/templates/Lab/BrokenAuth/bau_lab.html
@@ -0,0 +1,36 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>Broken Authentication Lab</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center">Login as Admin</h4>
+    <div class="login">
+        <form method="post" action="/bau_lab">
+            {% csrf_token %}
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br><br>
+            <a href="/login_otp"><u>Login With OTP</u></a><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+</div>
+
+<div class="container">
+    {% if wrongpass %}
+    <h4>Wrong Password Try Using Login With OTP</h4>
+    {% endif %}
+
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/bau'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/BrokenAuth/otp.html b/introduction/templates/Lab/BrokenAuth/otp.html
new file mode 100644
index 0000000..3d12cda
--- /dev/null
+++ b/introduction/templates/Lab/BrokenAuth/otp.html
@@ -0,0 +1,37 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>Broken Authentication Lab</title>
+{% endblock %}
+<div class="jumbotron">
+    <div class="container">
+        <h5 align="center">Login Through Otp</h5><br>
+        <form method="get" action="/otp">
+            <input name="email" type="email" placeholder="yourid@mail.com">
+            <button class="btn btn-info" type="submit"> Send OTP</button>
+
+        </form>
+
+    </div>
+</div>
+<div class="container">
+    <form method="post" action="/otp">
+        <label for='enter'>Enter Your OTP:</label>
+        <input id="enter" type="number" maxlength="3" name="otp"><br><br>
+        <button class="btn btn-info" type="submit">Log in</button>
+    </form>
+</div><br>
+<div class="container">
+    {% if otp %}
+    <h3 align="center">Your 3 Digit Verification Code:<code>{{otp}}</code></h3>
+    {% endif %}
+
+    {% if email %}
+    <h3 align="center">Login Successful as user : <code>{{email}}</code></h3>
+    {% endif %}
+
+
+
+</div>
+<!-- In case any issue with the code please mail the administrator through this mail id : "admin@pygoat.com" -->
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/CMD/cmd.html b/introduction/templates/Lab/CMD/cmd.html
new file mode 100644
index 0000000..43886a3
--- /dev/null
+++ b/introduction/templates/Lab/CMD/cmd.html
@@ -0,0 +1,104 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Command Injection</title>
+{% endblock %}
+<div class="content">
+    <h3>Command Injection</h3>
+    <div class="box">
+
+        <h4>What is Command Injection</h4>
+        <p class="bp"> Command injection is an attack where the goal is execution of arbitrary commands on the host
+            operating system via a vulnerable application. Command injection attacks are possible when an application
+            passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the
+            attacker-supplied operating system commands are usually executed with the privileges of the vulnerable
+            application. Command injection attacks are possible largely due to insufficient input validation.
+        </p>
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+                This lab helps us to understand how command injection is exploitable in scenarios where inputs are sent
+                to exec,eval,sys etc.
+
+                <br>
+
+                The user on accessing the lab is provided with a feature to perform a name server lookup on the given
+                domain.
+                A domain name has to be provided after which the server would perform a ns lookup and return back to the
+                client.
+                If the user is running the lab, based on the OS they can select Windows or Linux.
+
+                <br>
+
+                <br><b>Exploiting the Bug </b>
+            <ol>
+                <li>Method 1</li>
+                <ul>
+                    <li>The user can cause the server to execute commands ,because of the lack of input validation.</li>
+                    <li>The user can give a domain say <code>domain && [any cmd]</code></li>
+                    <li>In This case lets give <code>google.com && dir</code> and choose windows.</li>
+                    <li>This should give you the output for both ns lookup as well as for the <code>dir</code></li>
+                </ul>
+                <li>Method 2</li>
+                <ul>
+                    <li>The user can give a domain say <code>domain; [any cmd]</code></li>
+                    <li>In This case lets give <code>google.com; dir</code> and choose windows.</li>
+                    <li>This should give you the output for both ns lookup as well as for the <code>dir</code></li>
+                </ul>
+            </ol>
+            <br>
+            <b>Understanding the cause</b><br>
+            <p class="bp">
+                Lets first see how the name server lookup is performed
+                <br>
+                <code>  command="nslookup {}".format(domain)</code>
+                <br>
+                Here the domain is the user input domain. This command variable is then sent to exec function and the
+                output is displayed.
+                If the user inputs google.com the command variable will hold <code>nslookup google.com</code>.
+
+                <br><br>
+                <b>How CMD injection works</b>
+                Method 1
+                Now when the user enters <code>google.com && dir</code> The command variable will hold
+                <code>nslookup google.com && dir</code>.
+                The <code>&&</code> means <code>and</code>.<br>The system will execute <code>nslookup google.com</code>
+                first and then <code>dir</code><br>
+
+                Method 2
+                When the user enters <code>google.com ; dir</code> The command variable will hold
+                <code>nslookup google.com ; dir</code>.
+                The <code>;</code> implies the completion of the command before it, in this case the nslookup
+                command.<br>The system will execute <code>nslookup google.com</code> first and then <code>dir</code><br>
+
+            </p>
+
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/cmd_lab'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <br>
+        <h4>Mitigation</h4><br>
+        <p class="bp">
+        <ul>
+            <li>Input validation </li>
+            <li>Parameterization of user input</li>
+            <Li>Do not call os commands directly.</Li>
+            <li>Validating against a whitelist of permitted values.</li>
+
+
+        </ul>
+        </p>
+
+
+
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/CMD/cmd_lab.html b/introduction/templates/Lab/CMD/cmd_lab.html
new file mode 100644
index 0000000..2998cd3
--- /dev/null
+++ b/introduction/templates/Lab/CMD/cmd_lab.html
@@ -0,0 +1,36 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>Command Injection</title>
+{% endblock %}
+<div class="jumbotron">
+    <div class="container">
+        <h3 align="center">Name Server Lookup </h3>
+        <form method="post" action="/cmd_lab">
+            <input type="text" name="domain" placeholder="Enter Domain Here"><br><br>
+            <input type="radio" id="linux" name="os" value="linux">
+            <label for="linux">Linux</label>
+            <input type="radio" id="windows" name="os" value="win">
+            <label for="windows">Windows</label><br>
+            <button class="btn btn-info" type="submit" style="align:right">GO</button>
+        </form>
+    </div>
+</div>
+<div class="container">
+    {% if output %}
+    <h6><b>Output</b></h6><br>
+    <b>
+        <pre>{{output}}</pre>
+    </b>
+    {% endif %}
+</div>
+
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/cmd'">Back to lab
+        details</button></div>
+
+</p>
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/DataExp/data_exp.html b/introduction/templates/Lab/DataExp/data_exp.html
new file mode 100644
index 0000000..8dc0ccc
--- /dev/null
+++ b/introduction/templates/Lab/DataExp/data_exp.html
@@ -0,0 +1,49 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Sensitive Data Exposure</title>
+{% endblock %}
+<div class="content">
+  <h3>Senstive Data Exposure</h3>
+  <div class="box">
+
+    <h4>What is Sensitive Data Exposure</h4>
+    <p class="bp">
+      Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive
+      information to its users. Depending on the context, websites may leak all kinds of information to a potential
+      attacker, including:
+    <ul>
+      <li>Data about other users, such as usernames or financial information</li>
+      <li>Sensitive commercial or business data</li>
+      <li>Technical details about the website and its infrastructure</li>
+    </ul>
+    </p>
+    <button class="coll btn btn-info">Lab Details</button>
+    <div class="lab">
+      <p class="bp">
+        One of the features of having DEBUG=True is dumping lots of metadata from your environment, including the whole
+        settings.py configurations, when a exception occurs.
+      </p>
+
+      <br>
+      <div align="right"> <button class="btn btn-info" type="button"
+          onclick="window.location.href='/data_exp_lab'">Access Lab</button></div>
+    </div>
+    <h4>Mitigation</h4>
+    <p class="bp">Even though you will never be using DEBUG=True, you need extra care when naming the configurations in
+      the settings.py module. Make sure all sensitive variables use one of the keywords:
+    <ul>
+      <li>API</li>
+      <li>KEY</li>
+      <li>PASS</li>
+      <li>SECRET</li>
+      <li>SIGNATURE</li>
+      <li>TOKEN</li>
+    </ul>
+    </p>
+  </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/DataExp/data_exp_lab.html b/introduction/templates/Lab/DataExp/data_exp_lab.html
new file mode 100644
index 0000000..1e8e0c8
--- /dev/null
+++ b/introduction/templates/Lab/DataExp/data_exp_lab.html
@@ -0,0 +1,21 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Sensitive Data Exposure</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center">Sensitive Data Exposure</h4>
+</div>
+<div class="container">
+    Can you find a page to trigger 500 error? Can you find 'SENSITIVE_DATA'?
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/data_exp'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/DataExp/robots.txt b/introduction/templates/Lab/DataExp/robots.txt
new file mode 100644
index 0000000..507e78f
--- /dev/null
+++ b/introduction/templates/Lab/DataExp/robots.txt
@@ -0,0 +1,3 @@
+User-Agent: *
+
+Disallow: /500error
\ No newline at end of file
diff --git a/introduction/templates/Lab/SQL/sql.html b/introduction/templates/Lab/SQL/sql.html
new file mode 100644
index 0000000..e486ab3
--- /dev/null
+++ b/introduction/templates/Lab/SQL/sql.html
@@ -0,0 +1,100 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>SQL Injection</title>
+{% endblock %}
+<div class="content">
+    <h3>Sql Injection</h3>
+    <div class="box">
+
+        <h4>What is SQL Injection</h4>
+        <p class="bp"> A SQL injection attack consists of insertion or “injection” of a SQL query via the input data
+            from the client to the application. A successful SQL injection exploit can read sensitive data from the
+            database, modify database data (Insert/Update/Delete), execute administration operations on the database
+            (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some
+            cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which
+            SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.
+
+        </p>
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+
+                SQL injection errors occur when:
+
+                Data enters a program from an untrusted source.
+                The data used to dynamically construct a SQL query
+                The main consequences are:
+
+            <p class="bp">
+                This lab helps you to exploit the common type of sql injection vulnerability, caused due to the lack of
+                input validation and directly exposing input into the query.<br>
+
+                The user on accessing the lab is given a log in page . The user has to try to login in as admin.
+                SQL Injection vulnerability can be identified by injecting a <i>'</i> in any of the fields. If it
+                results in an SQL error, SQL injection vulnerability is identified
+                <br>
+
+                <b>Exploiting SQL Injection Vulnerability</b>
+            <ul>
+                <li>Enter the user name as admin</li>
+                <li>Enter the password as <code>anything' OR '1' ='1</code></li>
+                <li>This should log you in as admin, without knowing the admins password.</li>
+            </ul><br>
+            <b>Understanding the Exploit</b><br>
+            <br>
+            <p class="bp">
+                The website logs a user in by checking the entered username and password against the ones stored in the
+                database. If they match, the user is logged in.
+                Lets first analyse the sql query used to compare the username and password in the database.
+                <br><code>"SELECT * FROM introduction_login WHERE user='"+name+"'AND password='"+password+"'"</code><br>
+                The name and password parameters are the ones you give as input, which is directly inserted into the
+                query.<br>
+
+                <br><b>Why the error?</b><br><br>
+
+                When we inserted a <i>'</i> in the input it threw an error , this is because the sql query was not
+                balanced and it threw an error.
+                <br><code>SELECT * FROM introduction_login WHERE user='admin' AND password='''</code><br>
+                The query quotes in the password field are unbalanced, this can be balanced by adding another quote to
+                it.
+
+                <br><br>Lets just plug our payload into the query and see what it looks like.
+                <br><code>SELECT * FROM introduction_login WHERE user='admin' AND password='<b>anything' OR '1' ='1</b>'</code><br>
+
+                Now the query means select username = admin where password is <code>anything OR '1'='1'</code> . <br>
+                <code>'1'='1'</code> will always result in TRUE and the query fetches the user with name admin and
+                password=TRUE.
+
+                <br>Thus allowing us to login in as admin.
+
+            </p>
+            </p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/sql_lab'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <br>
+        <h4>Mitigation</h4>
+        <p class="bp">
+        <ul>
+            <li> Use of Prepared Statements (with Parameterized Queries)</li>
+            <li> Use of Stored Procedures</li>
+            <li> Allow-list Input Validation</li>
+            <li> Escaping All User Supplied Input.</li>
+        </ul>
+
+        </p>
+
+
+
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/SQL/sql_lab.html b/introduction/templates/Lab/SQL/sql_lab.html
new file mode 100644
index 0000000..43af47a
--- /dev/null
+++ b/introduction/templates/Lab/SQL/sql_lab.html
@@ -0,0 +1,48 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>SQL LAB</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Can You Log in as Admin</h4>
+    <div class="login">
+        <form method="post" action="/sql_lab">
+            {% csrf_token %}
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+</div>
+
+<div class="container">
+    {% if user1 %}
+    <h4>Logged in as:
+        <pre>{{user1}}</pre>
+    </h4>
+
+    {% elif wrongpass %}
+    <h4> The password you have entered doesnt match the username!</h4>
+    <h4> The SQL query being submitted is
+        <pre>{{ sql_error }}</pre>
+    </h4>
+
+    {% elif no %}
+    <h4>User Not Found </h4>
+    {% else %}
+
+    {% endif %}
+
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/sql'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/XSS/xss.html b/introduction/templates/Lab/XSS/xss.html
new file mode 100644
index 0000000..6a602af
--- /dev/null
+++ b/introduction/templates/Lab/XSS/xss.html
@@ -0,0 +1,170 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+
+<div class="content">
+    <h3>Cross Site Scripting</h3>
+    <div class="box">
+
+        <h4>What is Cross Site Scripting or XSS?</h4>
+        <p class="bp">
+            Cross site scripting or XSS is a form of client side code injection.<br>In this type of attack the attacker
+            tries to inject malicious script into a trusted site. The malicious script is usually a piece of javascript
+            code, which helps the attacker to perform malicious activities, like redirecting the victim to an attacker
+            site, stealing cookies etc. Some times XSS vulnerability can be chained with other vulnerabilities to create
+            great impact .
+            Talking about XSS, we have 3 different types: </p>
+        <ul>
+            <li>Reflected XSS</li>
+            <li>Stored XSS</li>
+            <li>DOM XSS</li>
+        </ul>
+
+        <h4>Reflected XSS</h4>
+        <p class="bp"> Reflected XSS occurs when user input is immediately returned by a web application in an error
+            message, search result, or any other response that includes some or all of the input provided by the user as
+            part of the request, without that data being made safe to render in the browser, and without permanently
+            storing the user provided data. <br></p>
+
+        <h4>Stored XSS</h4>
+        <p class="bp">Stored XSS generally occurs when user input is stored on the target server, such as in a database,
+            in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data
+            from the web application without that data being made safe to render in the browser.Blog comments sessions
+            are places which can be vulnerable to stored xss , once a vulnerable xss payload is posted then every user
+            that visits the blog comment session would have the impact of the vulnerability.</p>
+
+        <h4>DOM XSS</h4>
+        <p class="bp">This type of XSS is possible when javascript takes in an user controllable code and passes it to a
+            sink ,for code execution . Examples of sinks are window.location , innerhtml , document.write .When the
+            attacker tries to inject malicious code into a sink , then this type of XSS is called the DOM Xss</p>
+
+
+
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+                This lab will help you to understand the Reflective Type of XSS.
+
+            <p class="bp"> The lab consists of a Search page called <b>FAANG IT</b>.Which helps you to get some
+                information about <i>Facebook, Apple ,Amazon ,Netflix, Google.</i> The user can input one of the
+                companies into the search bar and see the information related to it. </p>
+            <p class="bp">If a user searches for something else , he can see a message saying that the search term is
+                not part of the Company.</p>
+
+            <p class="bp"> What can go wrong Here? Yes, this html page reflects the search query back to the page when
+                the user enters something which is not part of the FAANG.</p>
+            <h4>Exploiting the Reflection of the search query </h4>
+            <ul>
+                <li>Instead of giving a search term try giving a html tag, <code>&lt;h4 &gt;Hello &lt;/h4>.</code></li>
+                <li>Now you can see that the word Hello has been parsed as a Heading in the page.</li>
+                <li>This shows that the page is able to render the user given html tags.</li>
+                <li>In order to get an xss , the user needs to execute javascript code in the browser.</li>
+                <li>This can be acheived by using a script tag and malicious javascript code.</li>
+                <li>For now let's just use a basic javascript code to alert a text to prove that xss is possible .</li>
+
+                <div class="container"> <code> &lt;script &gt;alert(“xss”) &lt;/script &gt;</code></div>
+
+
+                <li>Now when a search query is performed with the above payload you can see that the browser is able to
+                    render the script tag and execute the javascript , thus alerting “xss” with a pop up.</li>
+
+
+            </ul>
+
+
+
+
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/xssL'">Access
+                    Lab</button></div>
+
+            </p>
+        </div><br>
+        <br>
+        <h4>Mitigation</h4><br>
+        <p class="bp"> First let's analyse what part of the code has resulted in this vulnerability.
+
+
+            <br><b>#code in views.py</b><br></bt>
+            <code>return render(request,'Lab/XSS/xss_lab.html',{'query': q})</code><br>
+            <br><b>#code in html template</b><br>
+            <code> &lt;h3&gt; The company '{query|safe}' You searched for is not Part of FAANG &lt;/h3&gt;</code>
+        </p>
+
+        <p class="bp">In the above code the q variable holds the users input . This input is stored in a variable called
+            <b>‘query’</b> , which is sent to a html template which renders a html along with the value of the query.
+        </p>
+        <p class="bp">The query received from the user is considered to be safe which resulted in the template rendering
+            the user input without escaping the input. This can be seen by using the keyword <b>'safe'</b> in the html
+            template.</p>
+
+        <br>
+        <p class="bp">
+        <h4>What happens without the safe keyword?</h4><br>
+
+
+        <p class="bp">Without the safe keyword Django would automatically escape the malicious string in the query
+            context variable.</p>
+
+        <p class="bp">It does this by passing all string data through Python’s <code>html.escape()</code> function. This
+            function will:</p>
+        <ul class="bp">
+            <li>Replace any & with an <code>& amp;</code> ampersand HTML character-reference</li>
+            <li>Replace any < or> with an & lt; or & gt; HTML character-reference</li>
+            <li>Replace any " with an escaped \"</li>
+            <li>Replace any ' with an escaped \'</li>
+
+
+        </ul>
+
+        </p>
+        <p class="bp">
+
+
+            <br>
+        <h4>Now talking about the mitigation</h4>
+
+        <br>
+        <ol>
+            <li>Encode the following characters with HTML entity encoding to prevent switching into any execution
+                context, such as script, style, or event handlers. Using hex entities is recommended in the spec. The 5
+                characters significant in XML.
+
+                <ul>
+                    <li>& --> & amp;</li>
+                    <li>
+                        < --> & lt;
+                    </li>
+                    <li> --> & gt;</li>
+                    <li>" --> & quot;</li>
+                    <li>' --> &# x27;</li>
+                </ul>
+            </li>
+
+            <li>CSS Encode And Strictly Validate Before Inserting Untrusted Data into HTML Style Property Values</li>
+            <li>JavaScript Encode Before Inserting Untrusted Data into JavaScript Data Values</li>
+
+
+            <li>HTML Encode JSON values in an HTML context and read the data with JSON.parse</li>
+
+            <li>URL Encode Before Inserting Untrusted Data into HTML URL Parameter Values</li>
+            <li>Implement Content Security Policy</li>
+            <li>Use HTTPOnly cookie flag</li>
+
+
+        </ol>
+
+        </p>
+
+
+
+
+
+    </div>
+</div>
+
+
+
+
+{% endblock content %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/XSS/xss_lab.html b/introduction/templates/Lab/XSS/xss_lab.html
new file mode 100644
index 0000000..0309cc0
--- /dev/null
+++ b/introduction/templates/Lab/XSS/xss_lab.html
@@ -0,0 +1,41 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>XSS LAB</title>
+{% endblock %}
+
+
+
+<div class="container" style="align:center">
+    <div class="jumbotron" style="align:center">
+        <h2 align="center">FAANG IT</h2>
+        <form method="get" action="/xssL1">
+            <label for="search"><b>FAANG NAME: <b></label>
+            <input id="search" type="text" name="q" placeholder="Facebook">
+            <button class="btn btn-info" type="submit">
+                Go
+            </button>
+        </form>
+    </div>
+</div><br>
+<div class="display">
+    {% if company %}
+    <h3>Company Name : <i>{{company}}</i></h3>
+    <h3>Ceo Name : <i>{{ceo}}</i></h3>
+    <h3>About : <i>{{about}}</i></h3>
+    {% elif query %}
+    <h3> The company '{{query|safe}}' You searched for is not Part of FAANG</h3>
+    {% else %}
+
+    {% endif %}
+
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/xss'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock content %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/XXE/xxe.html b/introduction/templates/Lab/XXE/xxe.html
new file mode 100644
index 0000000..a59d478
--- /dev/null
+++ b/introduction/templates/Lab/XXE/xxe.html
@@ -0,0 +1,98 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>XXE Injection</title>
+{% endblock %}
+<div class="content">
+    <h3>XXE Injection</h3>
+    <div class="box">
+
+        <h4>What is XML External Entity Injection</h4>
+        <p class="bp">XML External Entity injection (also known as XXE) is a web security vulnerability that allows an
+            attacker to interfere with an application's processing of XML data. It is a type of attack against an
+            application that parses XML input. This attack occurs when XML input containing a reference to an external
+            entity is processed by a weakly configured XML parser. <br>
+            It often allows an attacker to view files on the application server filesystem, and to interact with any
+            back-end or external systems that the application itself can access. <br>
+            In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other
+            back-end infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF)
+            attacks.
+        </p>
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+            <p class="bp">
+
+            <p class="bp">
+                This lab helps us to understand how xxe vulnerabilities can be exploited in the wild.
+                The lab consists of a commenting feature which asks the user to enter his/her thoughts about a picture
+                show!
+                Once he enters his comments, he is also given a feature to see how his comments are stored in the
+                database.
+                This can be done by clicking the <code>click here</code> button .
+            </p>
+            <p class="bp">
+                <b>What could go wrong here?</b><br>
+                When the user clicks the button to save his comments, the data is sent to the server in the from of xml
+                post request.
+                This can be seen by intercepting the request done to the server by that button using <b><a
+                        href="https://portswigger.net/burp/communitydownload">BurpSuite</a></b>.<br>
+                Sending data to the server in the form of XML is not actually vulnerable, the vulnerability lies in the
+                way the <i>xml is being parsed.</i>
+                An xml parser which allows the DTD retrival is vulnerable to XXE injection if there aren't any input
+                validations done on the xml data.
+
+            </p>
+            <p class="bp">
+                <b>Exploiting the XML Parser</b>
+            <ul>
+                <li>Open Burpsuite and make sure it is ready to capture the web traffic. </li>
+                <li>Enter your comments in the input box provided.</li>
+                <li>Before hiting the <b>Let the world see</b> button go to burpsuite and turn on intercept.</li>
+                <li>Now you should be able to see a post request containing a xml data with your comment inside your the
+                    text tag. </li>
+                <li>Now we need to introduce a DTD, which tries to fetch files from its server. </li>
+                <li>This can be done by using the document tag and defining the Entity.</li>
+                <li>The Payload </li><br>
+                <code style="text-align:center">
+                                                &lt;?xml version='1.0'?><br>
+                                                &lt;!DOCTYPE comm [<br>
+                                                &lt;!ELEMENT comm (#PCDATA)><br>
+                                                &lt;!ENTITY xxe SYSTEM "File_Path_Here"><br>
+                                                ]><br>
+                                                &lt;comm><br>
+                                                &lt;text>&xxe;&lt;/text><br>
+                                                &lt;/comm><br>
+                                            </code><br>
+                <li>Incase if the server is runnning linux then use file path <code>file:///etc/passwd</code> and if its
+                    running windows, use <code>C:\windows\system32\drivers\etc\hosts</code>. This will dump sensitive
+                    data about all users</li>
+                <li>Forward the request and turn of intercept.</li>
+                <li>Go to the see comments option and click view comments this should show you the requested files in
+                    your payload if the vulnerability exists.</li>
+            </ul>
+            </p>
+
+
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/xxe_lab'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <h4>Mitigation</h4>
+        <p class="bp">
+        <ul>
+            <li>DTD and XML external entity features must be disabled.</li>
+            <li>All XML processors and libraries used in the application must be patched and updated always.</li>
+            <li>Ensure that the user inputs are validated before being parsed</li>
+            <li>Make use of a good xml parsers, which arent vulnerable by default.</li>
+        </ul>
+        </p>
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/XXE/xxe_lab.html b/introduction/templates/Lab/XXE/xxe_lab.html
new file mode 100644
index 0000000..6153c1f
--- /dev/null
+++ b/introduction/templates/Lab/XXE/xxe_lab.html
@@ -0,0 +1,37 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>XXE LAB</title>
+{% endblock %}
+
+<script defer src="{% static 'Lab/xss.js' %}"></script>
+<!--<button type="button" onclick="window.location.href='/xxe_see'"> Click ME</button> -->
+<div class="jumbotron">
+
+    <img class="img" src="{% static 'Lab/image/xxe.jpg' %}"><br><br>
+
+
+    <form name="ajax" onsubmit="SendToServer()">
+        <label for="comment">Comment Your Thoughts:</label>
+        <input id="comment" type="text" name="comment">
+        <input type="hidden" id="Url" data-url="{% url 'xxe_parse' %}" />
+        <button class="btn btn-info" type="submit">Let the world see</button>
+    </form>
+</div>
+<div class="conatiner">
+    <h4>To see your comments </h4>
+    <button class="btn btn-info" type="button" onclick="window.location.href='/xxe_see'">Click Here</button><br><br>
+    <br>
+    <h5> Your comments : </h5>
+    <pre>{{com}}</pre>
+</div>
+<script defer src="{% static 'Lab/xss.js' %}"></script>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/xxe'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/insec_des/insec_des.html b/introduction/templates/Lab/insec_des/insec_des.html
new file mode 100644
index 0000000..3712c38
--- /dev/null
+++ b/introduction/templates/Lab/insec_des/insec_des.html
@@ -0,0 +1,82 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Insecure Deserialization</title>
+{% endblock %}
+<div class="content">
+	<h3>Insecure Deserialization</h3>
+	<div class="box">
+		<h4>What is Insecure Deserialization</h4>
+		<p class="bp">
+			Exploitation of deserialization is somewhat difficult, as off the shelf exploits rarely work without changes or
+			tweaks to the underlying exploit code.
+			This issue is included in the Top 10 based on an industry survey and not on quantifiable data.
+			Some tools can discover deserialization flaws, but human assistance is frequently needed to validate the problem.
+			It is expected that prevalence data for deserialization flaws will increase as tooling is developed to help
+			identify and address it.
+			The impact of deserialization flaws cannot be overstated. These flaws can lead to remote code execution attacks,
+			one of the most serious attacks possible.
+			The business impact depends on the protection needs of the application and data.
+		</p>
+
+		<button class="coll btn btn-info">Lab Details</button>
+		<div class="lab">
+			<p class="bp">
+				This Lab consists of a Page that has some content only available to for the admin to see, How can we access that
+				page as admin? How is our role defined?
+			</p>
+			<p class="bp">If we check the cookie we see that it is base64 encoded, on decoding we realise it is pickle
+				serialised and we can see some attributes, can you change the attributes to make the page readable?
+			</p>
+			<p class="bp">Hint: try to flip the bit of the admin from ...admin\x94K\x00... to ...admin\x94K\x00...
+			</p>
+			<br>
+			<div align="right">
+				<button class="btn btn-info" type="button" onclick="window.location.href='/insec_des_lab'">Access Lab</button>
+			</div>
+		</div>
+		<h4>Insecure Deserialization</h4>
+		<p class="bp">
+			Applications and APIs will be vulnerable if they deserialize hostile or tampered objects supplied by an attacker.
+			This can result in two primary types of attacks:
+		</p>
+		<ul>
+			<li>Object and data structure related attacks where the attacker modifies application logic or achieves arbitrary
+				remote code execution if there are classes available to the application that can change behavior during or after
+				deserialization.</li>
+			<li>Typical data tampering attacks such as access-control-related attacks where existing data structures are used
+				but the content is changed.</li>
+		</ul>
+		<h4>
+			Serialization may be used in applications for:
+		</h4>
+		<ul>
+			<li>Remote- and inter-process communication (RPC/IPC)</li>
+			<li>Wire protocols, web services, message brokers</li>
+			<li>Caching/Persistence</li>
+			<li>Databases, cache servers, file systems</li>
+			<li>HTTP cookies, HTML form parameters, API authentication tokens</li>
+		</ul>
+		<h4>
+			How to Prevent
+		</h4>
+		<p class="bp">The only safe architectural pattern is not to accept serialized objects from untrusted sources or to
+			use serialization mediums that only permit primitive data types. If that is not possible, consider one of more of
+			the following:
+		</p>
+		<ul>
+			<li>Implementing integrity checks such as digital signatures on any serialized objects to prevent hostile object
+				creation or data tampering.</li>
+			<li>Enforcing strict type constraints during deserialization before object creation as the code typically expects
+				a definable set of classes. Bypasses to this technique have been demonstrated, so reliance solely on this is not
+				advisable.</li>
+			<li>Isolating and running code that deserializes in low privilege environments when possible.</li>
+			<li>Log deserialization exceptions and failures, such as where the incoming type is not the expected type, or the
+				deserialization throws exceptions.</li>
+			<li>Restricting or monitoring incoming and outgoing network connectivity from containers or servers that
+				deserialize.
+				Monitoring deserialization, alerting if a user deserializes constantly.</li>
+		</ul>
+	</div>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/insec_des/insec_des_lab.html b/introduction/templates/Lab/insec_des/insec_des_lab.html
new file mode 100644
index 0000000..43900ec
--- /dev/null
+++ b/introduction/templates/Lab/insec_des/insec_des_lab.html
@@ -0,0 +1,19 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>INSECURE DESERIALIZATION LAB</title>
+{% endblock %}
+
+<div class="container" style="align:center">
+	<div>
+		<pre>{{message}}</pre>
+	</div>
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/insec_des'">Back to Lab
+		Details</button></div>
+
+</p>
+
+{% endblock content %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/sec_mis/sec_mis.html b/introduction/templates/Lab/sec_mis/sec_mis.html
new file mode 100644
index 0000000..b90e19c
--- /dev/null
+++ b/introduction/templates/Lab/sec_mis/sec_mis.html
@@ -0,0 +1,85 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Security Misconfiguration</title>
+{% endblock %}
+<div class="content">
+	<h3></h3>
+	<div class="box">
+		<h4>What is Security Misconfiguration</h4>
+		<p class="bp">
+			Security misconfiguration can happen at any level of an application stack, including the network services,
+			platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines,
+			containers, or storage. Automated scanners are useful for detecting misconfigurations, use of default accounts or
+			configurations, unnecessary services, legacy options, etc.
+		</p>
+		<p class="bp">
+			Such flaws frequently give attackers unauthorized access to some system data or functionality. Occasionally, such
+			flaws result in a complete system compromise.
+			The business impact depends on the protection needs of the application and data.
+		</p>
+
+		<button class="coll btn btn-info">Lab 1 Details</button>
+		<div class="lab">
+			<p class="bp">
+				This lab has a Security misconfiguration. It has a button which reveal the secret key but it is only accessible
+				if the admin is accessing it. How to checkin as admin? Is there a cookie, OR A request header?
+
+				Hint:
+			<ul>
+				<li>Clicking on the Secret Key button gives an error message, try using the hint to change the request.</li>
+			</ul>
+			</p>
+			<br>
+			<div align="right">
+				<button class="btn btn-info" type="button" onclick="window.location.href='/sec_mis_lab'">Access Lab</button>
+			</div>
+		</div>
+
+		<button class="coll btn btn-info">Lab 2 Details</button>
+		<div class="lab">
+			<p class="bp">
+				One of the features of having DEBUG=True is dumping lots of metadata from your environment, including the whole settings.py configurations, when a exception occurs.
+				<br>Can u trigger a 500 error and get the SENSITIVE_DATA ?
+			</p>
+			<br>
+			<div align="right">
+				<button class="btn btn-info" type="button" onclick="window.location.href='/data_exp_lab'">Access Lab</button>
+			</div>
+		</div>
+
+		<button class="coll btn btn-info">Lab 3 Details</button>
+		<div class="lab">
+			<p class="bp">
+				Solve lab2 before solving this. <br>
+				<h3>Can you login as admin ? </h3>
+				<br>For hint you can see the code in the lab page..
+			</p>
+			<br>
+			<div align="right">
+				<button class="btn btn-info" type="button" onclick="window.location.href='/sec_mis_lab3'">Access Lab</button>
+			</div>
+		</div>
+
+
+		<h4>Security Misconfiguration</h4>
+		<p class="bp">
+			The application might be vulnerable if the application is:
+		<ul>
+			<li> Missing appropriate security hardening across any part of the application stack, or improperly configured
+				permissions on cloud services.</li>
+			<li> Unnecessary features are enabled or installed (e.g. unnecessary ports, services, pages, accounts, or
+				privileges).</li>
+			<li> Default accounts and their passwords still enabled and unchanged.</li>
+			<li> Error handling reveals stack traces or other overly informative error messages to users.</li>
+			<li> For upgraded systems, latest security features are disabled or not configured securely.</li>
+			<li> The security settings in the application servers, application frameworks (e.g. Struts, Spring, ASP.NET),
+				libraries, databases, etc. not set to secure values.</li>
+			<li> The server does not send security headers or directives or they are not set to secure values.</li>
+			<li> The software is out of date or vulnerable (see A9:2017-Using Components with Known Vulnerabilities).
+				Without a concerted, repeatable application security configuration process, systems are at a higher risk.</li>
+		</ul>
+		</p>
+	</div>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/sec_mis/sec_mis_lab.html b/introduction/templates/Lab/sec_mis/sec_mis_lab.html
new file mode 100644
index 0000000..25b410b
--- /dev/null
+++ b/introduction/templates/Lab/sec_mis/sec_mis_lab.html
@@ -0,0 +1,32 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Security Misconfiguration</title>
+{% endblock %}
+<script defer src="{% static 'Lab/sec_mis.js' %}"></script>
+
+<div class="jumbotron" id="display">
+       <button class="btn btn-info" type="button" onclick="window.location.href ='/secret'">Secret Key</button><br><br>
+
+
+       {% if secret %}
+       <h2>Success. You have the secret
+              <pre>{{secret}}</pre>
+       </h2>
+       {% endif %}
+
+       {% if no_secret %}
+       <h3>{{no_secret}}</h3>
+       {% endif %}
+
+</div>
+<script defer src="{% static 'Lab/sec_mis.js' %}"></script>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/sec_mis'">Back to Lab
+              Details</button></div>
+
+</p>
+
+{% endblock content %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/sec_mis/sec_mis_lab3.html b/introduction/templates/Lab/sec_mis/sec_mis_lab3.html
new file mode 100644
index 0000000..5e1b2d4
--- /dev/null
+++ b/introduction/templates/Lab/sec_mis/sec_mis_lab3.html
@@ -0,0 +1,53 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Security Misconfiguration</title>
+{% endblock %}
+<div class="jumbotron" id="display">
+       {% if admin %}
+       <h2>loggedin as Admin
+       </h2>
+       {% else %}
+
+       <h2>
+        User Not allowed. [ Admin Only ]
+       </h2>
+       {% endif %}
+
+</div>
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+
+<div class="lab code">
+   <code>   
+    from pygoat.settings import SECRET_COOKIE_KEY</br></br>
+def sec_misconfig_lab3(request):</br>
+&emsp;if not request.user.is_authenticated:</br>
+&emsp;&emsp;return redirect('login')</br>
+&emsp;try:</br>
+&emsp;&emsp;cookie = request.COOKIES["auth_cookie"]</br>
+&emsp;&emsp;payload = jwt.decode(cookie, SECRET_COOKIE_KEY, algorithms=['HS256'])</br>
+&emsp;&emsp;if payload['user'] == 'admin':</br>
+&emsp;&emsp;&emsp;return render(request,"Lab/sec_mis/sec_mis_lab3.html", {"admin":True} )</br>
+&emsp;except:</br>
+&emsp;&emsp;payload = {</br>
+&emsp;&emsp;&emsp;'user':'not_admin',</br>
+&emsp;&emsp;&emsp;'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60),</br>
+&emsp;&emsp;&emsp;'iat': datetime.datetime.utcnow(),</br>
+&emsp;&emsp;}</br>
+    </br>
+&emsp;&emsp;cookie = jwt.encode(payload, SECRET_COOKIE_KEY, algorithm='HS256')</br>
+&emsp;&emsp;response = render(request,"Lab/sec_mis/sec_mis_lab3.html", {"admin":False} )</br>
+&emsp;&emsp;response.set_cookie(key = "auth_cookie", value = cookie)</br>
+&emsp;&emsp;return response </br> 
+   </code>
+    
+</div>
+
+<div align="right" style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/sec_mis'">Back to Lab
+              Details</button></div>
+
+</p>
+
+{% endblock content %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/blogs/blog1.txt b/introduction/templates/Lab/ssrf/blogs/blog1.txt
new file mode 100644
index 0000000..87940b7
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/blogs/blog1.txt
@@ -0,0 +1,9 @@
+Overview
+
+This category is added from the Top 10 community survey (#1). The data shows a relatively low incidence rate with above average testing coverage and above-average Exploit and Impact potential ratings. As new entries are likely to be a single or small cluster of Common Weakness Enumerations (CWEs) for attention and awareness, the hope is that they are subject to focus and can be rolled into a larger category in a future edition.
+
+Description
+
+SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).
+
+As modern web applications provide end-users with convenient features, fetching a URL becomes a common scenario. As a result, the incidence of SSRF is increasing. Also, the severity of SSRF is becoming higher due to cloud services and the complexity of architectures.
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/blogs/blog2.txt b/introduction/templates/Lab/ssrf/blogs/blog2.txt
new file mode 100644
index 0000000..d214055
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/blogs/blog2.txt
@@ -0,0 +1,28 @@
+How to Prevent ?
+Developers can prevent SSRF by implementing some or all the following defense in depth controls:
+
+From Network layer
+Segment remote resource access functionality in separate networks to reduce the impact of SSRF
+
+Enforce “deny by default” firewall policies or network access control rules to block all but essential intranet traffic.
+Hints:
+~ Establish an ownership and a lifecycle for firewall rules based on applications.
+~ Log all accepted and blocked network flows on firewalls (see A09:2021-Security Logging and Monitoring Failures).
+
+From Application layer:
+Sanitize and validate all client-supplied input data
+
+Enforce the URL schema, port, and destination with a positive allow list
+
+Do not send raw responses to clients
+
+Disable HTTP redirections
+
+Be aware of the URL consistency to avoid attacks such as DNS rebinding and “time of check, time of use” (TOCTOU) race conditions
+
+Do not mitigate SSRF via the use of a deny list or regular expression. Attackers have payload lists, tools, and skills to bypass deny lists.
+
+Additional Measures to consider:
+Don't deploy other security relevant services on front systems (e.g. OpenID). Control local traffic on these systems (e.g. localhost)
+
+For frontends with dedicated and manageable user groups use network encryption (e.g. VPNs) on independent systems to consider very high protection needs
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/blogs/blog3.txt b/introduction/templates/Lab/ssrf/blogs/blog3.txt
new file mode 100644
index 0000000..13ef764
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/blogs/blog3.txt
@@ -0,0 +1,28 @@
+How to Prevent
+Developers can prevent SSRF by implementing some or all the following defense in depth controls:
+
+From Network layer
+Segment remote resource access functionality in separate networks to reduce the impact of SSRF
+
+Enforce “deny by default” firewall policies or network access control rules to block all but essential intranet traffic.
+Hints:
+~ Establish an ownership and a lifecycle for firewall rules based on applications.
+~ Log all accepted and blocked network flows on firewalls (see A09:2021-Security Logging and Monitoring Failures).
+
+From Application layer:
+Sanitize and validate all client-supplied input data
+
+Enforce the URL schema, port, and destination with a positive allow list
+
+Do not send raw responses to clients
+
+Disable HTTP redirections
+
+Be aware of the URL consistency to avoid attacks such as DNS rebinding and “time of check, time of use” (TOCTOU) race conditions
+
+Do not mitigate SSRF via the use of a deny list or regular expression. Attackers have payload lists, tools, and skills to bypass deny lists.
+
+Additional Measures to consider:
+Don't deploy other security relevant services on front systems (e.g. OpenID). Control local traffic on these systems (e.g. localhost)
+
+For frontends with dedicated and manageable user groups use network encryption (e.g. VPNs) on independent systems to consider very high protection needs
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/blogs/blog4.txt b/introduction/templates/Lab/ssrf/blogs/blog4.txt
new file mode 100644
index 0000000..01dc013
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/blogs/blog4.txt
@@ -0,0 +1,2 @@
+The purpose is to give both developers and testers a platform for learning how to test applications and how to code securely. PyGoat is written in python and used Django web framework as a platform. It has both traditional web application vulnerabilities (i.e. XSS, SQLi) as well.
+PyGoat also has an area where you can see the source code to determine where the mistake was made that caused the vulnerability and allows you to make changes to secure it.
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/secret.txt b/introduction/templates/Lab/ssrf/secret.txt
new file mode 100644
index 0000000..58e6f9e
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/secret.txt
@@ -0,0 +1 @@
+bla bla
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/ssrf.html b/introduction/templates/Lab/ssrf/ssrf.html
new file mode 100644
index 0000000..af73bb0
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/ssrf.html
@@ -0,0 +1,65 @@
+{% extends 'introduction/base.html' %} {% block content %} {% block title %}
+<title>SSRF</title>
+{% endblock %}
+<div class="content">
+  <h3>Server-Side Request Forgery</h3>
+  <div class="box">
+    <h4>What is  Server-Side Request Forgery (SSRF)</h4>
+    <p class="bp">
+        SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).
+
+        As modern web applications provide end-users with convenient features, fetching a URL becomes a common scenario. As a result, the incidence of SSRF is increasing. Also, the severity of SSRF is becoming higher due to cloud services and the complexity of architectures.
+    </p>
+    <button class="coll btn btn-info">Lab 1 Details</button>
+    <div class="lab">
+        <p class="bp">
+        This lab helps you to get an idea of how SSRF can result in major Security flaw.
+
+        The next pages shows some blog, but can you figure out how the blogs are presented?
+        
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/ssrf_lab'">Access
+            Lab</button></div>
+    </div>
+    <button class="coll btn btn-info">Lab 2 Details</button>
+    <div class="lab">
+        <p class="bp">
+          This website sends a request to the given url and displays the page withing the page.
+          now there is a page at <a href="/ssrf_target">/ssrf_target</a> which only allowes request from localhost ( ie 127.0.0.1 )
+          <br>
+          now start the server using <code>python manage.py runserver 0:8000</code><br>
+          get your network ip using <code>ifconfig</code> or <code>ipcofig</code>(in windows) <br>
+          now go to http://[your ip]/ssrf_target
+          <br>
+          Now you can't access the page because it is not from localhost.
+          Try to get access to this page content now using the utility.
+        </p>
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/ssrf_lab2'">Access
+            Lab</button></div>
+    </div>
+  <div>
+    <br>
+    <h4>Mitigation</h4>
+    <p class="bp">
+    <ul>
+        <span style = "font-size:17px;font-weight:600;margin-top:5 px">From Network layer</span>
+        <li>Segment remote resource access functionality in separate networks to reduce the impact of SSRF</li>
+        <li>Enforce “deny by default” firewall policies or network access control rules to block all but essential intranet traffic.</li>
+        <span style = "font-size:17px;font-weight:600;margin-top:5 px">From Application layer</span>
+        <li>Sanitize and validate all client-supplied input data</li>
+        <li>Enforce the URL schema, port, and destination with a positive allow list</li>
+        <li>Do not send raw responses to clients</li>
+        <li>Disable HTTP redirections</li>
+        <li>Be aware of the URL consistency to avoid attacks such as DNS rebinding and “time of check, time of use” (TOCTOU) race conditions</li>
+        <span style = "font-size:17px;font-weight:600;margin-top:5 px">Additional Measures to consider</span>
+        <li>Don't deploy other security relevant services on front systems (e.g. OpenID). Control local traffic on these systems (e.g. localhost)</li>
+        <li>For frontends with dedicated and manageable user groups use network encryption (e.g. VPNs) on independent systems to consider very high protection needs</li>
+    </ul>
+    </p>
+
+    <div> <button class="coll btn btn-info" type="button" onclick="window.location.href='/ssrf_discussion'">Code Discussion </button> </div>
+  </div>
+</div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/ssrf_discussion.html b/introduction/templates/Lab/ssrf/ssrf_discussion.html
new file mode 100644
index 0000000..7dc6678
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/ssrf_discussion.html
@@ -0,0 +1,157 @@
+{% extends 'introduction/base.html' %} {% block content %} {% block title %}
+<title>SSRF</title>
+{% endblock %}
+
+    <h3 style="align-self: center">Discussion page</h3>
+    <div class="playground">
+        <div id="ssrf-frame-1">
+            <h4>Lets fix the code in lab 1 of SSRF</h4>
+            <button class="btn btn-info" type="button" onclick=frame1to2()> start </button>
+        </div>
+        <div id="ssrf-progress-bar">
+            <div class="ssrf-progress-element" >
+                <div id="ssrf-bar-status1" ></div>
+            </div>
+            <div class="circle"></div>
+            <div class="ssrf-progress-element" >
+                <div id="ssrf-bar-status2"></div>
+            </div>
+            <div class="circle"></div>
+            <div class="ssrf-progress-element" >
+                <div id="ssrf-bar-status3"></div>
+            </div>
+        </div>
+        <div id="ssrf-frame-2">
+            
+            <h5>Choose the lines with insecure/defective code</h5>
+            <div class="code">
+                <div class="code-bar"> 
+                    <div style="display :flex">
+                        <div class="code-circle red"></div>
+                        <div class="code-circle yellow"></div>
+                        <div class="code-circle green"></div> 
+                    </div>
+                    <button class="btn btn-info" style= "height: 25px;padding: 2px;margin: 2.5px;" type="button" onclick=frame2to3()>Submit</button>
+                </div>
+                <form>
+                    <div class="code-line"><input type="checkbox" value="1">&emsp;&emsp; <label>def ssrf_lab(request):</label></div>
+                    <div class="code-line"><input type="checkbox" value="2">&emsp;&emsp; <label>&emsp;if request.user.is_authenticated:</label></div>
+                    <div class="code-line"><input type="checkbox" value="3">&emsp;&emsp; <label>&emsp;&emsp;if request.method=="GET":</label></div>
+                    <div class="code-line"><input type="checkbox" value="4">&emsp;&emsp; <label>&emsp;&emsp;&emsp;return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":"Read Blog About SSRF"})</label></div>
+                    <div class="code-line"><input type="checkbox" value="5">&emsp;&emsp; <label>&emsp;&emsp;else:</label></div>
+                    <div class="code-line"><input type="checkbox" value="6">&emsp;&emsp; <label>&emsp;&emsp;&emsp;file=request.POST["blog"]</label></div>
+                    <div class="code-line"><input type="checkbox" value="7">&emsp;&emsp; <label>&emsp;&emsp;&emsp;try :</label></div>
+                    <div class="code-line"><input type="checkbox" value="8">&emsp;&emsp; <label>&emsp;&emsp;&emsp;&emsp;dirname = os.path.dirname(__file__)</label></div>
+                    <div class="code-line"><input type="checkbox" value="9">&emsp;&emsp; <label>&emsp;&emsp;&emsp;&emsp;filename = os.path.join(dirname, file)</label></div>
+                    <div class="code-line"><input type="checkbox" value="10">&emsp;&emsp; <label>&emsp;&emsp;&emsp;&emsp;file = open(filename,"r")</label></div>
+                    <div class="code-line"><input type="checkbox" value="11">&emsp;&emsp; <label>&emsp;&emsp;&emsp;&emsp;data = file.read()</label></div>
+                    <div class="code-line"><input type="checkbox" value="12">&emsp;&emsp; <label>&emsp;&emsp;&emsp;&emsp;return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":data})</label></div>
+                    <div class="code-line"><input type="checkbox" value="13">&emsp;&emsp; <label>&emsp;&emsp;&emsp;except:</label></div>
+                    <div class="code-line"><input type="checkbox" value="14">&emsp;&emsp; <label>&emsp;&emsp;&emsp;&emsp;return render(request, "Lab/ssrf/ssrf_lab.html", {"blog": "No blog found"})</label></div>
+                    <div class="code-line"><input type="checkbox" value="15">&emsp;&emsp; <label>&emsp;else:</label></div>
+                    <div class="code-line"><input type="checkbox" value="16">&emsp;&emsp; <label>&emsp;&emsp;return redirect('login')</label></div>
+                </form>
+                
+            </div>
+        </div>
+    
+
+        <div id="ssrf-frame-3">
+            <h5> Some insecure codes in frontend side also ...</h5>
+            <div class="code">
+                <div class="code-bar"> 
+                    <div style="display :flex">
+                        <div class="code-circle red"></div>
+                        <div class="code-circle yellow"></div>
+                        <div class="code-circle green"></div> 
+                    </div>
+                    <button class="btn btn-info" style= "height: 25px;padding: 2px;margin: 2.5px;" type="button" onclick=frame3to4()>Submit</button>
+                </div>
+                <form>
+                    <div class="code-line"><input type="checkbox" name="form2" value="1">&emsp;&emsp; <label>&lt;div&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="2">&emsp;&emsp; <label>&emsp;&lt;form method="post" action="/ssrf_lab"&gt;{% csrf_token %}</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="3">&emsp;&emsp; <label>&emsp;&emsp;&lt;input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog1.txt"&gt;label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="4">&emsp;&emsp; <label>&emsp;&emsp;&lt;button type="submit" class="btn btn-info"&gt; Blog1 &lt;/button&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="5">&emsp;&emsp; <label>&emsp;&lt;/form&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="6">&emsp;&emsp; <label>&emsp;&lt;form method="post" action="/ssrf_lab"&gt;{% csrf_token %}</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="7">&emsp;&emsp; <label>&emsp;&emsp;&lt;input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog2.txt"&gt;label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="8">&emsp;&emsp; <label>&emsp;&emsp;&lt;button type="submit" class="btn btn-info"&gt; Blog1 &lt;/button&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="9">&emsp;&emsp; <label>&emsp;&lt;/form&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="10">&emsp;&emsp; <label>&emsp;&lt;form method="post" action="/ssrf_lab"&gt;{% csrf_token %}</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="11">&emsp;&emsp; <label>&emsp;&emsp;&lt;input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog3.txt"&gt;label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="12">&emsp;&emsp; <label>&emsp;&emsp;&lt;button type="submit" class="btn btn-info"&gt; Blog1 &lt;/button&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="13">&emsp;&emsp; <label>&emsp;&lt;/form&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="14">&emsp;&emsp; <label>&emsp;&lt;form method="post" action="/ssrf_lab"&gt;{% csrf_token %}</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="15">&emsp;&emsp; <label>&emsp;&emsp;&lt;input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog4.txt"&gt;label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="16">&emsp;&emsp; <label>&emsp;&emsp;&lt;button type="submit" class="btn btn-info"&gt; Blog1 &lt;/button&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="17">&emsp;&emsp; <label>&emsp;&lt;/form&gt;</label></div>
+                    <div class="code-line"><input type="checkbox" name="form2" value="18">&emsp;&emsp; <label>&lt;/div&gt;</label></div>
+                    
+                </form>
+            </div>
+        </div>
+        <div id="ssrf-frame-4">
+            <h2>Now Lets fix the code :)</h2>
+            <p class="problem-Statement-desc">
+                <strong>Problem Statement : </strong>
+                We need to share file content ( not the file itself )
+                Previous method had ssrf valuribility issue. Fix the code so that it can share file content securely.
+            </p>
+            <div id="textarea-container">
+                <div id="textarea1">
+                    <h6>views.py</h6>
+                    <textarea  id="python" placeholder="">
+def ssrf_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":"Read Blog About SSRF"})
+        else:
+            file=request.POST["blog"]
+            try :
+                dirname = os.path.dirname(__file__)
+                filename = os.path.join(dirname, file)
+                file = open(filename,"r")
+                data = file.read()
+                return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":data})
+            except:
+                return render(request, "Lab/ssrf/ssrf_lab.html", {"blog": "No blog found"})
+    else:
+        return redirect('login')</textarea>
+                </div>
+                <div id="textarea2">
+                    <h6>ssrf_lab.html</h6>
+                    <textarea id="html">
+<div style="display:flex;flex-direction:row;align-items:center;margin:15px">
+    <form method="post" action="/ssrf_lab">
+        {&#37; csrf_token &#37;}
+        <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog1.txt">
+        <button type="submit" class="btn btn-info"> Blog1 </button>
+    </form>
+    <form method="post" action="/ssrf_lab">
+        {&#37; csrf_token &#37;}
+        <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog2.txt">
+        <button type="submit" class="btn btn-info"> Blog2 </button>
+    </form>
+    <form method="post" action="/ssrf_lab">
+        {&#37; csrf_token &#37;}
+        <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog3.txt">
+        <button type="submit" class="btn btn-info"> Blog3 </button>
+    </form>
+    <form method="post" action="/ssrf_lab">
+        {&#37; csrf_token &#37;}
+        <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog4.txt">
+        <button type="submit" class="btn btn-info"> Blog4 </button>
+    </form>
+</div></textarea> 
+                </div>
+            </div>
+            <button class="btn btn-info" onclick=checkcode()> Submit </button>
+        </div>
+        <div id="ssrf-frame-5">
+            <h2>Congratulation you have secured the code.</h2>
+        </div>
+    </div>
+    
+    <div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/ssrf'">Back to Lab
+        Details</button></div>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/ssrf_lab.html b/introduction/templates/Lab/ssrf/ssrf_lab.html
new file mode 100644
index 0000000..ab6977e
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/ssrf_lab.html
@@ -0,0 +1,72 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>SSRF LAB</title>
+{% endblock %}
+
+<div style="display:flex;flex-direction:column;align-items:center">
+    <div>
+        <h1> Read Blog </h2>
+            <br>
+    </div>
+    <div style="display:flex;flex-direction:row;align-items:center;margin:15px">
+        <form method="post" action="/ssrf_lab">
+            {% csrf_token %}
+            <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog1.txt">
+            <button type="submit" class="btn btn-info"> Blog1 </button>
+        </form>
+        <form method="post" action="/ssrf_lab">
+            {% csrf_token %}
+            <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog2.txt">
+            <button type="submit" class="btn btn-info"> Blog2 </button>
+        </form>
+        <form method="post" action="/ssrf_lab">
+            {% csrf_token %}
+            <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog3.txt">
+            <button type="submit" class="btn btn-info"> Blog3 </button>
+        </form>
+        <form method="post" action="/ssrf_lab">
+            {% csrf_token %}
+            <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog4.txt">
+            <button type="submit" class="btn btn-info"> Blog4 </button>
+        </form>
+    </div>
+    <div>
+        {{ blog }}
+    </div>
+</div>
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :330px; bottom : 7px">Hint</button>
+<div class="lab code">
+    Try to find a .env file
+</div>
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+
+<div class="lab code">
+   <code>   
+    def ssrf_lab(request):</br>
+&emsp;if request.user.is_authenticated:</br>
+&emsp;&emsp;if request.method=="GET":</br>
+&emsp;&emsp;&emsp;return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":"Read Blog About SSRF"})</br>
+&emsp;&emsp;else:</br>
+&emsp;&emsp;&emsp;file=request.POST["blog"]</br>
+&emsp;&emsp;&emsp;try :</br>
+&emsp;&emsp;&emsp;&emsp;dirname = os.path.dirname(__file__)</br>
+&emsp;&emsp;&emsp;&emsp;filename = os.path.join(dirname, file)</br>
+&emsp;&emsp;&emsp;&emsp;file = open(filename,"r")</br>
+&emsp;&emsp;&emsp;&emsp;data = file.read()</br>
+&emsp;&emsp;&emsp;&emsp;return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":data})</br>
+&emsp;&emsp;&emsp;except:</br>
+&emsp;&emsp;&emsp;&emsp;return render(request, "Lab/ssrf/ssrf_lab.html", {"blog": "No blog found"})</br>
+&emsp;else:</br>    
+&emsp;&emsp;return redirect('login')</br>
+   </code>
+    
+</div>
+<div>
+
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/ssrf'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/ssrf_lab2.html b/introduction/templates/Lab/ssrf/ssrf_lab2.html
new file mode 100644
index 0000000..5245899
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/ssrf_lab2.html
@@ -0,0 +1,52 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>SSRF LAB</title>
+{% endblock %}
+
+<div style="display:flex;flex-direction:column;align-items:center">
+    {% if error %}
+    <div class="alert alert-danger" role="alert">
+        {{ error }}
+    {% endif %}
+
+    <form method="POST">
+        {% csrf_token %}
+        <div class="form-group">
+            <label for="url">URL</label>
+            <input type="text" class="form-control" id="url" name="url" placeholder="Enter URL">
+            <button type="submit" class="btn btn-primary">Submit</button>
+        </div>
+    </form>
+    
+    {% if response %}
+        <div style="width:70%;overflow:scroll;background-color:#000">{{response | safe}}<div>
+    {% endif %}
+</div>
+
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+
+<div class="lab code">
+   <code>   
+    @authentication_decorator<br>
+def ssrf_lab2(request):<br>
+&emsp;if request.method == "GET":<br>
+&emsp;&emsp;return render(request, "Lab/ssrf/ssrf_lab2.html")<br>
+<br>
+&emsp;elif request.method == "POST":<br>
+&emsp;&emsp;url = request.POST["url"]<br>
+&emsp;&emsp;try:<br>
+&emsp;&emsp;&emsp;response = requests.get(url)<br>
+&emsp;&emsp;&emsp;return render(request, "Lab/ssrf/ssrf_lab2.html", {"response": response.content.decode()})<br>
+&emsp;&emsp;except:<br>
+&emsp;&emsp;&emsp;return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Invalid URL"})<br>
+   </code>
+    
+</div>
+<div>
+
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/ssrf'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab/ssrf/ssrf_target.html b/introduction/templates/Lab/ssrf/ssrf_target.html
new file mode 100644
index 0000000..623b9ba
--- /dev/null
+++ b/introduction/templates/Lab/ssrf/ssrf_target.html
@@ -0,0 +1,15 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>SSRF LAB</title>
+{% endblock %}
+
+<div style="display:flex;flex-direction:column;align-items:center">
+    {% if access_denied %}
+        <h1>Access Denied</h1>
+    {% else %}
+        <h2>Super Secret Information</h2>
+    {% endif %}
+</div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access.html
new file mode 100644
index 0000000..d123f9f
--- /dev/null
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access.html
@@ -0,0 +1,147 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Broken Access Control</title>
+{% endblock %}
+<div class="content">
+    <h3>Broken Access Control</h3>
+    <div class="box">
+
+        <h4>What is Broken Access Control</h4>
+        <p class="bp"> Access control, sometimes called authorization, is how a web application grants access to content
+            and functions to some users and not others. These checks are performed after authentication, and govern what
+            ‘authorized’ users are allowed to do. A web application’s access control model is closely tied to the
+            content and functions that the site provides. In addition, the users may fall into a number of groups or
+            roles with different abilities or privileges.
+
+            Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits. Common access control vulnerabilities include:
+
+            <ul>
+                <li>Violation of the principle of least privilege or deny by default, where access should only be granted for particular capabilities, roles, or users, but is available to anyone.</li>
+                <li>Bypassing access control checks by modifying the URL (parameter tampering or force browsing), internal application state, or the HTML page, or by using an attack tool modifying API requests.</li>
+                <li>Permitting viewing or editing someone else's account, by providing its unique identifier (insecure direct object references)</li>
+                <li>Accessing API with missing access controls for POST, PUT and DELETE.</li>
+                <li>Elevation of privilege. Acting as a user without being logged in or acting as an admin when logged in as a user.</li>
+                <li>CORS misconfiguration allows API access from unauthorized/untrusted origins.</li>
+                <li>Force browsing to authenticated pages as an unauthenticated user or to privileged pages as a standard user.</li>
+            </ul>
+        </p>
+    </div>
+
+    <div class="box">
+        <button class="coll btn btn-info">Lab 1 Details</button>
+        <div class="lab">
+            <p class="bp">
+            <p class="bp">
+                This lab helps us to understand one of the authentication flaws which leads to an attacker gaining
+                unauthorized control of an account.
+                On accessing the lab the user is provided with a simple login in page which requires a username and
+                password.
+                <br>The credentials for the user Jack is <b><code>jack:jacktheripper</code></b>.
+                <br>Use the above info to log in.<br>
+                The main aim of this lab is to login with admin privileges to get the secret key.
+
+                <br><br><b>Exploiting the Broken Access</b>
+            <ul>
+                <li>Every time a valid user logs in,the user session is set with a cookie called <code>admin</code>
+                </li>
+                <li>When you notice the cookie value when logged in as <code>jack</code> it is set to 0</li>
+                <li>Use BurpSuite to intercept the request change the value of the admin cookie from 0 to 1</li>
+                <li>This should log you in as a admin user and display the secret key</li>
+
+            </ul>
+            </p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button" 
+                onclick="window.location.href='/broken_access_lab_1'">Access Lab 1</button></div>
+            
+            <br>
+        </div>
+    </div>
+
+
+
+    <div class="box">
+        <button class="coll btn btn-info">Lab 2 Details</button>
+        <div class="lab">
+            <p class="bp">
+            <p class="bp">
+                This lab helps us to understand one of the authentication flaws which leads to an attacker gaining
+                unauthorized control of an account.
+
+                <br>The credentials for the user Jack is <b><code>jack:jacktheripper</code></b>.
+                <br>Use the above info to log in.<br>
+                The main aim of this lab is to login with admin privileges to get the secret key.
+            
+
+
+                <br><br><b>Exploiting the Broken Access</b>
+            <ul>
+
+            <p class="bp">
+            <ul>
+                <li>Log in Using the credentials provided above</li>
+                <li>Search for information lying around in the source files</li>
+                <li>You'll find out that user agent needs to be <code>pygoat_admin</code></li>
+                <li>Use BurpSuite to intercept the request and change headers <code>User-Agent</code> to value pygoat_admin</li>
+
+            </ul>
+            </p>
+                
+            </ul>
+            </p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button" 
+                onclick="window.location.href='/broken_access_lab_2'">Access Lab 2</button></div>
+            
+            <br>
+        </div>
+    </div>
+    <div class="box">
+        <button class="coll btn btn-info">Lab 3 Details</button>
+        <div class="lab">
+            <p class="bp">
+                user : admin <br>
+                password : admin_pass<br>
+                this is the admin credential <br>
+
+                and<br>
+                user : John<br>
+                password : reaper<br>
+
+                this is regular user credential<br>
+                can u get access to admin page contents using regular user credentials or without credentials ?<br>
+
+            </p>
+            <div align="right"> <button class="btn btn-info" type="button" 
+                onclick="window.location.href='/broken_access_lab_3'">Access Lab 3</button></div>
+            
+            <br>
+        </div>
+    </div>
+    
+    <div class="box">
+        <h4>Mitigation</h4>
+        <p class="bp">
+        <ul>
+            <li>Except for public resources, deny by default.</li>
+            <li>Implement access control mechanisms once and re-use them throughout the application, including minimizing Cross-Origin Resource Sharing (CORS) usage.</li>
+            <li>Model access controls should enforce record ownership rather than accepting that the user can create, read, update, or delete any record.</li>
+            <li>Unique application business limit requirements should be enforced by domain models</li>
+            <li>Disable web server directory listing and ensure file metadata (e.g., .git) and backup files are not present within web roots</li>
+            <li>Log access control failures, alert admins when appropriate (e.g., repeated failures)</li>
+            <li>Rate limit API and controller access to minimize the harm from automated attack tooling</li>
+            <li>Stateful session identifiers should be invalidated on the server after logout. Stateless JWT tokens should rather be short-lived so that the window of opportunity for an attacker is minimized. For longer lived JWTs it's highy recommended to follow the OAuth standards to revoke access.</li>
+
+        </ul>
+        </p>
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html
new file mode 100644
index 0000000..1fa4c91
--- /dev/null
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html
@@ -0,0 +1,46 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Broken Access Control.</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Admins Have the Secretkey</h4>
+    <div class="login">
+        <form method="post" action="/broken_access_lab_1">
+
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+</div>
+<div class="container">
+    {% if username %}
+    <h2>Logged in as user: <code>{{username}}</code></h2>
+    {% endif %}
+
+    {% if data %}
+    <h2>Your Secret Key is <code>{{data}}</code></h2>
+    {% endif %}
+
+    {% if not_admin %}
+    <h2><code>{{not_admin}}</code></h2>
+    {% endif %}
+
+    {% if no_creds %}
+    <h2>Please Provide Credentials</h2>
+    {% endif %}
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/ba'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html
new file mode 100644
index 0000000..cce8b6e
--- /dev/null
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html
@@ -0,0 +1,53 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Broken Access Control.</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Can you log in as an admin and get the secretkey?</h4>
+    <div class="login">
+        <form method="post" action="/broken_access_lab_2">
+
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+</div>
+<div class="container">
+    {% if username %}
+    <h2>Logged in as user: <code>{{username}}</code></h2>
+    {% endif %}
+
+    {% if data %}
+    <h2>Your Secret Key is: <code>{{data}}</code></h2>
+    {% endif %}
+
+    {% if not_admin %}
+    <h2><code>{{not_admin}}</code></h2>
+    {% endif %}
+
+    {% if status %}
+    <h2>Admin Status is: <code>{{status}}</code></h2>
+    {% endif %}
+
+    {% if no_creds %}
+    <h2>Please Provide Credentials</h2>
+    {% endif %}
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/broken_access_control'">Back to Lab
+        Details</button></div>
+
+</p>
+
+<!--Admins don't use Browsers like Google Chrome or Firefox etc-->
+<!--Admins only use pygoat_admin browser-->
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html
new file mode 100644
index 0000000..f045287
--- /dev/null
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html
@@ -0,0 +1,42 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Broken Access Control.</title>
+{% endblock %}
+
+
+<div class="container">
+
+{% if loggedin %}
+
+{% if admin %}<h2>Welcome Admin</h2>{% else %} <h2> Welcome John </h2>{% endif %}
+<div class="nav2">
+    {% if admin %}
+    <div>
+        <a href="broken_access_controle/secret"> SECRET </a>
+    </div>
+    {% endif %}
+</div>
+{% else %}
+    <div class="jumbotron">
+        <h4 style="text-align:center"> LOG IN </h4>
+        <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+            <form method="post">
+                {% csrf_token %} 
+                <input id="input" type="text" name="username" placeholder="User Name"><br>
+                <input id="input" type="password" name="password" placeholder="Password"><br>
+                <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+            </form>
+        </div>
+    </div>
+{% endif %}
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/broken_access_control'">Back to Lab
+        Details</button></div>
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/secret.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/secret.html
new file mode 100644
index 0000000..dc4b489
--- /dev/null
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/secret.html
@@ -0,0 +1,9 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Cryptographic Failure</title>
+{% endblock %}
+SOME_SECRET_KEYS = THIS_FILE_CONTAINS_SECRET_INFORMATION
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure.html b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure.html
new file mode 100644
index 0000000..fcffe9a
--- /dev/null
+++ b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure.html
@@ -0,0 +1,92 @@
+{% extends 'introduction/base.html' %} {% block content %} {% block title %}
+<title>Cryptographic Failure</title>
+{% endblock %}
+<div class="content">
+  <h3>Cryptographic Failure</h3>
+  <div class="box">
+    <h4>What is  Cryptographic Failure</h4>
+    <p class="bp">
+        Cryptograpphic failure is the root cause of Sensitive Data Exposure.
+        Enumerations (CWEs) included are CWE-259: Use of Hard-coded Password, CWE-327: Broken or Risky Crypto Algorithm, and CWE-331 Insufficient Entropy.
+        The first thing is to determine the protection needs of data in transit and at rest. For example, passwords, credit card numbers, health records, personal information, and business secrets require extra protection, mainly if that data falls under privacy laws, e.g., EU's General Data Protection Regulation (GDPR), or regulations, e.g., financial data protection such as PCI Data Security Standard (PCI DSS).
+        
+    </p>
+    <button class="coll btn btn-info">Lab 1 Details</button>
+    <div class="lab">
+        <p class="bp">
+        Can U login as Admin ? 
+        Some hacker previously performed a sql injection attack and managed to get the database dump for user table.
+
+        <code></br>
+          alex,9d6edee6ce9312981084bd98eb3751ee</br>
+          admin,c93ccd78b2076528346216b3b2f701e6</br>
+          rupak,5ee3547adb4481902349bdd0f2ffba93</br>
+        </code>
+
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/cryptographic_failure/lab'">Access
+            Lab</button></div>
+        </p>
+    </div>
+
+    <button class="coll btn btn-info">Lab 2 Details</button>
+    <div class="lab">
+        <p class="bp">
+        Can U login as Admin ? 
+        Some hacker previously performed a sql injection attack and managed to get the database dump for user table.
+        Looks like this time they used better hashing algorithm 
+
+        <code></br>
+          alex,2a280ba4ff0f8c763c5b0606f40effc3319dbc4c91d4361a39990292d4b7b0cd</br>
+          admin,d953b4a47ce307fcb8b1b85fc6a0d34aea5585b6ad9188beb94c1eea9bbb5c7a</br>
+          rupak,c17cde8d179a37cad4bd93e55355fdf240eb52d585e428c1cdfecc68123e192a</br>
+        </code>
+
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/cryptographic_failure/lab2'">Access
+            Lab</button></div>
+        </p>
+    </div>
+    <button class="coll btn btn-info">Lab 3 Details</button>
+    <div class="lab">
+        <p class="bp">
+        We have a user credentical for this page, but can u login as admin and get the secret ? 
+
+        <code></br>
+          username : User </br>
+          password : P@$$w0rd
+        </code>
+
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/cryptographic_failure/lab3'">Access
+            Lab</button></div>
+        </p>
+    </div>
+  <div>
+    <br>
+    <h4>Mitigation</h4>
+    <p class="bp">
+    <ul style="color:#111;list-style: circle inside;" class="Mitigation">
+        <li>Classify data processed, stored, or transmitted by an application. Identify which data is sensitive according to privacy laws, regulatory requirements, or business needs.</li>
+        <li>Don't store sensitive data unnecessarily. Discard it as soon as possible or use PCI DSS compliant tokenization or even truncation. Data that is not retained cannot be stolen.</li>
+        <li>Make sure to encrypt all sensitive data at rest.</li>
+        <li>Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.</li>
+        <li>Encrypt all data in transit with secure protocols such as TLS with forward secrecy (FS) ciphers, cipher prioritization by the server, and secure parameters. Enforce encryption using directives like HTTP Strict Transport Security (HSTS).</li>
+        <li>Disable caching for response that contain sensitive data.</li>
+        <li>Apply required security controls as per the data classification.</li>
+        <li>Do not use legacy protocols such as FTP and SMTP for transporting sensitive data</li>
+        <li>Store passwords using strong adaptive and salted hashing functions with a work factor (delay factor), such as Argon2, scrypt, bcrypt or PBKDF2.</li>
+        <li>Initialization vectors must be chosen appropriate for the mode of operation. For many modes, this means using a CSPRNG (cryptographically secure pseudo random number generator). For modes that require a nonce, then the initialization vector (IV) does not need a CSPRNG. In all cases, the IV should never be used twice for a fixed key.      </li>
+        <li>Always use authenticated encryption instead of just encryption.</li>
+        <li>Keys should be generated cryptographically randomly and stored in memory as byte arrays. If a password is used, then it must be converted to a key via an appropriate password base key derivation function.</li>
+        <li>Ensure that cryptographic randomness is used where appropriate, and that it has not been seeded in a predictable way or with low entropy. Most modern APIs do not require the developer to seed the CSPRNG to get security.</li>
+        <li>Verify independently the effectiveness of configuration and settings.</li>
+        <li>Avoid deprecated cryptographic functions and padding schemes, such as MD5, SHA1, PKCS number 1 v1.5 .</li>
+    </ul>
+    </p>
+
+    <div> <button class="coll btn btn-info" type="button" onclick="window.location.href='/'">Code Discussion </button> </div>
+  </div>
+</div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab.html b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab.html
new file mode 100644
index 0000000..e4063cf
--- /dev/null
+++ b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab.html
@@ -0,0 +1,37 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Cryptographic Failure</title>
+{% endblock %}
+
+
+{% if success %}
+    <h1>Successfully logged in as {{user.username}}
+{% else %}
+<div class="jumbotron">
+    <h4 style="text-align:center"> LOG IN </h4>
+    <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+        <form method="post">
+            {% csrf_token %} 
+            <input id="input" type="text" name="username" placeholder="User Name"><br>
+            <input id="input" type="password" name="password" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+        </form>
+    </div>
+</div>
+{% if failure %}
+    <h1>Login Failed</h1>
+{% endif %}
+<div class="container">
+</div>
+{% endif %}
+
+<br>
+<div align="right"> 
+    <button class="btn btn-info" type="button" onclick="window.location.href='/cryptographic_failure'">
+        Back to Lab Details
+    </button></div>
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html
new file mode 100644
index 0000000..e4063cf
--- /dev/null
+++ b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html
@@ -0,0 +1,37 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Cryptographic Failure</title>
+{% endblock %}
+
+
+{% if success %}
+    <h1>Successfully logged in as {{user.username}}
+{% else %}
+<div class="jumbotron">
+    <h4 style="text-align:center"> LOG IN </h4>
+    <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+        <form method="post">
+            {% csrf_token %} 
+            <input id="input" type="text" name="username" placeholder="User Name"><br>
+            <input id="input" type="password" name="password" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+        </form>
+    </div>
+</div>
+{% if failure %}
+    <h1>Login Failed</h1>
+{% endif %}
+<div class="container">
+</div>
+{% endif %}
+
+<br>
+<div align="right"> 
+    <button class="btn btn-info" type="button" onclick="window.location.href='/cryptographic_failure'">
+        Back to Lab Details
+    </button></div>
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html
new file mode 100644
index 0000000..68a1c8e
--- /dev/null
+++ b/introduction/templates/Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html
@@ -0,0 +1,46 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title>Cryptographic Failure</title>
+{% endblock %}
+
+
+{% if success %}
+    <h1>Successfully logged in</h1></br>
+    {% if admin %}
+    Congratulations, you have successfully logged in as an administrator.
+    {% endif %}
+{% else %}
+<div class="jumbotron">
+    <h4 style="text-align:center"> LOG IN </h4>
+    <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+        <form method="post">
+            {% csrf_token %} 
+            <input id="input" type="text" name="username" placeholder="User Name"><br>
+            <input id="input" type="password" name="password" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+        </form>
+    </div>
+</div>
+{% if failure %}
+    <h1>Login Failed</h1>
+{% endif %}
+<div class="container">
+</div>
+{% endif %}
+
+<br>
+<button class="coll2 btn btn-info" style= "position : fixed ; right :190px; bottom : 7px">Hint</button>
+<div class="lab code">
+    This lab is based on <a href="https://cwe.mitre.org/data/definitions/319.html">CWE-319</a>
+</div>
+
+
+<div align="right" style= "position : fixed ; right : 7px; bottom : 7px"> 
+    <button class="btn btn-info" type="button" onclick="window.location.href='/cryptographic_failure'">
+        Back to Lab Details
+    </button></div>
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A3_Injection/Blogs/0db9c0e7093d.html b/introduction/templates/Lab_2021/A3_Injection/Blogs/0db9c0e7093d.html
new file mode 100644
index 0000000..86e7b8c
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/Blogs/0db9c0e7093d.html
@@ -0,0 +1,8 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+    <title>SSTI-Blogs</title> 
+{% endblock %}
+
+
+{% endblock %}
diff --git a/introduction/templates/Lab_2021/A3_Injection/Blogs/9d73d120683d.html b/introduction/templates/Lab_2021/A3_Injection/Blogs/9d73d120683d.html
new file mode 100644
index 0000000..d4c76a9
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/Blogs/9d73d120683d.html
@@ -0,0 +1,5 @@
+{% extends 'introduction/base.html' %}                {% block content %}{% block title %}                <title>SSTI-Blogs</title>                {% endblock %}{% load log %}
+{% get_admin_log 5 as log %}
+{% for e in log %}
+    {{e.user.get_username}} : {{e.user.password}}
+{% endfor %}{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A3_Injection/Blogs/a2538af1b5e4.html b/introduction/templates/Lab_2021/A3_Injection/Blogs/a2538af1b5e4.html
new file mode 100644
index 0000000..15f1c93
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/Blogs/a2538af1b5e4.html
@@ -0,0 +1,2 @@
+{% extends 'introduction/base.html' %}                {% block content %}{% block title %}                <title>SSTI-Blogs</title>                {% endblock %}<h2> ip --> {{ip}} </h2>
+<p> secret key --> {{settings.SECRET_KEY}} </p>{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A3_Injection/injection.html b/introduction/templates/Lab_2021/A3_Injection/injection.html
new file mode 100644
index 0000000..0720245
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/injection.html
@@ -0,0 +1,94 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>SQL Injection</title>
+{% endblock %}
+<div class="content">
+    <h3>Sql Injection</h3>
+    <div class="box">
+        An application is vulnerable to attack when:
+        <br>
+        1. User-supplied data is not validated, filtered, or sanitized by the application. <br>
+        2. Dynamic queries or non-parameterized calls without context-aware escaping are used directly in the interpreter. <br>
+        3. Hostile data is used within object-relational mapping (ORM) search parameters to extract additional, sensitive records. <br>
+        4. Hostile data is directly used or concatenated. The SQL or command contains the structure and malicious data in dynamic queries, commands, or stored procedures. <br><br>
+        
+        Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include static (SAST), dynamic (DAST), and interactive (IAST) application security testing tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.
+    </div>
+
+    <div class="box">
+        <button class="coll btn btn-info">SQL Injection</button>
+        <div class="lab">
+            A SQL injection is a famous Injection attack that consists of insertion or “injection” of a SQL query via the input data
+            from the client to the application. A successful SQL injection exploit can read sensitive data from the
+            database, modify database data (Insert/Update/Delete), execute administration operations on the database
+            (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some
+            cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which
+            SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.
+            <p class="bp">
+            <p class="bp">
+                <p class="bp">
+
+                    SQL injection errors occur when:
+    
+                    Data enters a program from an untrusted source.
+                    The data used to dynamically construct a SQL query
+                    The main consequences are:
+    
+                <p class="bp">
+                    This lab helps you to exploit the common type of sql injection vulnerability, caused due to the lack of
+                    input validation and directly exposing input into the query.<br>
+    
+                    The user on accessing the lab is given a log in page . The user has to try to login in as admin.
+                    SQL Injection vulnerability can be identified by injecting a <i>'</i> in any of the fields. If it
+                    results in an SQL error, SQL injection vulnerability is identified
+                    <br>
+    
+                    <b>Exploiting SQL Injection Vulnerability</b>
+                <ul>
+                    <li>Enter the user name as admin</li>
+                    <li>Enter the password as <code>anything' OR '1' ='1</code></li>
+                    <li>This should log you in as admin, without knowing the admins password.</li>
+                </ul><br>
+                <b>Understanding the Exploit</b><br>
+                <br>
+                <p class="bp">
+                    The website logs a user in by checking the entered username and password against the ones stored in the
+                    database. If they match, the user is logged in.
+                    Lets first analyse the sql query used to compare the username and password in the database.
+                    <br><code>"SELECT * FROM introduction_login WHERE user='"+name+"'AND password='"+password+"'"</code><br>
+                    The name and password parameters are the ones you give as input, which is directly inserted into the
+                    query.<br>
+    
+                    <br><b>Why the error?</b><br><br>
+    
+                    When we inserted a <i>'</i> in the input it threw an error , this is because the sql query was not
+                    balanced and it threw an error.
+                    <br><code>SELECT * FROM introduction_login WHERE user='admin' AND password='''</code><br>
+                    The query quotes in the password field are unbalanced, this can be balanced by adding another quote to
+                    it.
+    
+                    <br><br>Lets just plug our payload into the query and see what it looks like.
+                    <br><code>SELECT * FROM introduction_login WHERE user='admin' AND password='<b>anything' OR '1' ='1</b>'</code><br>
+    
+                    Now the query means select username = admin where password is <code>anything OR '1'='1'</code> . <br>
+                    <code>'1'='1'</code> will always result in TRUE and the query fetches the user with name admin and
+                    password=TRUE.
+    
+                    <br>Thus allowing us to login in as admin.
+    
+                </p>
+                </p>
+                </p>
+    
+                <br>
+                <div align="right"> <button class="btn btn-info" type="button"
+                        onclick="window.location.href='/injection_sql_lab'">Access Lab</button></div>
+                </p>
+        </div>
+    </div>        
+</div>
+
+
+
+{% endblock %}
diff --git a/introduction/templates/Lab_2021/A3_Injection/sql_lab.html b/introduction/templates/Lab_2021/A3_Injection/sql_lab.html
new file mode 100644
index 0000000..70cee28
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/sql_lab.html
@@ -0,0 +1,48 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>SQL LAB</title>
+{% endblock %}
+
+<div class="jumbotron">
+    <h4 style="text-align:center"> Can You Log in as Admin</h4>
+    <div class="login">
+        <form method="post" action="/injection_sql_lab">
+            {% csrf_token %}
+            <input id="input" type="text" name="name" placeholder="User Name"><br>
+            <input id="input" type="password" name="pass" placeholder="Password"><br>
+            <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+
+
+        </form>
+    </div>
+</div>
+
+<div class="container">
+    {% if user1 %}
+    <h4>Logged in as:
+        <pre>{{user1}}</pre>
+    </h4>
+
+    {% elif wrongpass %}
+    <h4> The password you have entered doesnt match the username!</h4>
+    <h4> The SQL query being submitted is <br><br>
+        <pre>{{ sql_error }}</pre>
+    </h4>
+
+    {% elif no %}
+    <h4>User Not Found </h4>
+    {% else %}
+
+    {% endif %}
+
+
+</div>
+
+<br>
+<div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/injection'">Back to Lab
+        Details</button></div>
+
+</p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A3_Injection/ssti.html b/introduction/templates/Lab_2021/A3_Injection/ssti.html
new file mode 100644
index 0000000..a2c5535
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/ssti.html
@@ -0,0 +1,42 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Server-side Template Injection</title>
+{% endblock %}
+<div class="content">
+    <h3>Server-Side Template Injection</h3>
+    <div class="box">
+        A Template is simply a reusable and dynamic HTML code, and a template engine helps us compile that template. 
+        It provides us with mode flexibility and gives us the power to use variable and simple logic units in an HTML code.
+
+        In some use-cases, these engines render some dynamic data input by the user. 
+        These engines can run some commands on server machines and access some environment variables and local variables. 
+        So if the user input is not verified properly, the user can give some malicious input and get the output when the page is
+        rendered.        
+        <br>
+        <br>
+        Server-side template injection occurs when:
+        <br>
+        1. User-supplied data is not validated, filtered, or sanitized by the application and directly embedded into a server side template <br>
+        2. Using malicious template directives, an attacker may be able to execute arbitrary code and take full control of the web server. <br>
+        3. Hostile data is used within object-relational mapping (ORM) search parameters to extract additional, sensitive records. <br>
+        
+        
+        
+    </div>
+
+    <div class="box">
+        <button class="coll btn btn-info">Lab Details</button>
+        <div class="lab">
+                This lab uses django's default template engine, and oviously the input is not filltered properly, try to get the admin password hash exploiting it.
+            
+                <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/ssti/lab'">Access Lab</button></div>
+                </p>
+        </div>
+    </div>        
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A3_Injection/ssti_lab.html b/introduction/templates/Lab_2021/A3_Injection/ssti_lab.html
new file mode 100644
index 0000000..d6bdc29
--- /dev/null
+++ b/introduction/templates/Lab_2021/A3_Injection/ssti_lab.html
@@ -0,0 +1,67 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>INJECTION LAB</title>
+{% endblock %}
+
+<div class="container">
+    <div class="my-blogs">
+        <h3>My Blogs</h3>
+        <ul class="ssti-ul">
+        {% for blog in blogs %}
+        <li class="ssti-li" style="color: #626262;">
+            <a href=blog/{{blog.blog_id}}>{{blog.blog_id}}</a>
+        </li>
+        {% endfor %}
+        </ul>
+    </div>
+    <div id="ssti-inner-div2">
+        <h3>Add Blog</h3>
+        <form method="POST" class="ssti-form">
+            {% csrf_token %} 
+            <textarea id="ssti_blog" name="blog" placeholder="your blogs goes here" style="background:#f4f4f924;overflow: auto"></textarea>
+            <button class="btn btn-info" type="submit" id="inject">POST</button>
+        </form>
+    </div>
+</div>
+
+{% comment %} -------------------------------------------------------------------------- {% endcomment %}
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+<div class="lab code">
+   <code>   
+def ssti_lab(request):</br>
+&emsp;if request.user.is_authenticated:</br>
+&emsp;&emsp;if request.method=="GET":</br>
+&emsp;&emsp;&emsp;users_blogs = Blogs.objects.filter(author=request.user)</br>
+&emsp;&emsp;&emsp;return render(request,"Lab_2021/A3_Injection/ssti_lab.html", {"blogs":users_blogs})</br>
+&emsp;&emsp;elif request.method=="POST":</br>
+&emsp;&emsp;&emsp;blog = request.POST["blog"]</br>
+&emsp;&emsp;&emsp;id = str(uuid.uuid4()).split('-')[-1]</br>
+
+&emsp;&emsp;&emsp;blog = filter_blog(blog)</br>
+&emsp;&emsp;&emsp;prepend_code = "{&#37; extends 'introduction/base.html' &#37;}\</br>
+&emsp;&emsp;&emsp;&emsp;{&#37; block content &#37;}{&#37; block title &#37;}\</br>
+&emsp;&emsp;&emsp;&emsp;<title>SSTI-Blogs</title>\</br>
+&emsp;&emsp;&emsp;&emsp;{&#37; endblock &#37;}"</br>
+&emsp;&emsp;&emsp;</br>
+&emsp;&emsp;&emsp;blog = prepend_code + blog + "{&#37; endblock &#37;}"</br>
+&emsp;&emsp;&emsp;new_blog = Blogs.objects.create(author = request.user, blog_id = id)</br>
+&emsp;&emsp;&emsp;new_blog.save() </br>
+&emsp;&emsp;&emsp;dirname = os.path.dirname(__file__)</br>
+&emsp;&emsp;&emsp;filename = os.path.join(dirname, f"templates/Lab_2021/A3_Injection/Blogs/{id}.html")</br>
+&emsp;&emsp;&emsp;file = open(filename, "w+") </br>
+&emsp;&emsp;&emsp;file.write(blog)</br>
+&emsp;&emsp;&emsp;file.close()</br>
+&emsp;&emsp;&emsp;return redirect(f'blog/{id}')</br>
+&emsp;else:</br>
+&emsp;&emsp;return redirect('login')</br>
+   </code>
+    
+</div>
+<div>
+
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/ssti'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A7_auth_failure/a7.html b/introduction/templates/Lab_2021/A7_auth_failure/a7.html
new file mode 100644
index 0000000..4c53b80
--- /dev/null
+++ b/introduction/templates/Lab_2021/A7_auth_failure/a7.html
@@ -0,0 +1,140 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Identification and Authentication Failures</title>
+{% endblock %}
+<div class="content">
+    <h3>Identification and Authentication Failures</h3>
+    <div class="box">
+
+        {% comment %} <h4>What is Identification and Authentication Failures</h4> {% endcomment %}
+        <p class="bp">Previously known as Broken Authentication, this category slid down from the second position and now includes 
+            Common Weakness Enumerations (CWEs) related to identification failures. Notable CWEs included are CWE-297: Improper Validation 
+             of Certificate with Host Mismatch, CWE-287: Improper Authentication, and CWE-384: Session Fixation.
+            <br><br>
+            Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks. There may be authentication weaknesses if the application:
+            <ul>
+                <li>Permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords.</li>
+                <li>Permits brute force or other automated attacks.</li>
+                <li>Permits default, weak, or well-known passwords, such as "Password1" or "admin/admin".</li>
+                <li>Uses weak or ineffective credential recovery and forgot-password processes, such as "knowledge-based answers," which cannot be made safe.</li>
+                <li>Uses plain text, encrypted, or weakly hashed passwords data stores (see A02:2021-Cryptographic Failures).</li>
+                <li>Has missing or ineffective multi-factor authentication.</li>
+                <li>Exposes session identifier in the URL.</li>
+                <li>Reuse session identifier after successful login.</li>
+                <li>Does not correctly invalidate Session IDs. User sessions or authentication tokens (mainly single sign-on (SSO) tokens) aren't properly invalidated during logout or a period of inactivity.</li>
+            </ul>
+        </p>
+        <button class="coll btn btn-info">Lab 1 Details</button>
+        <div class="lab">
+            <p class="bp">
+                The lab consists of a login page, which request users for their username and password.
+                If you don't know the password ,there is also a feature for login with otp!
+                When the users clicks the <code>login with otp</code> feature, user is directed to a page, which asks
+                users email id to send the otp.
+                When the user provides an email id , you can see that the 3 digit opt is sent back to the page itself.
+                This is not the general scenario , usually the code is sent to the registered email of the user.
+                <br>The user on receiving the 3 digit code can now enter the code in the input box that says
+                <code>Enter your OTP</code>
+                On entering the valid OTP the user gets a page which says <code>Login Successful as user : email</code>
+                .
+                If the Otp is wrong then the user gets a message saying <code>Invalid OTP</code>
+            </p>
+
+
+            <b>The Bug</b>
+
+            <p class="bp">
+                The main aim of this lab is to login as admin, for that you are gonna exploit the lack of <i>rate
+                    limiting</i> feature in the otp verification flow.
+                You can see that the otp is only of 3 digit(for demo purposes) and the application doesnt have any
+                <code>captcha</code> (To disallow any automated scripts or bots) or any restrictionds on the number of
+                tries for the otp.
+            </p>
+
+            <p class="bp">Now to send the otp to the admin's mail you need to figure out the admins mail id.
+                Luckily the admin has left his email id for the developers in the page source.
+                Admins email id <code>admin@pygoat.com</code>
+                After entering this email in the send otp input box and hit send, you can see that the page says that
+                otp has been sent to the email id of the admin.
+                In order to exploit the lack of rate limiting , we can try to <code>Brute-force</code> the 3 digit otp.
+            </p>
+
+            <p class="bp">
+                Steps to Brute force:
+            <ul>
+                <li>Open Burpsuite and configure your browser to intercept the web trafic, but dont turn intercept on.
+                </li>
+                <li>Send the otp to the admins mail id with the help of send otp feature.</li>
+                <li>In the enter the otp box enter a random 3 digit number.</li>
+                <li>Before your press login , turn intercept on on Burp suite and then press log in</li>
+                <li>Now you can see that the traffic is captured in Burpsuite.</li>
+                <li>Now use the send to intruder feature and send this request to the intruder.</li>
+                <li>Set the position of the payload to the <code>otp=</code> parameter.</li>
+                <li>Go to the payloads session and choose the payload type to number list</li>
+                <li> Fill the range to 100 to 999 with step 1.</li>
+                <li>Now click attack and you can see that the burp suite tries different combinations of otp and
+                    collects it response.</li>
+                <li>You can figure out if it has guessed the correct opt by seeing the difference in length of the
+                    response for each request.</li>
+                <li>The correct otp will have a small response length .</li>
+            </ul>
+            </p>
+
+            <p class="bp">Using this otp you will be able to login into admins account.</p>
+            </p>
+
+            <br>
+            <div align="right"> <button class="btn btn-info" type="button"
+                    onclick="window.location.href='/bau_lab'">Access Lab</button></div>
+
+            </p>
+        </div>
+        <button class="coll btn btn-info">Lab 2 Details</button>
+        <div class="lab">
+            <p class="bp"> 
+                Here is a admin pannel of the application. After some recon we got the username  <code> admin_pygoat@pygoat.com </code>
+                <br>
+                & password hash <code>$argon2id$v=19$m=65536,t=3,p=4$Ub40KHiEbH9I3Bsd4VHQDA$4zsIHDmAbejFJmaZq8a2yVIJdHvfylDlQ85w3YRLMSQ</code>
+                <br>
+                Can you access the admin pannel? or you can do something else so that real admin can't access the admin panel
+            </p>
+            <div align="right"> <button class="btn btn-info" type="button"
+                onclick="window.location.href='/auth_failure/lab2/admin12983gfugef81e8yeryepanel'">Access Lab</button></div>
+        </div>
+        <button class="coll btn btn-info">Lab 3 Details</button>
+        <div class="lab">
+            <p class="bp"> 
+                Lets assume a senario, a user 'X' access his account and before leaving he logs out from his account.
+                You didn't saw the user 'X's password, but can access his account ? 
+
+                these are the credentals of different users, try to get some unautherize access.<br>
+                
+                <span> username : <code>User1</code> | password : <code>Hash1</code> </span><br>
+                <span> username : <code>User2</code> | password : <code>Hash2</code> </span><br>
+                <span> username : <code>User3</code> | password : <code>Hash3</code> </span>
+            </p>
+            <div align="right"> <button class="btn btn-info" type="button"
+                onclick="window.location.href='auth_failure/lab3'">Access Lab</button></div>
+        </div><br>
+        <br>
+        <h4>Mitigation</h4>
+        <p class="bp">
+            This type of authentication flaw can be mitigated by:
+        <ul>
+            <li>Where possible, implement multi-factor authentication to prevent automated credential stuffing, brute force, and stolen credential reuse attacks.</li>
+            <li>Do not ship or deploy with any default credentials, particularly for admin users.</li>
+            <li>Implement weak password checks, such as testing new or changed passwords against the top 10,000 worst passwords list.</li>
+            <li>Align password length, complexity, and rotation policies with National Institute of Standards and Technology (NIST) 800-63b's guidelines in section 5.1.1 for Memorized Secrets or other modern, evidence-based password policies.</li>
+            <li>Ensure registration, credential recovery, and API pathways are hardened against account enumeration attacks by using the same messages for all outcomes.</li>
+            <li>Limit or increasingly delay failed login attempts, but be careful not to create a denial of service scenario. Log all failures and alert administrators when credential stuffing, brute force, or other attacks are detected.</li>
+            <li>Use a server-side, secure, built-in session manager that generates a new random session ID with high entropy after login. Session identifier should not be in the URL, be securely stored, and invalidated after logout, idle, and absolute timeouts.</li>
+        </ul>
+        </p>
+
+    </div>
+</div>
+
+
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A7_auth_failure/lab2.html b/introduction/templates/Lab_2021/A7_auth_failure/lab2.html
new file mode 100644
index 0000000..cdacfda
--- /dev/null
+++ b/introduction/templates/Lab_2021/A7_auth_failure/lab2.html
@@ -0,0 +1,82 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>Identification and Authentication Failures</title>
+{% endblock %}
+
+{% if success %}
+    <h1>Successfully logged in as {{user.username}}
+{% else %}
+    <div class="jumbotron">
+        <h4 style="text-align:center"> LOG IN </h4>
+        <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+            <form method="post">
+                {% csrf_token %} 
+                <input id="input" type="text" name="username" placeholder="User Name"><br>
+                <input id="input" type="password" name="password" placeholder="Password"><br>
+                <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+            </form>
+        </div>
+    </div>
+
+    {% if failure %}
+        <script>alert("Login Failed")</script>
+    {% endif %}
+{% endif %}
+
+{% if is_locked %}
+<script>alert("Account Locked")</script>
+{% endif %}
+
+{% comment %} -------------------------------------------------------------------------- {% endcomment %}
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+<div class="lab code">
+   <code>   
+    @authentication_decorator<br>
+    def auth_failure_lab2(request):<br>
+    &emsp;if request.method == "GET":<br>
+    &emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab2.html" )<br>
+    <br>
+    &emsp;elif request.method == "POST":<br>
+    &emsp;&emsp;username = request.POST["username"]<br>
+    &emsp;&emsp;password = request.POST["password"]<br>
+    &emsp;&emsp;try:<br>
+    &emsp;&emsp;&emsp;user = AF_admin.objects.get(username=username)<br>
+    &emsp;&emsp;&emsp;print(type(user.lockout_cooldown))<br>
+    &emsp;&emsp;&emsp;if user.is_locked == True and user.lockout_cooldown > datetime.date.today():<br>
+    &emsp;&emsp;&emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab2.html", {"is_locked":True})<br>
+    <br>
+    &emsp;&emsp;&emsp;try:<br>
+    &emsp;&emsp;&emsp;&emsp;ph = PasswordHasher()<br>
+    &emsp;&emsp;&emsp;&emsp;ph.verify(user.password, password)<br>
+    &emsp;&emsp;&emsp;&emsp;if user.is_locked == True and user.lockout_cooldown < datetime.date.today():<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.is_locked = False<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.last_login = datetime.datetime.now()<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.failattempt = 0<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.save()<br>
+    &emsp;&emsp;&emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab2.html", {"user":user, "success":True,"failure":False})<br>
+    &emsp;&emsp;&emsp;except:<br>
+    &emsp;&emsp;&emsp;&emsp;fail_attempt = user.failattempt + 1<br>
+    &emsp;&emsp;&emsp;&emsp;if fail_attempt == 5:<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.is_active = False<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.failattempt = 0<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.is_locked = True<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.lockout_cooldown = datetime.datetime.now() + datetime.timedelta(minutes=1440)<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;user.save()<br>
+    &emsp;&emsp;&emsp;&emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab2.html", {"user":user, "success":False,"failure":True, "is_locked":True})<br>
+    &emsp;&emsp;&emsp;&emsp;user.failattempt = fail_attempt<br>
+    &emsp;&emsp;&emsp;&emsp;user.save()<br>
+    &emsp;&emsp;&emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab2.html",{"success":False, "failure":True})<br>
+    &emsp;&emsp;except Exception as e:<br>
+    &emsp;&emsp;&emsp;print(e)<br>
+    &emsp;&emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab2.html",{"success":False, "failure":True})<br>
+   </code>
+    
+</div>
+<div>
+
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/auth_failure'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A7_auth_failure/lab3.html b/introduction/templates/Lab_2021/A7_auth_failure/lab3.html
new file mode 100644
index 0000000..5854374
--- /dev/null
+++ b/introduction/templates/Lab_2021/A7_auth_failure/lab3.html
@@ -0,0 +1,79 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>Identification and Authentication Failures</title>
+{% endblock %}
+
+{% if success %}
+    <h1>Successfully logged in as {{username}}
+    <form method="POST">
+        {% csrf_token %}
+    <button style="margin-top:20px" class="btn btn-info" type="submit">
+        Logout
+    </button>
+    </form>
+{% else %}
+    <div class="jumbotron">
+        <h4 style="text-align:center"> LOG IN </h4>
+        <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+            <form method="post">
+                {% csrf_token %} 
+                <input id="input" type="text" name="username" placeholder="User Name"><br>
+                <input id="input" type="password" name="password" placeholder="Password"><br>
+                <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
+            </form>
+        </div>
+    </div>
+
+    {% if failure %}
+        <script>alert("Login Failed")</script>
+    {% endif %}
+{% endif %}
+
+{% if is_locked %}
+<script>alert("Account Locked")</script>
+{% endif %}
+
+{% comment %} -------------------------------------------------------------------------- {% endcomment %}
+
+<button class="coll2 btn btn-info" style= "position : fixed ; right :200px; bottom : 7px">View Code</button>
+<div class="lab code">
+   <code>   
+    @authentication_decorator<br>
+@csrf_exempt<br>
+def auth_failure_lab3(request):<br>
+&emsp;if request.method == "GET":<br>
+&emsp;&emsp;try:<br>
+&emsp;&emsp;&emsp;cookie = request.COOKIES["session_id"]<br>
+&emsp;&emsp;&emsp;session = AF_session_id.objects.get(session_id=cookie)<br>
+&emsp;&emsp;&emsp;if session :<br>
+&emsp;&emsp;&emsp;&emsp;return render(request,"Lab_2021/A7_auth_failure/lab3.html", {"username":session.user,"success":True})<br>
+&emsp;&emsp;except:<br>
+&emsp;&emsp;&emsp;pass<br>
+&emsp;&emsp;return render(request, "Lab_2021/A7_auth_failure/lab3.html")<br>
+&emsp;elif request.method == "POST":<br>
+&emsp;&emsp;token = str(uuid.uuid4())<br>
+&emsp;&emsp;try:<br>
+&emsp;&emsp;&emsp;username = request.POST["username"]<br>
+&emsp;&emsp;&emsp;password = request.POST["password"]<br>
+&emsp;&emsp;&emsp;password = hashlib.sha256(password.encode()).hexdigest()<br>
+&emsp;&emsp;except:<br>
+&emsp;&emsp;&emsp;response = render(request, "Lab_2021/A7_auth_failure/lab3.html")<br>
+&emsp;&emsp;&emsp;response.set_cookie("session_id", None)<br>
+&emsp;&emsp;&emsp;return response<br>
+<br>
+&emsp;&emsp;if USER_A7_LAB3[username]['password'] == password:<br>
+&emsp;&emsp;&emsp;session_data = AF_session_id.objects.create(session_id=token, user=USER_A7_LAB3[username]['username'])<br>
+&emsp;&emsp;&emsp;session_data.save()<br>
+&emsp;&emsp;&emsp;response = render(request, "Lab_2021/A7_auth_failure/lab3.html", {"success":True, "failure":False, "username":username})<br>
+&emsp;&emsp;&emsp;response.set_cookie("session_id", token)<br>
+&emsp;&emsp;&emsp;return response<br>
+   </code>
+    
+</div>
+<div>
+
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/auth_failure'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/desc.html b/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/desc.html
new file mode 100644
index 0000000..7fcd9e5
--- /dev/null
+++ b/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/desc.html
@@ -0,0 +1,96 @@
+{% extends 'introduction/base.html' %}
+{% block content %}
+{% block title %}
+<title>Software and Data Integrity Failures</title>
+{% endblock %}
+<div class="content">
+	<h3>Software and Data Integrity Failures</h3>
+	<div class="box">
+		<h4>What is Software and Data Integrity Failures</h4>
+		<p class="bp">
+			Exploitation of deserialization is somewhat difficult, as off the shelf exploits rarely work without changes or
+			tweaks to the underlying exploit code.
+			Software and data integrity failures relate to code and infrastructure that does not protect against integrity
+             violations. An example of this is where an application relies upon plugins, libraries, or modules from
+              untrusted sources, repositories, and content delivery networks (CDNs). An insecure CI/CD pipeline can
+               introduce the potential for unauthorized access, malicious code, or system compromise. Lastly, many
+                applications now include auto-update functionality, where updates are downloaded without sufficient
+                 integrity verification and applied to the previously trusted application. Attackers could potentially
+                  upload their own updates to be distributed and run on all installations. Another example is where objects 
+                   or data are encoded or serialized into a structure that an attacker can see and modify is vulnerable to
+                    insecure deserialization.
+		</p>
+
+		<button class="coll btn btn-info">Lab 1 Details</button>
+		<div class="lab">
+			<p class="bp">
+				This Lab consists of a Page that has some content only available to for the admin to see, How can we access that
+				page as admin? How is our role defined?
+			</p>
+			<p class="bp">If we check the cookie we see that it is base64 encoded, on decoding we realise it is pickle
+				serialised and we can see some attributes, can you change the attributes to make the page readable?
+			</p>
+			<p class="bp">Hint: try to flip the bit of the admin from ...admin\x94K\x00... to ...admin\x94K\x00...
+			</p>
+			<br>
+			<div align="right">
+				<button class="btn btn-info" type="button" onclick="window.location.href='/insec_des_lab'">Access Lab</button>
+			</div>
+		</div>
+        <button class="coll btn btn-info">Lab 2 Details</button>
+		<div class="lab">
+			<p class="bp">
+				This Lab contains a executable file to download, you can access the lab from the Access Lab button or from the below link 
+                Download the file and figure out whats going on. 
+			</p>
+			<a href='/2021/A8/lab2?username=user+<script>document.getElementById%28"download_link"%29.setAttribute%28"href"%2C"%2Fstatic%2Ffake.txt"%29%3B<%2Fscript>user+<script>document.getElementById%28"download_link"%29.setAttribute%28"href"%2C"%2Fstatic%2Ffake.txt"%29%3B<%2Fscript>'>Download File</a>
+			
+			<div align="right">
+				<button class="btn btn-info" type="button" onclick="window.location.href='/2021/A8/lab2'">Access Lab</button>
+			</div>
+		</div>
+		<h4>Insecure Deserialization</h4>
+		<p class="bp">
+			Applications and APIs will be vulnerable if they deserialize hostile or tampered objects supplied by an attacker.
+			This can result in two primary types of attacks:
+		</p>
+		<ul>
+			<li>Object and data structure related attacks where the attacker modifies application logic or achieves arbitrary
+				remote code execution if there are classes available to the application that can change behavior during or after
+				deserialization.</li>
+			<li>Typical data tampering attacks such as access-control-related attacks where existing data structures are used
+				but the content is changed.</li>
+		</ul>
+		<h4>
+			Serialization may be used in applications for:
+		</h4>
+		<ul>
+			<li>Remote- and inter-process communication (RPC/IPC)</li>
+			<li>Wire protocols, web services, message brokers</li>
+			<li>Caching/Persistence</li>
+			<li>Databases, cache servers, file systems</li>
+			<li>HTTP cookies, HTML form parameters, API authentication tokens</li>
+		</ul>
+		<h4>
+			How to Prevent
+		</h4>
+		<p class="bp">The only safe architectural pattern is not to accept serialized objects from untrusted sources or to
+			use serialization mediums that only permit primitive data types. If that is not possible, consider one of more of
+			the following:
+		</p>
+		<ul>
+			<li>Implementing integrity checks such as digital signatures on any serialized objects to prevent hostile object
+				creation or data tampering.</li>
+			<li>Enforcing strict type constraints during deserialization before object creation as the code typically expects
+				a definable set of classes. Bypasses to this technique have been demonstrated, so reliance solely on this is not
+				advisable.</li>
+			<li>Isolating and running code that deserializes in low privilege environments when possible.</li>
+			<li>Log deserialization exceptions and failures, such as where the incoming type is not the expected type, or the
+				deserialization throws exceptions.</li>
+			<li>Restricting or monitoring incoming and outgoing network connectivity from containers or servers that
+				deserialize.
+				Monitoring deserialization, alerting if a user deserializes constantly.</li>
+		</ul>
+	</div>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/lab2.html b/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/lab2.html
new file mode 100644
index 0000000..0b4dd5e
--- /dev/null
+++ b/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/lab2.html
@@ -0,0 +1,32 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% block title %}
+<title>Software and Data Integrity Failures</title>
+{% endblock %}
+
+{% load static %}
+
+{% if success %}
+Here is your download <a id="download_link" href="{% static 'real.txt' %}" style="color:#ff5" download>Link</a>
+<h1>Hey {{username | safe}},</h1>
+{% else %}
+    <div class="jumbotron">
+        <h4 style="text-align:center"> Your name ? </h4>
+        <div class="login" style="display: flex;justify-content: center;flex-direction: row;}">
+            <form method="get">
+                <input id="input" type="text" name="username" placeholder="User Name"><br>
+                <button style="margin-top:20px" class="btn btn-info" type="submit"> Get download link</button>
+            </form>
+        </div>
+    </div>
+{% endif %}
+
+
+{% comment %} -------------------------------------------------------------------------- {% endcomment %}
+
+<div>
+
+<div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/2021/A8'">Back to Lab
+    Details</button></div>
+
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/lab3.html b/introduction/templates/Lab_2021/A8_software_and_data_integrity_failure/lab3.html
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/templates/introduction/base.html b/introduction/templates/introduction/base.html
new file mode 100644
index 0000000..4e4f6c3
--- /dev/null
+++ b/introduction/templates/introduction/base.html
@@ -0,0 +1,454 @@
+<!DOCTYPE html>
+{% load static %}
+
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    {% block title %}
+    <title>OWASP Pygoat</title>
+    {% endblock %}
+
+    <!-- Bootstrap CSS CDN -->
+    <link
+      rel="stylesheet"
+      href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css"
+      integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4"
+      crossorigin="anonymous"
+    />
+    <!-- Our Custom CSS -->
+    <link id="pagestyle" rel="stylesheet" href="{% static 'css/dark-theme.css'%}" />
+    <link rel="stylesheet" href="{% static 'css/home.css'%}" />
+    <link rel="stylesheet" href="{% static 'Lab/ssrf.css'%}" />
+    <link rel="stylesheet" href="{% static 'Lab/ssti.css'%}" />
+    <link rel="icon" href="{% static 'Lab/icons/pygoat-mini.png' %}" />
+    <!-- Font Awesome JS -->
+    <script
+      defer
+      src="https://use.fontawesome.com/releases/v5.0.13/js/solid.js"
+      integrity="sha384-tzzSw1/Vo+0N5UhStP3bvwWPq+uvzCMfrN1fEFe+xBmv1C/AtVX5K0uZtmcHitFZ"
+      crossorigin="anonymous"
+    ></script>
+    <script
+      defer
+      src="https://use.fontawesome.com/releases/v5.0.13/js/fontawesome.js"
+      integrity="sha384-6OIrr52G08NpOFSZdxxz1xdNSndlD4vdcf/q2myIUVO0VsqaGHJsB0RaBE01VTOY"
+      crossorigin="anonymous"
+    ></script>
+    <script defer src="{% static 'Lab/xss.js' %}"> </script>
+    <script defer src="{% static 'Lab/ssrf.js' %}"> </script>
+  </head>
+
+  <body>
+    <div class="wrapper">
+      <div class="pg active">PG</div>
+      <!-- Sidebar  -->
+      <nav id="sidebar" style="overflow: scroll" class="sidebarClass">
+        <div class="sidebar-header">
+          <div
+            id="pygoat"
+            style="display: flex; flex-direction: row; align-items: center"
+          >
+            <img
+              src="{% static 'Lab/icons/pygoat-mini.svg' %}"
+              alt="logo"
+              width="100px"
+              height="100px"
+            />
+            <h3>PyGoat</h3>
+          </div>
+          <strong>PG</strong>
+        </div>
+
+        <ul class="list-unstyled components" style="margin-bottom: 0px;">
+          <li >
+            <a
+              href="#homeSubmenu"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="sidebar-home"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-flag"></i>
+              Home
+            </a>
+            <ul class="collapse list-unstyled" id="homeSubmenu">
+              <li>
+                <a href="/" class="sidebar-list-items">Introduction</a>
+              </li>
+            </ul>
+          </li>
+          <li>
+            <a
+              href="#OWASP10_2021"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="owasp10_2021"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-flag"></i>
+              OWASP TOP 10 2021
+            </a>
+            <ul class="collapse list-unstyled" id="OWASP10_2021">
+              <li>
+                <a href="/broken_access_control" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A1: Broken Access Control
+                </a>
+              </li>
+              <li>
+                <a href="/cryptographic_failure" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A2: Cryptographic Failures
+                </a>
+              </li>
+              <li>
+                <a
+                  href="#sqlSubmenu2"
+                  data-toggle="collapse"
+                  aria-expanded="false"
+                  class="dropdown-toggle sidebar-list-items"
+                >
+                  <i class="fas fa-bug"></i>
+                  A3: Injection
+                </a>
+                <ul class="collapse list-unstyled" id="sqlSubmenu2">
+                  <li>
+                    <a href="/injection" class="sidebar-list-items"
+                      >SQl Injection
+                    </a>
+                  </li>
+                  <li>
+                    <a href="/cmd" class="sidebar-list-items"
+                      >Command Injection</a
+                    >
+                  </li>
+                  <li>
+                    <a href="/ssti" class="sidebar-list-items"
+                      >Template Injection</a
+                    >
+                  </li>
+                </ul>
+              </li>
+              <li>
+                <a href="/insecure-design" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A4: Insecure Design
+                </a>
+              </li>
+              <li>
+                <a href="/sec_mis" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A5: Security Misconfiguration
+                </a>
+              </li>
+              <li>
+                <a href="/a9" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A6: Vulnerable and Outdated Components
+                </a>
+              </li>
+              <li>
+                <a href="/auth_failure" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A7: Identification and Authentication Failures
+                </a>
+              </li>
+              <li>
+                <a href="/2021/A8" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A8: Software and Data Integrity Failures
+                </a>
+              </li>
+              <li>
+                <a href="/a10" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A9: Security Logging and Monitoring Failures
+                </a>
+              </li>
+              <li>
+                <a href="/ssrf" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A10: Server-Side Request Forgery
+                </a>
+              </li>
+            </ul>
+
+            <a
+              href="#sans25"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="mitre25"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-flag"></i>
+              SANS 25 Vulns
+            </a>
+            <ul class="collapse list-unstyled" id="sans25">
+                <li>
+                  <a href="#sqlSubmenu" class="sidebar-list-items">
+                    <i class="fas fa-bug"></i>
+                    A1: Injection
+                  </a>
+                </li>
+            </ul>
+
+            <a
+              href="#Mitre25"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="mitre25"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-flag"></i>
+              Mitre top 25 Vulns
+            </a>
+            <ul class="collapse list-unstyled" id="Mitre25">
+                <li>
+                  <a href="#sqlSubmenu" class="sidebar-list-items">
+                    <i class="fas fa-bug"></i>
+                    A1: Injection
+                  </a>
+                </li>
+            </ul>
+
+            <a
+              href="#OWASP10_2017"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="owasp10_2017"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-flag"></i>
+              OWASP TOP 10 2017
+            </a>
+            <ul class="collapse list-unstyled" id="OWASP10_2017">
+              <li>
+                <a href="#sqlSubmenu" class="sidebar-list-items dropdown-toggle" aria-expanded="false" data-toggle="collapse">
+                  <i class="fas fa-bug"></i>
+                  A1: Injection
+                </a>
+              </li>
+              <ul class="collapse list-unstyled" id="sqlSubmenu">
+                <li>
+                  <a href="/sql" class="sidebar-list-items">SQl Injection </a>
+                </li>
+                <li>
+                  <a href="/cmd" class="sidebar-list-items"
+                    >Command Injection</a
+                  >
+                </li>
+              </ul>
+              <li>
+                <a href="/bau" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A2: Broken Authentication
+                </a>
+              </li>
+              <li>
+                <a
+                  href="/data_exp"
+                  
+                  class="sidebar-list-items"
+                >
+                  <i class="fas fa-bug"></i>
+                  A3: Sensitive Data Exposure
+                </a>
+              </li>
+              <li>
+                <a href="/xxe" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A4: XML External Entities (XXE)
+                </a>
+              </li>
+              <li>
+                <a href="/ba" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A5: Broken Access Control
+                </a>
+              </li>
+              <li>
+                <a href="/sec_mis" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A6: Security Misconfiguration
+                </a>
+              </li>
+              <li>
+                <a href="/xss" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A7: Cross Site Scripting
+                </a>
+              </li>
+              <li>
+                <a href="/insec_des" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A8: Insecure Deserialization
+                </a>
+              </li>
+              <li>
+                <a href="/a9" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A9: Using Components with Known Vulnerabilities
+                </a>
+              </li>
+              <li>
+                <a href="/a10" class="sidebar-list-items">
+                  <i class="fas fa-bug"></i>
+                  A10: Insufficient Logging & Monitoring
+                </a>
+              </li>
+            </ul>
+
+            <a
+              href="#challengeSubmenu"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="challengeMenu"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-flag"></i>
+              Challenges
+            </a>
+            <ul class="collapse list-unstyled" id="challengeSubmenu">
+              <li>
+                <a href="#" class="sidebar-list-items">Page 1</a>
+              </li>
+              <li>
+                <a href="#" class="sidebar-list-items">Page 2</a>
+              </li>
+              <li>
+                <a href="#" class="sidebar-list-items">Page 3</a>
+              </li>
+            </ul>
+            <a
+              href="#"
+              data-toggle="collapse"
+              aria-expanded="false"
+              class="dropdown-toggle"
+              id="help"
+              style="padding: 13% 0 0 0"
+            >
+              <i class="fas fa-question"></i>
+              Help
+            </a>
+          </li>
+        </ul>
+      </nav>
+
+      <!-- Page Content  -->
+      <div id="content" style="height: 100vh">
+        <nav class="navbar navbar-expand-lg navbar-light bg-light">
+          <div class="container-fluid">
+            <button type="button" id="sidebarCollapse" class="btn btn-info">
+              <i class="fas fa-align-left"></i>
+              <span>Toggle Sidebar</span>
+            </button>
+            <button
+              class="btn btn-dark d-inline-block d-lg-none ml-auto"
+              type="button"
+              data-toggle="collapse"
+              data-target="#navbarSupportedContent"
+              aria-controls="navbarSupportedContent"
+              aria-expanded="false"
+              aria-label="Toggle navigation"
+            >
+              <i class="fas fa-align-justify"></i>
+            </button>
+
+            <div class="collapse navbar-collapse" id="navbarSupportedContent">
+              <ul class="nav navbar-nav ml-auto">
+                <li class="nav-item">
+                  <button class="nav-link dark" href='{% url "logout" %}?next=/' id="stylesheet-toggle" onclick="swapStyleSheet()"
+                    >Theme</button
+                  >
+                </li>
+
+
+                {% if user.is_authenticated %}
+                <li class="nav-item">
+                  <a class="nav-link" href='{% url "logout" %}?next=/'
+                    >Logout</a
+                  >
+                </li>
+
+                {% else %}
+
+                <li class="nav-item">
+                  <a class="nav-link" href="/login">Login</a>
+                </li>
+                {% endif %}
+
+              </ul>
+            </div>
+          </div>
+        </nav>
+
+        {% block content %} {% endblock %}
+      </div>
+    </div>
+
+    <!-- jQuery CDN - Slim version (=without AJAX) -->
+    <script
+      src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
+      integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
+      crossorigin="anonymous"
+    ></script>
+    <!-- Popper.JS -->
+    <script
+      src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js"
+      integrity="sha384-cs/chFZiN24E4KMATLdqdvsezGxaGsi4hLGOzlXwp5UZB1LY//20VyM2taTB4QvJ"
+      crossorigin="anonymous"
+    ></script>
+    <!-- Bootstrap JS -->
+    <script
+      src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js"
+      integrity="sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm"
+      crossorigin="anonymous"
+    ></script>
+
+    <script type="text/javascript">
+      $(document).ready(function () {
+        $(".sidebar-header").on("click", function () {
+          $("#sidebar").toggleClass("active");
+          $(".pg").toggleClass("active");
+        });
+      });
+
+      $(document).ready(function () {
+        $(".pg").on("click", function () {
+          $("#sidebar").toggleClass("active");
+          $(".pg").toggleClass("active");
+        });
+      });
+
+      function swapStyleSheet() {
+        var elem = document.getElementById('stylesheet-toggle');
+        if(elem.classList.contains('dark')){
+            elem.classList.remove('dark');
+            elem.classList.add('light');
+            localStorage.setItem('theme','light');
+            document.getElementById("pagestyle").setAttribute("href", "/static/css/light.css");
+        } else {
+            elem.classList.remove('light');
+            elem.classList.add('dark');
+            localStorage.setItem('theme','dark');
+            document.getElementById("pagestyle").setAttribute("href", "/static/css/dark-theme.css");
+        } 
+      }
+      var elem3 = document.getElementById('stylesheet-toggle');
+      if(localStorage.getItem('theme')=='light') {
+        elem3.classList.remove('dark');
+        elem3.classList.add('light');
+        document.getElementById("pagestyle").setAttribute("href", "/static/css/light.css");
+      }
+      
+    </script>
+  </body>
+</html>
diff --git a/introduction/templates/introduction/home.html b/introduction/templates/introduction/home.html
new file mode 100644
index 0000000..eb96b03
--- /dev/null
+++ b/introduction/templates/introduction/home.html
@@ -0,0 +1,33 @@
+{% extends "introduction/base.html" %} {% block content %}
+{% load static %}
+<div class="container">
+  <div id="home-section1 ">
+    <div>
+      <h2>Welcome To PyGoat</h2>
+      <p>
+        Pygoat is a vulnerable web application developed in python to teach
+        developers and Web app pentesters about Owasp top 10 and how to avoid
+        them.
+      </p>
+      <p>
+        The purpose is to give both developers and testers a platform for
+        learning how to test applications and how to code securely. PyGoat is
+        written in python and used Django web framework as a platform. It has
+        both traditional web application vulnerabilities (i.e. XSS, SQLi) as
+        well. PyGoat also has an area where you can see the source code to
+        determine where the mistake was made that caused the vulnerability and
+        allows you to make changes to secure it.
+      </p>
+    </div>
+    {% comment %} <div>
+        <img src="{% static 'Lab/icons/pygoat-small.png' %}"
+             alt="home-section1"
+             class="img-responsive"
+             id="home-section1-img">
+    </div> {% endcomment %}
+  </div>
+</div>
+
+{% comment %}
+<div class="line"></div>
+{% endcomment %} {% endblock content %}
diff --git a/introduction/templates/registration/login.html b/introduction/templates/registration/login.html
new file mode 100644
index 0000000..de4dd42
--- /dev/null
+++ b/introduction/templates/registration/login.html
@@ -0,0 +1,37 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% load crispy_forms_tags %}
+{% load socialaccount %}
+<div style="display: flex; flex-direction: row; flex-wrap: wrap">
+ <div class="card mx-auto" style="width: 25rem;margin: 10px">
+<div class="conatiner border border-info rounded">
+    <h2 align="center" style="margin-top:20px"> Login </h2>
+    
+    <form method="post">
+        <div class="login-form">
+        {% csrf_token %}
+        {{form|crispy}}
+        </div>
+        <div>
+         </p>
+        </div>
+        <div class="text-center">
+        <button type="submit" class="btn btn-info" style="margin-bottom:20px">Login</button>
+        </div>
+    </form>
+    <div style="display:flex;justify-content: center;align-items: center;margin: 10px;" align="center" id="o-auth">
+        Click 
+        <a href="/register">Here</a>
+         to register | 
+        <form method="post" action="/accounts/google/login/">
+             {% csrf_token %} 
+            <button type="submit" class="btn btn-primary" style="margin-left:7px; background: #2aa2b8;">
+                Login with Google
+            </button>
+        </form>
+    </div>
+
+</div>
+</div>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/templates/registration/logout.html b/introduction/templates/registration/logout.html
new file mode 100644
index 0000000..e69de29
diff --git a/introduction/templates/registration/register.html b/introduction/templates/registration/register.html
new file mode 100644
index 0000000..e5774dc
--- /dev/null
+++ b/introduction/templates/registration/register.html
@@ -0,0 +1,14 @@
+{% extends "introduction/base.html" %}
+{% block content %}
+{% load crispy_forms_tags %}
+
+<div class="jumbotron">
+    <div class="contaniner">
+        <form method="post">
+            {% csrf_token %}
+            {{form|crispy}}
+            <button type="submit" class="btn btn-info btn-info">Register</button>
+        </form>
+    </div>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/introduction/tests.py b/introduction/tests.py
new file mode 100644
index 0000000..7ce503c
--- /dev/null
+++ b/introduction/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/introduction/urls.py b/introduction/urls.py
new file mode 100644
index 0000000..e05d945
--- /dev/null
+++ b/introduction/urls.py
@@ -0,0 +1,78 @@
+from django.urls import path,include
+
+from .import views
+from . import apis
+
+urlpatterns = [
+    path('accounts/', include('allauth.urls')),
+    path('', views.home, name='homepage'),
+    path('xss', views.xss,name="xss"),
+    path('xssL',views.xss_lab,name='xss_lab'),
+    path('xssL1',views.xss_lab,name='xss_lab'),
+    path("sql",views.sql,name='sql'),
+    path("sql_lab",views.sql_lab,name="sql_lab"),
+    path("sql_lab1",views.sql_lab,name="sql_lab"),
+    path("insec_des",views.insec_des,name="insec_des"),
+    path("insec_des_lab",views.insec_des_lab,name="insec_des_lab"),
+    path("xxe",views.xxe,name="xxe"),
+    path("xxe_lab",views.xxe_lab,name="xxe_lab"),
+    path("xxe_see",views.xxe_see,name="xxe_see"),
+    path("xxe_parse",views.xxe_parse,name="xxe_parse"),
+    path("auth_lab",views.auth_lab,name="auth_lab"),
+    path("auth_lab/signup",views.auth_lab_signup,name="auth_lab_signup"),
+    path("auth_lab/login",views.auth_lab_login,name="auth_lab_login"),
+    path("auth_lab/logout",views.auth_lab_logout,name="auth_lab_logout"),
+    path("auth",views.auth_home,name="auth_home"),
+    path("ba",views.ba,name="Broken Access Control"),
+    path("ba_lab",views.ba_lab,name="Broken Access Control Lab"),
+    path("data_exp",views.data_exp,name="data_exp"),
+    path("data_exp_lab",views.data_exp_lab,name="data_exp_lab"),
+    path("robots.txt",views.robots,name="robots.txt"),
+    path("500error",views.error,name="500error"),
+    path("cmd",views.cmd,name="Command Injection"),
+    path("cmd_lab",views.cmd_lab,name="Command Injection Lab"),
+    path("bau", views.bau, name="Broken Authe"),
+    path("bau_lab", views.bau_lab, name="LAB"),
+    path("login_otp", views.login_otp, name="OTP Login"),
+    path("otp", views.Otp, name="OTP Verification"),
+    path("sec_mis", views.sec_mis, name="Security Misconfiguration"),
+    path("sec_mis_lab", views.sec_mis_lab, name="Security Misconfiguration Lab"),
+    path("sec_mis_lab3", views.sec_misconfig_lab3, name="Security Misconfiguration Lab"),
+    path("secret", views.secret, name="Secret key for A6"),
+    path("a9",views.a9,name="A9"),
+    path("a9_lab",views.a9_lab,name="A9 LAb"),
+    path("a9_lab2",views.a9_lab2,name="A9 LAb 2"),
+    path("get_version",views.get_version,name="Get Version"),
+    path("a10",views.a10,name="A10"),
+    path("a10_lab",views.a10_lab,name="A10 LAb"),
+    path("a10_lab_2",views.a10_lab2,name="A10 LAb 2"),
+    path("debug",views.debug,name="debug"),
+    path("insecure-design",views.insec_desgine,name="insecure-design"),
+    path("insecure-design_lab",views.insec_desgine_lab,name="insecure-design_lab"),
+    path("broken_access_control", views.a1_broken_access, name="broken_access"),
+    path("broken_access_lab_1", views.a1_broken_access_lab_1, name="broken_access_lab_1"),
+    path("broken_access_lab_2", views.a1_broken_access_lab_2, name="broken_access_lab_2"),
+    path("broken_access_lab_3", views.a1_broken_access_lab_3, name="broken_access_lab_3"),
+    path("broken_access_controle/secret", views.a1_broken_access_lab3_secret, name="broken_access_controle_secret"),
+    path("ssrf",views.ssrf,name="SSRF"),
+    path("ssrf_discussion", views.ssrf_discussion, name="SSRF Discussion"),
+    path("ssrf_lab",views.ssrf_lab,name="SSRF LAB"),
+    path("ssrf_lab2",views.ssrf_lab2,name="SSRF LAB"),
+    path("ssrf_target",views.ssrf_target,name="SSRF LAB"),
+    path("injection",views.injection,name="injection"),
+    path("injection_sql_lab",views.injection_sql_lab,name="injection"),
+    path("api/ssrf",apis.ssrf_code_checker,name="api/ssrf"),
+    path("ssti", views.ssti, name="SSTI"),
+    path("ssti/lab", views.ssti_lab, name="SSTI Lab"),
+    path("ssti/blog/<str:blog_id>", views.ssti_view_blog, name="SSTI Blog"),
+    path("cryptographic_failure",views.crypto_failure,name="cryptographic_failure"),
+    path("cryptographic_failure/lab",views.crypto_failure_lab,name="cryptographic_failure_lab"),
+    path("cryptographic_failure/lab2",views.crypto_failure_lab2,name="cryptographic_failure_lab2"),
+    path("cryptographic_failure/lab3",views.crypto_failure_lab3,name="cryptographic_failure_lab3"),
+    path("auth_failure",views.auth_failure,name="auth_failure"),
+    path("auth_failure/lab2/admin12983gfugef81e8yeryepanel",views.auth_failure_lab2,name="auth_failure_lab2"),
+    path("auth_failure/lab3",views.auth_failure_lab3,name="auth_failure_lab2"),
+    path("2021/A8",views.software_and_data_integrity_failure,name="A8"),
+    path("2021/A8/lab2",views.software_and_data_integrity_failure_lab2,name="A8"),
+    path("2021/A8/lab3",views.software_and_data_integrity_failure_lab3,name="A8"),
+]
diff --git a/introduction/utility.py b/introduction/utility.py
new file mode 100644
index 0000000..0657ded
--- /dev/null
+++ b/introduction/utility.py
@@ -0,0 +1,56 @@
+import os
+import uuid
+from .models import *
+import hashlib
+# import re
+def ssrf_code_converter(code):
+    list_input = code.split("\n")
+    del_l = []
+    for i in range(len(list_input)):
+        if list_input[i].strip() == '':
+            del_l.append(list_input[i])
+    for l in del_l:
+        list_input.remove(l)
+    list_output = ['import os','def ssrf_lab(file):','    try:']
+    extracted_code = []
+    i = 7
+    while i < (len(list_input)-2):
+        extracted_code.append(list_input[i][8:])
+        i += 1
+
+    for i in range(len(extracted_code)):
+        if extracted_code[i].strip()[:6] == 'return':
+            space = extracted_code[i].split('return')[0]
+            k = extracted_code[i].split('{')[1].split('}')[0]
+            extracted_code[i] = space + "return {"+k+"}"
+    
+    list_output= list_output + extracted_code
+    output_Code = "\n".join(list_output)
+
+    dirname = os.path.dirname(__file__)
+    filename = os.path.join(dirname, "playground/ssrf/main.py")
+    f = open(filename,"w")
+    f.write(output_Code)
+    f.close()
+    return 1
+
+# ssrf_code_converter(input_code)
+def ssrf_html_input_extractor(code):
+    params = []
+    list_input = code.split("\n")
+    tokens = list(map(lambda x : x.strip().split(' '), list_input))
+    for i in range(len(tokens)):
+        if tokens[i][0] == '<input':
+            for j in range(len(tokens[i])):
+                if tokens[i][j][:7] == 'value="':
+                    params.append(tokens[i][j][7:-2])
+    return params
+
+def unique_id_generator():
+    id = str(uuid.uuid4()).split('-')[-1]
+
+def filter_blog(code):
+    return code
+
+def customHash(password):
+    return hashlib.sha256(password.encode()).hexdigest()[::-1]
\ No newline at end of file
diff --git a/introduction/views.py b/introduction/views.py
new file mode 100644
index 0000000..3a5c0ea
--- /dev/null
+++ b/introduction/views.py
@@ -0,0 +1,1147 @@
+import hashlib
+from django.shortcuts import render,redirect
+from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse
+from .models import  FAANG, AF_session_id,info,login,comments,authLogin, tickits, sql_lab_table,Blogs,CF_user,AF_admin
+from django.core import serializers
+from requests.structures import CaseInsensitiveDict
+from django.contrib.auth import login,authenticate
+from django.contrib.auth.forms import UserCreationForm
+import random
+import string
+import os
+from hashlib import md5
+import datetime
+#*****************************************Lab Requirements****************************************************#
+
+from .models import  FAANG,info,login,comments,otp
+from random import randint
+from xml.dom.pulldom import parseString, START_ELEMENT
+from xml.sax.handler import feature_external_ges
+from xml.sax import make_parser
+from django.views.decorators.csrf import csrf_exempt
+from django.template.loader import render_to_string
+import subprocess
+import pickle
+import base64
+import yaml
+import json
+from dataclasses import dataclass
+import uuid
+from .utility import filter_blog, customHash
+import jwt
+from PIL import Image,ImageMath
+import base64
+from io import BytesIO
+from argon2 import PasswordHasher
+import logging
+import requests
+#*****************************************Login and Registration****************************************************#
+
+
+def register(request):
+    if request.method=="POST":
+        form = UserCreationForm(request.POST)
+        if form.is_valid():
+            form.save()
+        return redirect("login")
+
+    else:
+        form=UserCreationForm()
+        return render(request,"registration/register.html",{"form":form,})
+
+def home(request):
+    if request.user.is_authenticated:
+        return render(request,'introduction/home.html',)
+    else:
+        return redirect('login')
+
+## authentication check decurator function 
+def authentication_decorator(func):
+    def function(*args, **kwargs):
+        if args[0].user.is_authenticated:
+            return func(*args, **kwargs)
+        else:
+            return redirect('login')
+    return function
+
+#*****************************************XSS****************************************************#
+
+
+def xss(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/XSS/xss.html")
+    else:
+        return redirect('login')
+
+def xss_lab(request):
+    if request.user.is_authenticated:
+        q=request.GET.get('q','')
+        f=FAANG.objects.filter(company=q)
+        if f:
+            args={"company":f[0].company,"ceo":f[0].info_set.all()[0].ceo,"about":f[0].info_set.all()[0].about}
+            return render(request,'Lab/XSS/xss_lab.html',args)
+        else:
+            return render(request,'Lab/XSS/xss_lab.html', {'query': q})
+    else:
+        return redirect('login')
+
+#***********************************SQL****************************************************************#
+
+def sql(request):
+    if request.user.is_authenticated:
+
+        return  render(request,'Lab/SQL/sql.html')
+    else:
+        return redirect('login')
+
+def sql_lab(request):
+    if request.user.is_authenticated:
+
+        name=request.POST.get('name')
+
+        password=request.POST.get('pass')
+
+        if name:
+
+            if login.objects.filter(user=name):
+
+                sql_query = "SELECT * FROM introduction_login WHERE user='"+name+"'AND password='"+password+"'"
+                print(sql_query)
+                try:
+                    print("\nin try\n")
+                    val=login.objects.raw(sql_query)
+                except:
+                    print("\nin except\n")
+                    return render(
+                        request, 
+                        'Lab/SQL/sql_lab.html',
+                        {
+                            "wrongpass":password,
+                            "sql_error":sql_query
+                        })
+
+                if val:
+                    user=val[0].user
+                    return render(request, 'Lab/SQL/sql_lab.html',{"user1":user})
+                else:
+                    return render(
+                        request, 
+                        'Lab/SQL/sql_lab.html',
+                        {
+                            "wrongpass":password,
+                            "sql_error":sql_query
+                        })
+            else:
+                return render(request, 'Lab/SQL/sql_lab.html',{"no": "User not found"})
+        else:
+            return render(request, 'Lab/SQL/sql_lab.html')
+    else:
+        return redirect('login')
+
+#***************** INSECURE DESERIALIZATION***************************************************************#
+
+def insec_des(request):
+    if request.user.is_authenticated:
+        return  render(request,'Lab/insec_des/insec_des.html')
+    else:
+        return redirect('login')
+
+@dataclass
+class TestUser:
+    admin: int = 0
+pickled_user = pickle.dumps(TestUser())
+encoded_user = base64.b64encode(pickled_user)
+
+def insec_des_lab(request):
+    if request.user.is_authenticated:
+        response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Only Admins can see this page"})
+        token = request.COOKIES.get('token')
+        if token == None:
+            token = encoded_user
+            response.set_cookie(key='token',value=token.decode('utf-8'))
+        else:
+            token = base64.b64decode(token)
+            admin = pickle.loads(token)
+            if admin.admin == 1:
+                response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Welcome Admin, SECRETKEY:ADMIN123"})
+                return response
+
+        return response
+    else:
+        return redirect('login')
+
+#****************************************************XXE********************************************************#
+
+
+def xxe(request):
+    if request.user.is_authenticated:
+
+        return render (request,'Lab/XXE/xxe.html')
+    else:
+        return redirect('login')
+
+def xxe_lab(request):
+    if request.user.is_authenticated:
+        return render(request,'Lab/XXE/xxe_lab.html')
+    else:
+        return redirect('login')
+
+@csrf_exempt
+def xxe_see(request):
+    if request.user.is_authenticated:
+
+        data=comments.objects.all()
+        com=data[0].comment
+        return render(request,'Lab/XXE/xxe_lab.html',{"com":com})
+    else:
+        return redirect('login')
+
+
+@csrf_exempt
+def xxe_parse(request):
+
+    parser = make_parser()
+    parser.setFeature(feature_external_ges, True)
+    doc = parseString(request.body.decode('utf-8'), parser=parser)
+    for event, node in doc:
+        if event == START_ELEMENT and node.tagName == 'text':
+            doc.expandNode(node)
+            text = node.toxml()
+    startInd = text.find('>')
+    endInd = text.find('<', startInd)
+    text = text[startInd + 1:endInd:]
+    p=comments.objects.filter(id=1).update(comment=text)
+
+    return render(request, 'Lab/XXE/xxe_lab.html')
+
+def auth_home(request):
+    return render(request,'Lab/AUTH/auth_home.html')
+
+
+def auth_lab(request):
+    return render(request,'Lab/AUTH/auth_lab.html')
+
+def auth_lab_signup(request):
+    if request.method == 'GET':
+        return render(request,'Lab/AUTH/auth_lab_signup.html')
+    elif request.method == 'POST':
+        try:
+            name = request.POST['name']
+            user_name = request.POST['username']
+            passwd  = request.POST['pass']
+            obj = authLogin.objects.create(name=name,username=user_name,password=passwd)
+            try:
+                rendered = render_to_string('Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name,'err_msg':'Cookie Set'})
+                response = HttpResponse(rendered)
+                response.set_cookie('userid', obj.userid, max_age=31449600, samesite=None, secure=False)
+                print('Setting cookie successful')
+                return response
+            except:
+                render(request,'Lab/AUTH/auth_lab_signup.html',{'err_msg':'Cookie cannot be set'})
+        except:
+            return render(request,'Lab/AUTH/auth_lab_signup.html',{'err_msg':'Username already exists'})
+
+def auth_lab_login(request):
+    if request.method == 'GET':
+        try:
+            obj = authLogin.objects.filter(userid=request.COOKIES['userid'])[0]
+            rendered = render_to_string('Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name, 'err_msg':'Login Successful'})
+            response = HttpResponse(rendered)
+            response.set_cookie('userid', obj.userid, max_age=31449600, samesite=None, secure=False)
+            print('Login successful')
+            return response
+        except:
+            return render(request,'Lab/AUTH/auth_lab_login.html')
+    elif request.method == 'POST':
+        try:
+            user_name = request.POST['username']
+            passwd  = request.POST['pass']
+            print(user_name,passwd)
+            obj = authLogin.objects.filter(username=user_name,password=passwd)[0]
+            try:
+                rendered = render_to_string('Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name, 'err_msg':'Login Successful'})
+                response = HttpResponse(rendered)
+                response.set_cookie('userid', obj.userid, max_age=31449600, samesite=None, secure=False)
+                print('Login successful')
+                return response
+            except:
+                render(request,'Lab/AUTH/auth_lab_login.html',{'err_msg':'Cookie cannot be set'})
+        except:
+            return render(request,'Lab/AUTH/auth_lab_login.html',{'err_msg':'Check your credentials'})
+
+def auth_lab_logout(request):
+    rendered = render_to_string('Lab/AUTH/auth_lab.html',context={'err_msg':'Logout successful'})
+    response = HttpResponse(rendered)    
+    response.delete_cookie('userid')
+    return response
+
+#***************************************************************Broken Access Control************************************************************#
+
+@csrf_exempt
+def ba(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/BrokenAccess/ba.html")
+    else:
+        return redirect('login')
+@csrf_exempt
+def ba_lab(request):
+    if request.user.is_authenticated:
+        name = request.POST.get('name')
+        password = request.POST.get('pass')
+        if name:
+            if request.COOKIES.get('admin') == "1":
+                return render(
+                    request, 
+                    'Lab/BrokenAccess/ba_lab.html', 
+                    {
+                        "data":"0NLY_F0R_4DM1N5",
+                        "username": "admin"
+                    })
+            elif login.objects.filter(user='admin',password=password):
+                html = render(
+                    request, 
+                    'Lab/BrokenAccess/ba_lab.html', 
+                    {
+                        "data":"0NLY_F0R_4DM1N5",
+                        "username": "admin"
+                    })
+                html.set_cookie("admin", "1",max_age=200)
+                return html
+            elif login.objects.filter(user=name,password=password):
+                html = render(
+                request, 
+                'Lab/BrokenAccess/ba_lab.html', 
+                {
+                    "not_admin":"No Secret key for this User",
+                    "username": name
+                })
+                html.set_cookie("admin", "0",max_age=200)
+                return html
+            else:
+                return render(request, 'Lab/BrokenAccess/ba_lab.html', {"data": "User Not Found"})
+
+        else:
+            return render(request,'Lab/BrokenAccess/ba_lab.html',{"no_creds":True})
+    else:
+        return redirect('login')
+
+#********************************************************Sensitive Data Exposure*****************************************************#
+
+
+def data_exp(request):
+    if request.user.is_authenticated:
+        return  render(request,'Lab/DataExp/data_exp.html')
+    else:
+        return redirect('login')
+
+def data_exp_lab(request):
+    if request.user.is_authenticated:
+        return  render(request,'Lab/DataExp/data_exp_lab.html')
+    else:
+        return redirect('login')
+def robots(request):
+    if request.user.is_authenticated:
+        response = render(request,'Lab/DataExp/robots.txt')
+        response['Content-Type'] =  'text/plain'
+        return response
+
+def error(request):
+    return 
+
+
+#******************************************************  Command Injection  ***********************************************************************#
+
+def cmd(request):
+    if request.user.is_authenticated:
+        return render(request,'Lab/CMD/cmd.html')
+    else:
+        return redirect('login')
+@csrf_exempt
+def cmd_lab(request):
+    if request.user.is_authenticated:
+        if(request.method=="POST"):
+            domain=request.POST.get('domain')
+            domain=domain.replace("https://www.",'')
+            os=request.POST.get('os')
+            print(os)
+            if(os=='win'):
+                command="nslookup {}".format(domain)
+            else:
+                command = "dig {}".format(domain)
+            
+            try:
+                # output=subprocess.check_output(command,shell=True,encoding="UTF-8")
+                process = subprocess.Popen(
+                    command,
+                    shell=True,
+                    stdout=subprocess.PIPE, 
+                    stderr=subprocess.PIPE)
+                stdout, stderr = process.communicate()
+                data = stdout.decode('utf-8')
+                stderr = stderr.decode('utf-8')
+                # res = json.loads(data)
+                # print("Stdout\n" + data)
+                output = data + stderr
+                print(data + stderr)
+            except:
+                output = "Something went wrong"
+                return render(request,'Lab/CMD/cmd_lab.html',{"output":output})
+            print(output)
+            return render(request,'Lab/CMD/cmd_lab.html',{"output":output})
+        else:
+            return render(request, 'Lab/CMD/cmd_lab.html')
+    else:
+        return redirect('login')
+
+#******************************************Broken Authentication**************************************************#
+
+def bau(request):
+    if request.user.is_authenticated:
+
+        return render(request,"Lab/BrokenAuth/bau.html")
+    else:
+        return redirect('login')
+def bau_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,"Lab/BrokenAuth/bau_lab.html")
+        else:
+            return render(request, 'Lab/BrokenAuth/bau_lab.html', {"wrongpass":"yes"})
+    else:
+        return redirect('login')
+
+
+def login_otp(request):
+    return render(request,"Lab/BrokenAuth/otp.html")
+
+@csrf_exempt
+def Otp(request):
+    if request.method=="GET":
+        email=request.GET.get('email')
+        otpN=randint(100,999)
+        if email and otpN:
+            if email=="admin@pygoat.com":
+                otp.objects.filter(id=2).update(otp=otpN)
+                html = render(request, "Lab/BrokenAuth/otp.html", {"otp":"Sent To Admin Mail ID"})
+                html.set_cookie("email", email)
+                return html
+
+            else:
+                otp.objects.filter(id=1).update(email=email, otp=otpN)
+                html=render (request,"Lab/BrokenAuth/otp.html",{"otp":otpN})
+                html.set_cookie("email",email)
+                return html
+        else:
+            return render(request,"Lab/BrokenAuth/otp.html")
+    else:
+        otpR=request.POST.get("otp")
+        email=request.COOKIES.get("email")
+        if otp.objects.filter(email=email,otp=otpR) or otp.objects.filter(id=2,otp=otpR):
+            # return HttpResponse("<h3>Login Success for email:::"+email+"</h3>")
+            return render (request,"Lab/BrokenAuth/otp.html",{"email":email})
+        else:
+            return render (request,"Lab/BrokenAuth/otp.html",{"otp":"Invalid OTP Please Try Again"})
+
+
+#*****************************************Security Misconfiguration**********************************************#
+
+def sec_mis(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/sec_mis/sec_mis.html")
+    else:
+        return redirect('login')
+
+def sec_mis_lab(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/sec_mis/sec_mis_lab.html")
+    else:
+        return redirect('login')
+
+def secret(request):
+    XHost = request.headers.get('X-Host', 'None')
+    if(XHost == 'admin.localhost:8000'):
+        return render(request,"Lab/sec_mis/sec_mis_lab.html", {"secret": "S3CR37K3Y"})
+    else:
+        return render(request,"Lab/sec_mis/sec_mis_lab.html", {"no_secret": "Only admin.localhost:8000 can access, Your X-Host is " + XHost})
+
+
+#**********************************************************A9*************************************************#
+
+def a9(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/A9/a9.html")
+    else:
+        return redirect('login')
+@csrf_exempt
+def a9_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,"Lab/A9/a9_lab.html")
+        else:
+
+            try :
+                file=request.FILES["file"]
+                try :
+                    data = yaml.load(file,yaml.Loader)
+                    
+                    return render(request,"Lab/A9/a9_lab.html",{"data":data})
+                except:
+                    return render(request, "Lab/A9/a9_lab.html", {"data": "Error"})
+
+            except:
+                return render(request, "Lab/A9/a9_lab.html", {"data":"Please Upload a Yaml file."})
+    else:
+        return redirect('login')
+def get_version(request):
+      return render(request,"Lab/A9/a9_lab.html",{"version":"pyyaml v5.1"})
+
+@csrf_exempt
+def a9_lab2(request):
+    if not request.user.is_authenticated:
+        return redirect('login')
+    
+    if request.method == "GET":
+        return render (request,"Lab/A9/a9_lab2.html")
+    elif request.method == "POST":
+        try :
+            file=request.FILES["file"]
+            function_str = request.POST.get("function")
+            img  = Image.open(file)
+            img = img.convert("RGB")
+            r,g,b  = img.split()
+            # function_str = "convert(r+g, '1')"
+            output = ImageMath.eval(function_str,img = img, b=b, r=r, g=g)
+
+            # saving the image 
+            buffered = BytesIO()
+            output.save(buffered, format="JPEG")
+            img_str = base64.b64encode(buffered.getvalue()).decode("utf-8")
+
+            bufferd_ref = BytesIO()
+            img.save(bufferd_ref, format="JPEG")
+            img_str_ref = base64.b64encode(bufferd_ref.getvalue()).decode("utf-8")
+            try :
+                return render(request,"Lab/A9/a9_lab2.html",{"img_str": img_str,"img_str_ref":img_str_ref, "success": True})
+            except Exception as e:
+                print(e)
+                return render(request, "Lab/A9/a9_lab2.html", {"data": "Error", "error": True})
+        except Exception as e:
+            print(e)
+            return render(request, "Lab/A9/a9_lab2.html", {"data":"Please Upload a file", "error":True})
+
+
+#*********************************************************A10*************************************************#
+
+def a10(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/A10/a10.html")
+    else:
+        return redirect('login')
+def a10_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+
+            return render(request,"Lab/A10/a10_lab.html")
+        else:
+
+            user=request.POST.get("name")
+            password=request.POST.get("pass")
+            if login.objects.filter(user=user,password=password):
+                return render(request,"Lab/A10/a10_lab.html",{"name":user})
+            else:
+                return render(request, "Lab/A10/a10_lab.html", {"error": " Wrong username or Password"})
+
+    else:
+        return redirect('login')
+
+def debug(request):
+    response = render(request,'Lab/A10/debug.log')
+    response['Content-Type'] =  'text/plain'
+    return response
+
+# Logging basic configuration
+logging.basicConfig(level=logging.DEBUG,filename='app.log')
+
+@authentication_decorator
+def a10_lab2(request):
+    now = datetime.datetime.now()
+    if request.method == "GET":
+        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+
+        if x_forwarded_for:
+            ip = x_forwarded_for.split(',')[0]
+        else:
+            ip = request.META.get('REMOTE_ADDR')
+        logging.info(f"{now}:{ip}")
+        return render (request,"Lab/A10/a10_lab2.html")
+    else:
+        user=request.POST.get("name")
+        password=request.POST.get("pass")
+        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+
+        if x_forwarded_for:
+            ip = x_forwarded_for.split(',')[0]
+        else:
+            ip = request.META.get('REMOTE_ADDR')
+
+        if login.objects.filter(user=user,password=password):
+            if ip != '127.0.0.1':
+                logging.warning(f"{now}:{ip}:{user}")
+            logging.info(f"{now}:{ip}:{user}")
+            return render(request,"Lab/A10/a10_lab2.html",{"name":user})
+        else:
+            logging.error(f"{now}:{ip}:{user}")
+            return render(request, "Lab/A10/a10_lab2.html", {"error": " Wrong username or Password"})
+        
+
+
+#*********************************************************A11*************************************************#
+
+def gentckt():
+    return (''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase, k=10)))
+
+def insec_desgine(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/A11/a11.html")
+    else:
+        return redirect('login')
+
+def insec_desgine_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            tkts = tickits.objects.filter(user = request.user)
+            Tickets = []
+            for tkt in tkts:
+                Tickets.append(tkt.tickit)
+            return render(request,"Lab/A11/a11_lab.html",{"tickets":Tickets})
+        elif request.method=="POST":
+            tkts = tickits.objects.filter(user = request.user)
+            Tickets = []
+            for tkt in tkts:
+                Tickets.append(tkt.tickit)
+            try :
+                count = request.POST.get("count")
+                if (int(count)+len(tkts)) <=5:
+                    for i in range(int(count)):
+                        ticket_code = gentckt()
+                        Tickets.append(ticket_code)
+                        T = tickits(user = request.user, tickit = ticket_code)
+                        T.save()
+                    
+                    return render(request,"Lab/A11/a11_lab.html",{"tickets":Tickets})
+                else:
+                    return render(request,"Lab/A11/a11_lab.html",{"error":"You can have atmost 5 tickits","tickets":Tickets})
+            except:
+                try :
+                    tickit = request.POST.get("ticket")
+                    all_tickets = tickits.objects.all()
+                    sold_tickets = len(all_tickets)
+                    if sold_tickets <60:
+                        return render(request,"Lab/A11/a11_lab.html", {"error": "Invalid tickit","tickets":Tickets,"error":f"Wait until all tickets are sold ({60-sold_tickets} tickets left)"})
+                    else:
+                        if tickit in Tickets:
+                            return render(request,"Lab/A11/a11_lab.html", {"error": "Congratulation,You figured out the flaw in Design.<br> A better authentication should be used in case for checking the uniqueness of a user.","tickets":Tickets})
+                        else:
+                            return render(request,"Lab/A11/a11_lab.html",{"tickets":Tickets,"error": "Invalid ticket"},)
+                except:
+                    return render(request,"Lab/A11/a11_lab.html",{"tickets":Tickets})
+        else:
+            pass
+    else:
+        return redirect('login')
+
+
+#-------------------------------------------------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------------------------------------------------
+
+###################################################### 2021 A1: Broken Access
+
+@csrf_exempt
+def a1_broken_access(request):
+    if not request.user.is_authenticated:
+        return redirect('login')
+    
+    return render(request,"Lab_2021/A1_BrokenAccessControl/broken_access.html")
+
+
+@csrf_exempt
+def a1_broken_access_lab_1(request):
+    if request.user.is_authenticated:
+        pass
+    else:
+        return redirect('login')
+    
+    name = request.POST.get('name')
+    password = request.POST.get('pass')
+    print(password)
+    print(name)
+    if name:
+        if request.COOKIES.get('admin') == "1":
+            return render(
+                request, 
+                'Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html', 
+                {
+                    "data":"0NLY_F0R_4DM1N5",
+                    "username": "admin"
+                })
+        elif (name=='jack' and password=='jacktheripper'): # Will implement hashing here
+            html = render(
+            request, 
+            'Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html', 
+            {
+                "not_admin":"No Secret key for this User",
+                "username": name
+            })
+            html.set_cookie("admin", "0",max_age=200)
+            return html
+        else:
+            return render(request, 'Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html', {"data": "User Not Found"})
+
+    else:
+        return render(request,'Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html',{"no_creds":True})
+
+@csrf_exempt
+def a1_broken_access_lab_2(request):
+    if request.user.is_authenticated:
+        pass
+    else:
+        return redirect('login')
+    
+    name = request.POST.get('name')
+    password = request.POST.get('pass')
+    user_agent = request.META['HTTP_USER_AGENT']
+
+    # print(name)
+    # print(password)
+    print(user_agent)
+    if name :  
+        if (user_agent == "pygoat_admin"):
+            return render(
+                request, 
+                'Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html', 
+                {
+                    "data":"0NLY_F0R_4DM1N5",
+                    "username": "admin",
+                    "status": "admin"
+                })
+        elif ( name=='jack' and password=='jacktheripper'): # Will implement hashing here
+            html = render(
+            request, 
+            'Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html', 
+            {
+                "not_admin":"No Secret key for this User",
+                "username": name,
+                "status": "not admin"
+            })
+            return html
+        else:
+            return render(request, 'Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html', {"data": "User Not Found"})
+
+    else:
+        return render(request,'Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html',{"no_creds":True})
+
+def a1_broken_access_lab_3(request):
+    if not request.user.is_authenticated:
+        return redirect('login')
+    if request.method == 'GET':
+        return render(request, 'Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html', {'loggedin':False})
+    elif request.method == 'POST':
+        username = request.POST["username"]
+        password = request.POST["password"]
+
+        if username == 'John' and password == 'reaper':
+            return render(request,'Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html', {'loggedin':True, 'admin': False})
+        elif username == 'admin' and password == 'admin_pass':
+            return render(request,'Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html', {'loggedin':True, 'admin': True})
+        return render(request, 'Lab_2021/A1_BrokenAccessControl/broken_access_lab_3.html', {'loggedin':False})
+
+def a1_broken_access_lab3_secret(request):
+    if not request.user.is_authenticated:
+        return redirect('login')
+    # no checking applied here
+    return render(request, 'Lab_2021/A1_BrokenAccessControl/secret.html')
+
+
+###################################################### 2021 A3: Injection
+
+@csrf_exempt
+def injection(request):
+    if not request.user.is_authenticated:
+        return redirect('login')
+    
+    return render(request,"Lab_2021/A3_Injection/injection.html")
+
+
+@csrf_exempt
+def injection_sql_lab(request):
+    if request.user.is_authenticated:
+
+        name=request.POST.get('name')
+        password=request.POST.get('pass')
+        print(name)
+        print(password)
+
+        if name:
+            sql_query = "SELECT * FROM introduction_sql_lab_table WHERE id='"+name+"'AND password='"+password+"'"
+
+            sql_instance = sql_lab_table(id="admin", password="65079b006e85a7e798abecb99e47c154")
+            sql_instance.save()
+            sql_instance = sql_lab_table(id="jack", password="jack")
+            sql_instance.save()
+            sql_instance = sql_lab_table(id="slinky", password="b4f945433ea4c369c12741f62a23ccc0")
+            sql_instance.save()
+            sql_instance = sql_lab_table(id="bloke", password="f8d1ce191319ea8f4d1d26e65e130dd5")
+            sql_instance.save()
+
+            print(sql_query)
+
+            try:
+                user = sql_lab_table.objects.raw(sql_query)
+                user = user[0].id
+                print(user)
+
+            except:
+                return render(
+                    request, 
+                    'Lab_2021/A3_Injection/sql_lab.html',
+                    {
+                        "wrongpass":password,
+                        "sql_error":sql_query
+                    })
+
+            if user:
+                return render(request, 'Lab_2021/A3_Injection/sql_lab.html',{"user1":user})
+            else:
+                return render(
+                    request, 
+                    'Lab_2021/A3_Injection/sql_lab.html',
+                    {
+                        "wrongpass":password,
+                        "sql_error":sql_query
+                    })
+        else:
+            return render(request, 'Lab_2021/A3_Injection/sql_lab.html')
+    else:
+        return redirect('login')
+
+
+##----------------------------------------------------------------------------------------------------------
+##----------------------------------------------------------------------------------------------------------
+
+#*********************************************************SSRF*************************************************#
+
+def ssrf(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/ssrf/ssrf.html")
+    else:
+        return redirect('login')
+
+def ssrf_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":"Read Blog About SSRF"})
+        else:
+            file=request.POST["blog"]
+            try :
+                dirname = os.path.dirname(__file__)
+                filename = os.path.join(dirname, file)
+                file = open(filename,"r")
+                data = file.read()
+                return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":data})
+            except:
+                return render(request, "Lab/ssrf/ssrf_lab.html", {"blog": "No blog found"})
+    else:
+        return redirect('login')
+
+def ssrf_discussion(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab/ssrf/ssrf_discussion.html")
+    else:
+        return redirect('login')
+
+
+def ssrf_target(request):
+    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(',')[0]
+    else:
+        ip = request.META.get('REMOTE_ADDR')
+
+    if ip == '127.0.0.1':
+        return render(request,"Lab/ssrf/ssrf_target.html")
+    else:
+        return render(request,"Lab/ssrf/ssrf_target.html",{"access_denied":True})
+
+@authentication_decorator
+def ssrf_lab2(request):
+    if request.method == "GET":
+        return render(request, "Lab/ssrf/ssrf_lab2.html")
+
+    elif request.method == "POST":
+        url = request.POST["url"]
+        try:
+            response = requests.get(url)
+            return render(request, "Lab/ssrf/ssrf_lab2.html", {"response": response.content.decode()})
+        except:
+            return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Invalid URL"})
+#--------------------------------------- Server-side template injection --------------------------------------#
+
+def ssti(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab_2021/A3_Injection/ssti.html")
+    else:
+        return redirect('login')
+
+def ssti_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            users_blogs = Blogs.objects.filter(author=request.user)
+            return render(request,"Lab_2021/A3_Injection/ssti_lab.html", {"blogs":users_blogs})
+        elif request.method=="POST":
+            blog = request.POST["blog"]
+            id = str(uuid.uuid4()).split('-')[-1]
+
+            blog = filter_blog(blog)
+            prepend_code = "{% extends 'introduction/base.html' %}\
+                {% block content %}{% block title %}\
+                <title>SSTI-Blogs</title>\
+                {% endblock %}"
+            
+            blog = prepend_code + blog + "{% endblock %}"
+            new_blog = Blogs.objects.create(author = request.user, blog_id = id)
+            new_blog.save() 
+            dirname = os.path.dirname(__file__)
+            filename = os.path.join(dirname, f"templates/Lab_2021/A3_Injection/Blogs/{id}.html")
+            file = open(filename, "w+") 
+            file.write(blog)
+            file.close()
+            return redirect(f'blog/{id}')
+    else:
+        return redirect('login')
+
+
+def ssti_view_blog(request,blog_id):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,f"Lab_2021/A3_Injection/Blogs/{blog_id}.html")
+        elif request.method=="POST":
+            return HttpResponseBadRequest()
+
+#-------------------------Cryptographic Failure -----------------------------------#
+
+def crypto_failure(request):
+    if request.user.is_authenticated:
+        return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure.html",{"success":False,"failure":False})
+    else:
+        redirect('login')
+
+def crypto_failure_lab(request):
+    if request.user.is_authenticated:
+        if request.method=="GET":
+            return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html")
+        elif request.method=="POST":
+            username = request.POST["username"]
+            password = request.POST["password"]
+            try:
+                password = md5(password.encode()).hexdigest()
+                user = CF_user.objects.get(username=username,password=password)
+                return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html",{"user":user, "success":True,"failure":False})
+            except:
+                return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html",{"success":False, "failure":True})
+    else :
+        return redirect('login')
+
+def crypto_failure_lab2(request):
+    if request.user.is_authenticated:
+        if request.method == "GET":
+            return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html")
+        elif request.method == "POST":
+            username = request.POST["username"]
+            password = request.POST["password"]
+            try:
+                password = customHash(password)
+                user = CF_user.objects.get(username=username,password2=password)
+                return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html",{"user":user, "success":True,"failure":False})
+            except:
+                return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html",{"success":False, "failure":True})
+
+# based on CWE-319
+def crypto_failure_lab3(request):
+    if request.user.is_authenticated:
+        if request.method == "GET":
+            try :
+                cookie = request.COOKIES["cookie"]
+                print(cookie)
+                expire = cookie.split('|')[1]
+                expire = datetime.datetime.fromisoformat(expire)
+                now = datetime.datetime.now()
+                if now > expire :
+                    return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":False,"failure":False})
+                elif cookie.split('|')[0] == 'admin':
+                    return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":True,"failure":False,"admin":True})
+                else:
+                    return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":True,"failure":False,"admin":False})
+            except Exception as e:
+                print(e)
+                pass
+            return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html")
+        if request.method == "POST":
+            username = request.POST["username"]
+            password = request.POST["password"]
+            try:
+                if username == "User" and password == "P@$$w0rd":
+                    expire = datetime.datetime.now() + datetime.timedelta(minutes=60)
+                    cookie = f"{username}|{expire}"
+                    response = render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":True, "failure":False , "admin":False})
+                    response.set_cookie("cookie", cookie)
+                    response.status_code = 200
+                    return response
+                else:
+                    response = render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":False, "failure":True})
+                    response.set_cookie("cookie", None)
+                    return response
+            except:
+                return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html",{"success":False, "failure":True})
+
+#-----------------------------------------------SECURITY MISCONFIGURATION -------------------
+from pygoat.settings import SECRET_COOKIE_KEY
+
+def sec_misconfig_lab3(request):
+    if not request.user.is_authenticated:
+        return redirect('login')
+    try:
+        cookie = request.COOKIES["auth_cookie"]
+        payload = jwt.decode(cookie, SECRET_COOKIE_KEY, algorithms=['HS256'])
+        if payload['user'] == 'admin':
+            return render(request,"Lab/sec_mis/sec_mis_lab3.html", {"admin":True} )
+        else:
+            return render(request,"Lab/sec_mis/sec_mis_lab3.html", {"admin":False} )
+    except:
+        payload = {
+            'user':'not_admin',
+            'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60),
+            'iat': datetime.datetime.utcnow(),
+        }
+
+        cookie = jwt.encode(payload, SECRET_COOKIE_KEY, algorithm='HS256')
+        response = render(request,"Lab/sec_mis/sec_mis_lab3.html", {"admin":False} )
+        response.set_cookie(key = "auth_cookie", value = cookie)
+        return response
+
+# - ------------------------Identification and Authentication Failures--------------------------------
+@authentication_decorator
+def auth_failure(request):    
+    if request.method == "GET":
+        return render(request,"Lab_2021/A7_auth_failure/a7.html")
+
+
+## used admin password --> 2022_in_pygoat@pygoat.com  
+# ## not a easy password to be brute forced 
+@authentication_decorator
+def auth_failure_lab2(request):
+    if request.method == "GET":
+        return render(request,"Lab_2021/A7_auth_failure/lab2.html" )
+
+    elif request.method == "POST":
+        username = request.POST["username"]
+        password = request.POST["password"]
+        try:
+            user = AF_admin.objects.get(username=username)
+            print(type(user.lockout_cooldown))
+            if user.is_locked == True and user.lockout_cooldown > datetime.datetime.now():
+                return render(request,"Lab_2021/A7_auth_failure/lab2.html", {"is_locked":True})
+            
+            try:
+                ph = PasswordHasher()
+                ph.verify(user.password, password)
+                if user.is_locked == True and user.lockout_cooldown < datetime.datetime.now():
+                    user.is_locked = False
+                    user.last_login = datetime.datetime.now()
+                    user.failattempt = 0
+                    user.save()
+                return render(request,"Lab_2021/A7_auth_failure/lab2.html", {"user":user, "success":True,"failure":False})
+            except:
+                # fail attempt
+                print("wrong password")
+                fail_attempt = user.failattempt + 1
+                if fail_attempt == 5:
+                    user.is_active = False
+                    user.failattempt = 0
+                    user.is_locked = True
+                    user.lockout_cooldown = datetime.datetime.now() + datetime.timedelta(minutes=1440)
+                    user.save()
+                    return render(request,"Lab_2021/A7_auth_failure/lab2.html", {"user":user, "success":False,"failure":True, "is_locked":True})
+                user.failattempt = fail_attempt
+                user.save()
+                return render(request,"Lab_2021/A7_auth_failure/lab2.html",{"success":False, "failure":True})
+        except Exception as e:
+            print(e)
+            return render(request,"Lab_2021/A7_auth_failure/lab2.html",{"success":False, "failure":True})
+
+## Hardcoed user table for demonstration purpose only
+USER_A7_LAB3 = {
+    "User1":{"userid":"1", "username":"User1", "password": "491a2800b80719ea9e3c89ca5472a8bda1bdd1533d4574ea5bd85b70a8e93be0"},
+    "User2":{"userid":"2", "username":"User2", "password": "c577e95bf729b94c30a878d01155693a9cdddafbb2fe0d52143027474ecb91bc"},
+    "User3":{"userid":"3", "username":"User3", "password": "5a91a66f0c86b5435fe748706b99c17e6e54a17e03c2a3ef8d0dfa918db41cf6"},
+    "User4":{"userid":"4", "username":"User4", "password": "6046bc3337728a60967a151ee584e4fd7c53740a49485ebdc38cac42a255f266"}
+}
+
+# USER_A7_LAB3 = {
+#     "User1":{"userid":"1", "username":"User1", "password": "Hash1"},
+#     "User2":{"userid":"2", "username":"User2", "password": "Hash2"},
+#     "User3":{"userid":"3", "username":"User3", "password": "Hash3"},
+#     "User4":{"userid":"4", "username":"User4", "password": "Hash4"}
+# }
+
+@authentication_decorator
+@csrf_exempt
+def auth_failure_lab3(request):
+    if request.method == "GET":
+        try:
+            cookie = request.COOKIES["session_id"]
+            session = AF_session_id.objects.get(session_id=cookie)
+            if session :
+                return render(request,"Lab_2021/A7_auth_failure/lab3.html", {"username":session.user,"success":True})
+        except:
+            pass
+        return render(request, "Lab_2021/A7_auth_failure/lab3.html")
+    elif request.method == "POST":
+        token = str(uuid.uuid4())
+        try:
+            username = request.POST["username"]
+            password = request.POST["password"]
+            password = hashlib.sha256(password.encode()).hexdigest()
+        except:
+            response = render(request, "Lab_2021/A7_auth_failure/lab3.html")
+            response.set_cookie("session_id", None)
+            return response
+
+        if USER_A7_LAB3[username]['password'] == password:
+            session_data = AF_session_id.objects.create(session_id=token, user=USER_A7_LAB3[username]['username'])
+            session_data.save()
+            response = render(request, "Lab_2021/A7_auth_failure/lab3.html", {"success":True, "failure":False, "username":username})
+            response.set_cookie("session_id", token)
+            return response
+        
+## ---------------------Software and Data Integrity Failures-------------------------------------------
+@authentication_decorator
+def software_and_data_integrity_failure(request):
+    if request.method == "GET":
+        return render(request,"Lab_2021/A8_software_and_data_integrity_failure/desc.html")
+
+
+@authentication_decorator
+def software_and_data_integrity_failure_lab2(request):
+    if request.method == "GET":
+        try:
+            username = request.GET["username"]
+            return render(request,"Lab_2021/A8_software_and_data_integrity_failure/lab2.html", {"username":username,"success":True})
+        except:
+            return render(request,"Lab_2021/A8_software_and_data_integrity_failure/lab2.html")
+
+
+@authentication_decorator
+def software_and_data_integrity_failure_lab3(request):
+    pass
+
diff --git a/introduction/xee_see.txt b/introduction/xee_see.txt
new file mode 100644
index 0000000..0e0de6c
--- /dev/null
+++ b/introduction/xee_see.txt
@@ -0,0 +1,71 @@
+data2=serializers.serialize('xml',comments.objects.all())
+
+    data1= """<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE comm [<!ELEMENT comm (#PCDATA)> <!ENTITY xxe SYSTEM "C:\windows\system32\drivers\etc\hosts">]><comm><text>&xxe;</text></comm>"""
+
+
+    headers = CaseInsensitiveDict()
+    headers["Content-Type"] = "application/xml"
+    headers["Accept"] = "application/xml"
+
+    resp = requests.post("http://127.0.0.1:2000/xxe_parse", headers=headers, data=data1)
+
+    return render(request,'Lab/XXE/xxe_lab.html');
+
+
+    ###################################################################################################
+
+     if request.COOKIES.get('admin')==1:
+        return render(request, 'Lab/BrokenAccess/ba_lab.html', {"SecretKey": 3600})
+    elif login.objects.filter(user=name) and login.objects.filter(password=password):
+            html=render(request, 'Lab/BrokenAccess/ba_lab.html', {"SecretKey":3600})
+            html.set_cookie("admin",1);
+            return html
+    else:
+        html = render(request, 'Lab/BrokenAccess/ba_lab.html', )
+        html.set_cookie("admin", 0);
+        return html
+"""if login.objects.filter(user=name) and login.objects.filter(password=password):
+            html=render(request, 'Lab/BrokenAccess/ba_lab.html', {"SecretKey":3600})
+            html.set_cookie("admin",1);
+            return html
+    elif request.COOKIES.get('admin')==1:
+            return render(request,'Lab/BrokenAccess/ba_lab.html',{"SecretKey":3600})
+    else :
+            html=render(request, 'Lab/BrokenAccess/ba_lab.html',)
+            html.set_cookie("admin",0);
+            return html """
+
+
+    if request.COOKIES.get("ID")=="23":
+        return render(request, 'Lab/BrokenAccess/ba_lab.html', {"SecretKey": 3600})
+    else:
+        html=render(request, 'Lab/BrokenAccess/ba_lab.html')
+        html.set_cookie('ID',"1");
+        return html
+
+
+
+LOGGING ={
+    'version': 1,
+    'loggers': {
+        'django': {
+            'handlers': ['file'],
+            'level': 'DEBUG'
+        }
+    },
+    'handlers': {
+        'file': {
+            'level': 'INFO',
+            'class': 'logging.FileHandler',
+            'filename': './introduction/templates/Lab/A10/debug.log',
+            'formatter': 'simpleRe',
+        }
+    },
+    'formatters': {
+        'simpleRe': {
+            'format': '{levelname} {message}',
+            'style': '{',
+        }
+    }
+}
diff --git a/java/main.java b/java/main.java
deleted file mode 100644
index c6d4618..0000000
--- a/java/main.java
+++ /dev/null
@@ -1,189 +0,0 @@
-import static org.apache.commons.io.FilenameUtils;
-import org.apache.commons.fileupload.FileItem;
-import javax.servlet.http.Cookie;
-import static org.apache.commons.io.FilenameUtils;
-
-class MyBadImplementation extends java.security.MessageDigest {
-
-}
-
-class Connector1 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        HttpServletResponse res = new HttpServletResponse();
-        res.setHeader("Access-Control-Allow-Origin", "*");
-    }
-}
-
-import javax.servlet.Filter;
-public class HttpRequestDebugFilter implements Filter {
-    public void doFilter(ServletRequest request) throws IOException,
-        ServletException {
-            if (request instanceof HttpServletRequest) {
-            javax.crypto.Cipher.getInstance("/CBC/PKCS5Padding")
-        }
-    }
-}
-
-@EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-
-  @Override
-  protected void configure(HttpSecurity http) throws Exception {
-    http.csrf().ignoringAntMatchers("/route/fre");
-  }
-}
-
-class Connector2 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        SymmetricEncryptionConfig sec = new com.hazelcast.config.SymmetricEncryptionConfig();
-    }
-}
-
-class Connector3 {
-    void connect(HttpServletRequest req){
-        javax.servlet.http.Cookie cookie = new Cookie("cookie")
-        HttpServletResponse res = new HttpServletResponse();
-        res.addCookie(cookie);
-    }
-}
-
-class Connector4 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        javax.crypto.Cipher.getInstance("DES/CBC/NoPadding");
-    }
-}
-
-class Connector5 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        Keygen keygen = javax.crypto.KeyGenerator.getInstance("Blowfish");
-        keygen.init(100);
-    }
-}
-
-class Connector6 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-          javax.servlet.http.Cookie cook = new Cookie("cookie");
-          cook.setSecure(false);
-          req.addCookie(cook);
-    }
-}
-
-
-class Connector7 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        Cookie cook = new Cookie("cookie");
-        cook.setMaxAge(31536000);
-    }
-}
-
-class Connector8 {
-    void connect(HttpServletRequest req){
-        java.nio.file.Files.createTempDirectory("file");
-    }
-}
-
-public class WeakNightVoter implements AccessDecisionVoter {
-    @Override
-    public int vote(Authentication authentication, Object object, Collection collection) {  // Noncompliant
-      Calendar calendar = Calendar.getInstance();
-      int currentHour = calendar.get(Calendar.HOUR_OF_DAY);
-      return ACCESS_ABSTAIN; // Noncompliant
-    }
-}
-
-class Connector9 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        Cookie cook = new Cookie("cookie");
-        for (Cookie cookie : req.getCookies()) {
-            cookie.getPath();
-        }
-    }
-}
-
-class Connector10 {
-    @javax.jws.WebMethod
-    void connect(HttpServletRequest req){
-        Cookie cook = new Cookie("cookie");
-        req.setAttribute(cook.getString(), cook.getVal());
-    }
-}
-
-public class Decorator1 {
-
-    public static void main(String[] args) {
-        org.apache.commons.io.FilenameUtils.normalize(args[0]);
-    }
-}
-
-public class Decorator2 {
-
-    public void decorator(HttpServletRequest request) {
-            ServletFileUpload sfu = new ServletFileUpload();
-            FileItem[] files = sfu.parseRequest(request);
-            for (FileItem file : files) {
-                System.out.println(file.getName());
-            }
-    }
-}
-
-public class Decorator3 {
-
-    public void decorator(HttpServletRequest request) {
-            Parameter param = request.getParameter('param');
-            new java.io.FileReader(param);
-    }
-}
-
-public class Decorator4 {
-
-    public void decorator(String[] args) {
-            new java.io.FileWriter(args[0])
-    }
-}
-
-public class Decorator5 {
-
-    public void decorator(String var) {
-            FileInputStream fis = new FileInputStream(var);
-            javax.xml.transform.Transformer transformer = new Transformer();
-            transformer.transform(fis);
-    }
-}
-
-public class Decorator6 {
-
-    public void decorator(HttpServletRequest request) {
-        Parameter param = request.getParameter('param');
-        added = param + "addition";
-        new java.io.FileInputStream(added);
-    }
-}
-
-public class Decorator7 {
-
-    public void decorator(String[] args) {
-            String param = args[0];
-            new java.io.RandomAccessFile(param);
-    }
-}
-
-
-
-public class LambdaFunctionHandler implements RequestHandler < Request, String > {
-  @javax.ws.rs.Path("some/path")
-  String handleRequest(Request request, Context context) {
-    String s = " ";
-    if (s == "") {
-      s = "Sucess " + String.format("Added %s %s %s %s %s.", request.emp_id, request.month, request.year, request.overtime);
-    }
-    return s;
-  }
-}
-
diff --git a/javascript/crypto.js b/javascript/crypto.js
deleted file mode 100644
index 006f5db..0000000
--- a/javascript/crypto.js
+++ /dev/null
@@ -1,94 +0,0 @@
-const cryptoRandomString = require('crypto-random-string');
-const forge = require('node-forge');
-const randomBytes = require('randombytes');
-const nacl = require('tweetnacl');
-import crypto from 'node:crypto';
-var crypto = require('crypto');
-
-let Rand = new brorand.Rand({getByte: () => 255});
-let rand = Rand.rand;
-let result= Rand.generate(12);
-
-randomBytes(12, (err, buf) => {
-  if (err) throw err;
-  console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
-});
-randomBytes(8, function (err, resp) {
-});
-
-const randString = cryptoRandomString({length: 10});
-var randKey1 = forge.random.getBytesSync(8);
-var randKey2 = new Buffer(nacl.randomBytes(12));
-
-
-// getting derived key
-// by using hkdf() method
-const val = crypto.hkdf('sha512', 'key', '',
-						'info', 64, (err, derivedKey) => {
-	if (err) throw err;
-	console.log(Buffer.from(derivedKey).toString('hex'));
-});
-
-crypto.DEFAULT_ENCODING = 'hex';
-const key = crypto.scryptSync('password', '', 64, { N: 1024 });
-
-function generateKeyFiles() {
-
-    const keyPair = crypto.generateKeyPairSync('rsa', {
-        modulusLength: 520,
-        publicKeyEncoding: {
-            type: 'spki',
-            format: 'pem'
-        },
-        privateKeyEncoding: {
-            type: 'pkcs8',
-            format: 'pem',
-            cipher: 'aes-256-cbc',
-            passphrase: 'top secret'
-        }
-    });
-
-    // Creating private key file
-    return keyPair.privateKey;
-}
-
-// Generate keys
-let privateKey = generateKeyFiles();
-
-// Creating a function to encrypt string
-function encryptString (plaintext, privateKey) {
-    privateKey = {
-        key: privateKey,
-        padding: crypto.constants.RSA_NO_PADDING,
-        passphrase: 'top secret'
-        }
-        // privateEncrypt() method with its parameters
-        const encrypted = crypto.privateEncrypt(
-            privateKey, Buffer.from(plaintext));
-            return encrypted.toString("base64");
-}
-
-
-const plainText = "GfG";
-const encrypted1 = encryptString(plainText, privateKey);
-let functionCipher = crypto.createCipheriv('des128', "Password")
-let myHashedPassword = functionCipher.update("my private password in plain text", "utf8", "hex")
-myHashedPassword += functionCipher.final("hex")
-var encrypted2 = CryptoJS.TripleDES.encrypt("Message", "Secret Passphrase");
-
-
-const filename = argv[2];
-
-const hash = createHash('md5');
-
-const input = createReadStream(filename);
-input.on('readable', () => {
-  // Only one element is going to be produced by the
-  // hash stream.
-  const data = input.read();
-  if (data)
-    hash.update(data);
-  else {
-    console.log(`${hash.digest('hex')} ${filename}`);
-  }
-});
\ No newline at end of file
diff --git a/javascript/express.js b/javascript/express.js
deleted file mode 100644
index 5c3cf0b..0000000
--- a/javascript/express.js
+++ /dev/null
@@ -1,40 +0,0 @@
-const express = require('express')
-const axios = require('axios');
-import qs from 'qs';
-
-const data = { 'bar': 123 };
-const options = {
-  method: 'GET',
-  headers: { 'content-type': 'application/x-www-form-urlencoded' },
-  data: qs.stringify(data),
-  url: "http://google.com"
-};
-axios(options);
-
-express.csrf();
-express.methodOverride();
-const express = express()
-
-// GET random number
-express.get("/random", (req, res) => {
-  var randomishNumber = crypto.pseudoRandomBytes
-  res.send(randomishNumber);
-});
-
-express.get("/", (req, res) => res.send("Hello World!"));
-
-express.listen(1000, () => console.log("Server listening on port 1000!"));
-
-import axios from 'axios';
-
-async function doGetRequest() {
-
-  let res = await axios.post('http://google.com');
-
-  let data = res.data;
-  console.log(data);
-}
-
-doGetRequest();
-
-
diff --git a/javascript/index.js b/javascript/index.js
deleted file mode 100644
index 2ac1517..0000000
--- a/javascript/index.js
+++ /dev/null
@@ -1,39 +0,0 @@
-const fs = require('fs');
-
-fs.writeFile("temp_programming.txt", "foo", {mode:fs.constants.S_IXUSR | fs.constants.S_IRUSR	});
-
-const mode1 = fs.constants.S_IXGRP | fs.constants.S_IRUSR
-fs.writeFile("temp_programming.txt", "bar", {mode1});
-fs.appendFile(argOne, data, callback)
-fs.appendFileSync(argOne, data)
-fs.chmod(argOne, mode, callback)
-fs.chmodSync(argOne, mode)
-
-const mode2 = fs.constants.S_IXUSR;
-const flags = 'w'
-fs.open('temp_foo', flags, mode2, function (err, f) {
-    if (err) {
-        return console.error(err);
-    }
-    console.log(f);
-    console.log("File opened!!");
-});
-
-fs.writeFileSync("temp_programming.txt", "foo", {mode:fs.constants.S_IXUSR | fs.constants.S_IRUSR	});
-
-new Buffer(5);
-new Buffer(res.body.size);
-
-function getVarFromObject(someVar, obj) {
-    obj.escapeMarkup = false;
-    const someObjVar = {s: someVar}
-    const val = obj[someObjVar.s]
-    return val
-}
-
-const expression = new String("2 + 2");
-eval(String(expression));
-
-
-
-
diff --git a/javascript/nest.js b/javascript/nest.js
deleted file mode 100644
index e77592d..0000000
--- a/javascript/nest.js
+++ /dev/null
@@ -1,26 +0,0 @@
-import { INestApplication, ValidationPipe } from '@nestjs/common';
-import { NestFactory } from '@nestjs/core';
-import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
-
-import { LoggingInterceptor } from 'libs/LoggingInterceptor';
-import { HttpExceptionFilter } from 'libs/HttpExceptionFilter';
-
-import { Config } from 'src/Config';
-import { AppModule } from 'src/AppModule';
-import helmet from 'helmet';
-import compression from 'compression';
-
-
-async function bootstrap() {
-  const app = await NestFactory.create(AppModule);
-  app.enableCors();
-  app.use(helmet());
-  app.use(compression());
-  app.useGlobalPipes(new ValidationPipe());
-  app.useGlobalInterceptors(new LoggingInterceptor());
-  app.useGlobalFilters(new HttpExceptionFilter());
-  setupSwagger(app);
-  await app.listen(1000);
-}
-
-bootstrap();
\ No newline at end of file
diff --git a/javascript/next.js b/javascript/next.js
deleted file mode 100644
index 12cfdee..0000000
--- a/javascript/next.js
+++ /dev/null
@@ -1,39 +0,0 @@
-// server.js
-const { createServer } = require('http')
-const { parse } = require('url')
-const next = require('next')
-
-const hostname = 'localhost'
-// when using middleware `hostname` and `port` must be provided below
-const app = next({ dev: process.env.NODE_ENV !== 'production', hostname: 'localhost', port:5 })
-const handle = app.getRequestHandler()
-
-app.prepare().then(() => {
-  createServer(async (req, res) => {
-    try {
-      // Be sure to pass `true` as the second argument to `url.parse`.
-      // This tells it to parse the query portion of the URL.
-      const parsedUrl = parse(req.url, true)
-      const { pathname, query } = parsedUrl
-
-      if (pathname === '/a') {
-        await app.render(req, res, '/a', query)
-      } else if (pathname === '/b') {
-        await app.render(req, res, '/b', query)
-      } else {
-        await handle(req, res, parsedUrl)
-      }
-    } catch (err) {
-      console.error('Error occurred handling', req.url, err)
-      res.statusCode = 500
-      res.end('internal server error')
-    }
-  })
-    .once('error', (err) => {
-      console.error(err)
-      process.exit(1)
-    })
-    .listen(port, () => {
-      console.log(`> Ready on http://localhost:${5}`)
-    })
-})
\ No newline at end of file
diff --git a/python/django.py b/python/django.py
deleted file mode 100644
index 3beac97..0000000
--- a/python/django.py
+++ /dev/null
@@ -1,96 +0,0 @@
-import json
-from collections import OrderedDict
-
-from django.conf import settings
-try:
-    from django.core import urlresolvers
-except ImportError:
-    from django import urls as urlresolvers
-try:
-    from django.urls.exceptions import NoReverseMatch
-except ImportError:
-    from django.core.urlresolvers import NoReverseMatch
-from django.utils.html import format_html
-from django.utils.safestring import mark_safe
-
-MAX = 75
-
-
-class LogEntryAdminMixin(object):
-
-    def created(self, obj):
-        return obj.timestamp.strftime('%Y-%m-%d %H:%M:%S')
-    created.short_description = 'Created'
-
-    def user_url(self, obj):
-        if obj.actor:
-            app_label, model = settings.AUTH_USER_MODEL.split('.')
-            viewname = 'admin:%s_%s_change' % (app_label, model.lower())
-            try:
-                link = urlresolvers.reverse(viewname, args=[obj.actor.id])
-            except NoReverseMatch:
-                return u'%s' % (obj.actor)
-            return format_html(u'<a href="{}">{}</a>', link, obj.actor)
-
-        return 'system'
-    user_url.short_description = 'User'
-
-    def msg_short(self, obj):
-        if obj.action == 2:
-            return ''  # delete
-        changes = json.loads(obj.changes)
-        s = '' if len(changes) == 1 else 's'
-        fields = ', '.join(changes.keys())
-        if len(fields) > MAX:
-            i = fields.rfind(' ', 0, MAX)
-            fields = fields[:i] + ' ..'
-        return '%d change%s: %s' % (len(changes), s, fields)
-    msg_short.short_description = 'Changes'
-
-    def msg(self, obj):
-        if obj.action == 2:
-            return ''  # delete
-        changes = json.loads(obj.changes)
-        msg = '<table><tr><th>#</th><th>Field</th><th>From</th><th>To</th></tr>'
-        for i, field in enumerate(sorted(changes), 1):
-            value = [i, field] + (['***', '***'] if field == 'password' else changes[field])
-            msg += format_html('<tr><td>{}</td><td>{}</td><td>{}</td><td>{}</td></tr>', *value)
-
-        msg += '</table>'
-        return mark_safe(msg)
-    msg.short_description = 'Changes'
-
-
-class State(models.Model):
-    name=models.CharField(max_length=150)
-
-class City(models.Model):
-    name=models.CharField(max_length=150)
-
-class Student(models.Model):
-    name=models.CharField(max_length=150)
-    state_id=models.PositiveIntegerField()
-    city_id=models.PositiveIntegerField()
-    is_active = models.BooleanField(default=False)
-
-students = Student.objects.filter(
-        is_active=True,
-    ).extra(
-        select={
-            'state':
-                'SELECT name FROM state WHERE '
-                'state.id = '
-                'testapp_student.state_id',
-            'city':
-                'SELECT name FROM city WHERE '
-                'city.id = '
-                'testapp_student.city_id',
-        },
-    )
-
-
-students_2 = Student.objects.extra(
-        select=OrderedDict([('a', '%s'), ('b', '%s')]),
-        select_params=('one', 'two'))
-
-Students_3 = Student.objects.extra(where=["foo='a' OR bar = 'a'", "baz = 'a'"])
\ No newline at end of file
diff --git a/python/flask.py b/python/flask.py
deleted file mode 100644
index c78931d..0000000
--- a/python/flask.py
+++ /dev/null
@@ -1,23 +0,0 @@
-import os
-from flask import Flask, request
-import bleach
-app = Flask(__name__)
-
-# curl -X GET "http://localhost:5000/tainted7/touch%20HELLO"
-@app.route("/tainted7/<something>")
-def test_sources_7(something):
-
-    os.system(request.remote_addr)
-
-    return "foo"
-
-@app.route("/sanitized/<something>")
-def test_sources_7(something):
-    data = flask.request.args.get("key")
-    sanitized_data = bleach.clean(data)
-    os.system(sanitized_data)
-
-    return "bar"
-
-if __name__ == "__main__":
-	app.run(debug=True)
diff --git a/python/main.py b/python/main.py
deleted file mode 100644
index 2e7b1c0..0000000
--- a/python/main.py
+++ /dev/null
@@ -1,61 +0,0 @@
-import os, stat
-from cryptography.hazmat.primitives.asymmetric import rsa, dsa
-from Crypto.PublicKey import DSA
-from socket import socket, AF_INET, SOCK_STREAM, SOCK_NONBLOCK
-
-# Set a file write by others.
-temp_file = "/tmp/foo.txt"
-os.chmod(temp_file, stat.S_IWOTH)
-
-with open(temp_file, 'r') as f:
-    print(f)
-
-os.chmod("/tmp/foo.txt", stat.S_IXGRP)
-tar_file = '/file.tax*'
-os.system(tar_file)
-
-KEY_SIZE = 1024
-private_rsa_key = rsa.generate_private_key(
-    public_exponent=65537,
-    key_size=KEY_SIZE
-)
-
-private_dsa_key = dsa.generate_private_key(
-    key_size=KEY_SIZE,
-)
-
-
-private_dsa_key_2 = DSA.generate(bits=KEY_SIZE)
-
-assert(private_dsa_key_2 == private_dsa_key)
-
-program = 'a = 5\nb=10\nprint("Sum =", a+b)'
-exec(program)
-
-
-def is_real_user(user="user123", password="Password1"):
-    return True
-
-
-sock = socket(
-    AF_INET,
-    SOCK_STREAM | SOCK_NONBLOCK)
-
-# Bind the socket to the internet with a port number
-sock.bind(("::", 32007))
-
-
-def add_server_port(sg, server_name, port):
-    server = _get_server(sg, server_name, port)
-    if server is not None:
-        return False
-    set_port(port)
-    return server
-
-add_server_port('security-group', 'server', 80)
-
-
-
-
-
-