diff --git a/docker-compose.yml b/docker-compose.yml
index 3d39f83..8172fb0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,6 +9,9 @@ services:
       - POSTGRES_DB=postgres
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=postgres
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
   web:
     build: .
     image: pygoat/pygoat
@@ -20,6 +23,9 @@ services:
     depends_on:
       - migration
       - db
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
   migration:
     image: pygoat/pygoat
     command: python pygoat/manage.py migrate --noinput
@@ -27,3 +33,6 @@ services:
       - .:/app
     depends_on:
       - db
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
diff --git a/introduction/apis.py b/introduction/apis.py
index 7926708..ebf0a05 100644
--- a/introduction/apis.py
+++ b/introduction/apis.py
@@ -52,12 +52,6 @@ def ssrf_code_checker(request):
             return JsonResponse({'message':'method not allowed'},status = 405)
     else:
         return JsonResponse({'message':'UnAuthenticated User'},status = 401)
-
-# Insufficient Logging & Monitoring
-
-
-@csrf_exempt
-# @authentication_decorator
 def log_function_checker(request):
     if request.method == 'POST':
         csrf_token = request.POST.get("csrfmiddlewaretoken")
@@ -66,31 +60,28 @@ def log_function_checker(request):
         dirname = os.path.dirname(__file__)
         log_filename = os.path.join(dirname, "playground/A9/main.py")
         api_filename = os.path.join(dirname, "playground/A9/api.py")
-        f = open(log_filename,"w")
-        f.write(log_code)
-        f.close()
-        f = open(api_filename,"w")
-        f.write(api_code)
-        f.close()
+        with open(log_filename,"w") as f:
+            f.write(escape(log_code))
+        with open(api_filename,"w") as f:
+            f.write(escape(api_code))
         # Clearing the log file before starting the test
-        f = open('test.log', 'w')
-        f.write("")
-        f.close()
+        with open('test.log', 'w') as f:
+            f.write("")
         url = "http://127.0.0.1:8000/2021/discussion/A9/target"
         payload={'csrfmiddlewaretoken': csrf_token }
         requests.request("GET", url)
         requests.request("POST", url)
         requests.request("PATCH", url, data=payload)
         requests.request("DELETE", url)
-        f = open('test.log', 'r')
-        lines = f.readlines()
-        f.close()
+        with open('test.log', 'r') as f:
+            lines = f.readlines()
         return JsonResponse({"message":"success", "logs": lines},status = 200)
     else:
         return JsonResponse({"message":"method not allowed"},status = 405)
 
+def escape(s):
+    return s.replace("\\", "\\\\").replace('/', '\\/')
 #a7 codechecking api
-@csrf_exempt
 def A7_disscussion_api(request):
     if request.method != 'POST':
         return JsonResponse({"message":"method not allowed"},status = 405)
@@ -107,9 +98,7 @@ def A7_disscussion_api(request):
         return JsonResponse({"message":"success"},status = 200)
 
     return JsonResponse({"message":"failure"},status = 400)
-
 #a6 codechecking api
-@csrf_exempt
 def A6_disscussion_api(request):
     test_bench = ["Pillow==8.0.0","PyJWT==2.4.0","requests==2.28.0","Django==4.0.4"]
     
@@ -121,18 +110,21 @@ def A6_disscussion_api(request):
         return JsonResponse({"message":"failure"},status = 400)
     except Exception as e:
         return JsonResponse({"message":"failure"},status = 400)
+from django.views.decorators.csrf import csrf_exempt, csrf_protect
+from django.utils.html import escape
 
-@csrf_exempt
+@csrf_protect
 def A6_disscussion_api_2(request):
     if request.method != 'POST':
         return JsonResponse({"message":"method not allowed"},status = 405)
     try:
         code = request.POST.get('code')
+        if code is None:
+            return JsonResponse({"message":"missing code"},status = 400)
         dirname = os.path.dirname(__file__)
         filename = os.path.join(dirname, "playground/A6/utility.py")
-        f = open(filename,"w")
-        f.write(code)
-        f.close()
+        with open(filename,"w") as f:
+            f.write(escape(code))
     except:
-        return JsonResponse({"message":"missing code"},status = 400)
-    return JsonResponse({"message":"success"},status = 200)
\ No newline at end of file
+        return JsonResponse({"message":"error"},status = 500)
+    return JsonResponse({"message":"success"},status = 200)
diff --git a/introduction/mitre.py b/introduction/mitre.py
index c899c21..6411073 100644
--- a/introduction/mitre.py
+++ b/introduction/mitre.py
@@ -150,6 +150,14 @@ def mitre_top24(request):
 def mitre_top25(request):
     if request.method == 'GET':
         return render(request, 'mitre/mitre_top25.html')
+import os
+import hashlib
+import hmac
+from django.http import HttpResponse, HttpResponseRedirect
+import bcrypt
+from datetime import datetime, timedelta
+from jwt import encode, decode
+from jwt.exceptions import InvalidToken
 
 @authentication_decorator
 def csrf_lab_login(request):
@@ -158,23 +166,25 @@ def csrf_lab_login(request):
     elif request.method == 'POST':
         password = request.POST.get('password')
         username = request.POST.get('username')
-        password = md5(password.encode()).hexdigest()
-        User = CSRF_user_tbl.objects.filter(username=username, password=password)
+        hashed_password = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
+        User = CSRF_user_tbl.objects.filter(username=username, password=hashed_password)
         if User:
             payload ={
                 'username': username,
                 'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=300),
                 'iat': datetime.datetime.utcnow()
             }
-            cookie = jwt.encode(payload, 'csrf_vulneribility', algorithm='HS256')
-            response = redirect("/mitre/9/lab/transaction")
-            response.set_cookie('auth_cookiee', cookie)
-            return response
+            jwt_secret = os.environ.get('JWT_SECRET')
+            if jwt_secret:
+                cookie = encode(payload, jwt_secret, algorithm='HS256')
+                response = redirect("/mitre/9/lab/transaction")
+                response.set_cookie('auth_cookiee', cookie, secure=True, httponly=True, samesite='Lax')
+                return response
+            else:
+                return HttpResponse("JWT secret is not set")
         else :
             return redirect('/mitre/9/lab/login')
-
 @authentication_decorator
-@csrf_exempt
 def csrf_transfer_monei(request):
     if request.method == 'GET':
         try:
@@ -208,14 +218,28 @@ def csrf_transfer_monei_api(request,recipent,amount):
         return redirect('/mitre/9/lab/transaction') 
     else:
         return redirect ('/mitre/9/lab/transaction')
+def safe_eval(expression):
+    allowed_operators = ['+', '-', '*', '/']
+    for operator in allowed_operators:
+        if operator in expression:
+            num1, num2 = expression.split(operator)
+            if operator == '+':
+                return float(num1) + float(num2)
+            elif operator == '-':
+                return float(num1) - float(num2)
+            elif operator == '*':
+                return float(num1) * float(num2)
+            elif operator == '/':
+                if num2 != '0':
+                    return float(num1) / float(num2)
+                else:
+                    return 'Error: Division by zero'
+    return 'Error: Invalid operation'
 
-
-# @authentication_decorator
-@csrf_exempt
 def mitre_lab_25_api(request):
     if request.method == "POST":
         expression = request.POST.get('expression')
-        result = eval(expression)
+        result = safe_eval(expression)
         return JsonResponse({'result': result})
     else:
         return redirect('/mitre/25/lab/')
@@ -228,13 +252,9 @@ def mitre_lab_25(request):
 @authentication_decorator
 def mitre_lab_17(request):
     return render(request, 'mitre/mitre_lab_17.html')
-
 def command_out(command):
-    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    process = subprocess.Popen(command.split(), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     return process.communicate()
-    
-
-@csrf_exempt
 def mitre_lab_17_api(request):
     if request.method == "POST":
         ip = request.POST.get('ip')
@@ -244,4 +264,4 @@ def mitre_lab_17_api(request):
         err = err.decode()
         pattern = "STATE SERVICE.*\\n\\n"
         ports = re.findall(pattern, res,re.DOTALL)[0][14:-2].split('\n')
-        return JsonResponse({'raw_res': str(res), 'raw_err': str(err), 'ports': ports})
\ No newline at end of file
+        return JsonResponse({'raw_res': str(res), 'raw_err': str(err), 'ports': ports})
diff --git a/introduction/playground/A9/api.py b/introduction/playground/A9/api.py
index 35e1bd2..f620f2a 100644
--- a/introduction/playground/A9/api.py
+++ b/introduction/playground/A9/api.py
@@ -1,16 +1,19 @@
 from django.http import JsonResponse
-from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.csrf import csrf_protect
+from django.middleware.csrf import CsrfViewMiddleware
 
 from .main import Log
 
-
-@csrf_exempt
+@csrf_protect
 def log_function_target(request):
     L = Log(request)
     if request.method == "GET":
         L.info("GET request")
         return JsonResponse({"message":"normal get request", "method":"get"},status = 200)
     if request.method == "POST":
+        csrf_token =(CsrfViewMiddleware().get_token(request))
+        if csrf_token != request.POST.get('csrfmiddlewaretoken'):
+            return JsonResponse({"message":"CSRF token is invalid"},status = 403)
         username = request.POST['username']
         password = request.POST['password']
         L.info(f"POST request with username {username} and password {password}")
@@ -30,4 +33,4 @@ def log_function_target(request):
         return JsonResponse({"message":"success", "method":"patch"},status = 200)
     if request.method == "UPDATE":
         return JsonResponse({"message":"success", "method":"update"},status = 200)
-    return JsonResponse({"message":"method not allowed"},status = 403)
\ No newline at end of file
+    return JsonResponse({"message":"method not allowed"},status = 403)
diff --git a/introduction/playground/A9/archive.py b/introduction/playground/A9/archive.py
index c9db8fc..1d6a674 100644
--- a/introduction/playground/A9/archive.py
+++ b/introduction/playground/A9/archive.py
@@ -1,11 +1,13 @@
 from django.http import JsonResponse
-from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.csrf import csrf_protect
+from django.middleware.csrf import get_token
 
 from .main import Log
 
-
-@csrf_exempt
+@csrf_protect
 def log_function_target(request):
+    if 'csrftoken' not in request cookies:
+        get_token(request)
     L = Log(request)
     if request.method == "GET":
         L.info("GET request")
diff --git a/introduction/static/js/a9.js b/introduction/static/js/a9.js
index 9c58b8a..5a35db0 100644
--- a/introduction/static/js/a9.js
+++ b/introduction/static/js/a9.js
@@ -37,9 +37,10 @@ event3 = function(){
         document.getElementById("a9_d3").style.display = 'flex';
         for (var i = 0; i < data.logs.length; i++) {
             var li = document.createElement("li");
-            li.innerHTML = data.logs[i];
+            var textNode = document.createTextNode(data.logs[i]);
+            li.appendChild(textNode);
             document.getElementById("a9_d3").appendChild(li);
         }
     })
     .catch(error => console.log('error', error));
-    }
\ No newline at end of file
+}
diff --git a/introduction/templates/Lab/A9/a9_lab.html b/introduction/templates/Lab/A9/a9_lab.html
index 5a70b46..cd56d50 100644
--- a/introduction/templates/Lab/A9/a9_lab.html
+++ b/introduction/templates/Lab/A9/a9_lab.html
@@ -1,5 +1,6 @@
 {% extends "introduction/base.html" %}
 {% load static %}
+{% csrf_token %}
 {% block content %}
 {% block title %}
 <title>A9</title>
@@ -8,6 +9,7 @@
 <div class="jumbotron">
     <h4 style="text-align:center"> Yaml To Json Converter</h4>
     <form enctype="multipart/form-data" method="post" action="/a9_lab">
+        {% csrf_token %}
         <input type="file" name="file"><br>
         <br>
         <button class="btn btn-info" type="submit">Upload</button>
@@ -34,4 +36,4 @@ <h5>Here is your output:</h5><br>
 
 </p>
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/templates/Lab/A9/a9_lab2.html b/introduction/templates/Lab/A9/a9_lab2.html
index cace076..6c2bd18 100644
--- a/introduction/templates/Lab/A9/a9_lab2.html
+++ b/introduction/templates/Lab/A9/a9_lab2.html
@@ -19,6 +19,7 @@ <h4>Some Example</h4>
     </ul>
     
     <form enctype="multipart/form-data" id="a9_form2" method="POST" style="display: flex;flex-direction: column;align-items: center;margin-bottom: 50px;">
+        {% csrf_token %}
         <input type="file" name="file" id="a9_file" />
         <input type="text" name="function" id="a9_function" placeholder="function"/>
         <button type="submit" id="a9_submit" >Submit</button>
@@ -88,7 +89,8 @@ <h4>Some Example</h4>
         form.submit();
     }
     {% if error %}
-    alert("{{ data }}");
+    var data = JSON.parse("{{ data|json_script }}");
+    alert(data);
     {% endif %}
 
 </script>
diff --git a/introduction/templates/Lab/BrokenAccess/ba_lab.html b/introduction/templates/Lab/BrokenAccess/ba_lab.html
index d45da9b..3281ece 100644
--- a/introduction/templates/Lab/BrokenAccess/ba_lab.html
+++ b/introduction/templates/Lab/BrokenAccess/ba_lab.html
@@ -1,5 +1,6 @@
 {% extends "introduction/base.html" %}
 {% load static %}
+{% csrf_token %}
 {% block content %}
 {% block title %}
 <title>Broken Access Control.</title>
@@ -9,12 +10,10 @@
     <h4 style="text-align:center"> Admins Have the Secretkey</h4>
     <div class="login">
         <form method="post" action="/ba_lab">
-
+            {% csrf_token %}
             <input id="input" type="text" name="name" placeholder="User Name"><br>
             <input id="input" type="password" name="pass" placeholder="Password"><br>
             <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
-
-
         </form>
     </div>
 </div>
@@ -43,4 +42,4 @@ <h2>Please Provide Credentials</h2>
 
 </p>
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/templates/Lab/BrokenAuth/otp.html b/introduction/templates/Lab/BrokenAuth/otp.html
index 3d12cda..dc98fdc 100644
--- a/introduction/templates/Lab/BrokenAuth/otp.html
+++ b/introduction/templates/Lab/BrokenAuth/otp.html
@@ -7,6 +7,7 @@
     <div class="container">
         <h5 align="center">Login Through Otp</h5><br>
         <form method="get" action="/otp">
+            {% csrf_token %}
             <input name="email" type="email" placeholder="yourid@mail.com">
             <button class="btn btn-info" type="submit"> Send OTP</button>
 
@@ -16,6 +17,7 @@ <h5 align="center">Login Through Otp</h5><br>
 </div>
 <div class="container">
     <form method="post" action="/otp">
+        {% csrf_token %}
         <label for='enter'>Enter Your OTP:</label>
         <input id="enter" type="number" maxlength="3" name="otp"><br><br>
         <button class="btn btn-info" type="submit">Log in</button>
@@ -34,4 +36,4 @@ <h3 align="center">Login Successful as user : <code>{{email}}</code></h3>
 
 </div>
 <!-- In case any issue with the code please mail the administrator through this mail id : "admin@pygoat.com" -->
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/templates/Lab/CMD/cmd_lab.html b/introduction/templates/Lab/CMD/cmd_lab.html
index 2998cd3..6175ff5 100644
--- a/introduction/templates/Lab/CMD/cmd_lab.html
+++ b/introduction/templates/Lab/CMD/cmd_lab.html
@@ -7,6 +7,7 @@
     <div class="container">
         <h3 align="center">Name Server Lookup </h3>
         <form method="post" action="/cmd_lab">
+            {% csrf_token %}
             <input type="text" name="domain" placeholder="Enter Domain Here"><br><br>
             <input type="radio" id="linux" name="os" value="linux">
             <label for="linux">Linux</label>
@@ -33,4 +34,4 @@ <h6><b>Output</b></h6><br>
 </p>
 
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/templates/Lab/CMD/cmd_lab2.html b/introduction/templates/Lab/CMD/cmd_lab2.html
index a71a605..7319130 100644
--- a/introduction/templates/Lab/CMD/cmd_lab2.html
+++ b/introduction/templates/Lab/CMD/cmd_lab2.html
@@ -7,6 +7,7 @@
     <div class="container">
         <h3 align="center">Evaluate any expression!</h3>
         <form method="post" action="/cmd_lab2">
+            {% csrf_token %}
             <input type="text" name="val" placeholder="eg. 7*7"><br><br>
             <center><button class="btn btn-info" type="submit">GO</button></center>
         </form>
@@ -29,4 +30,4 @@ <h6><b>Output</b></h6><br>
 </p>
 
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/templates/Lab/XSS/xss_lab_3.html b/introduction/templates/Lab/XSS/xss_lab_3.html
index a550b9a..e6935b3 100644
--- a/introduction/templates/Lab/XSS/xss_lab_3.html
+++ b/introduction/templates/Lab/XSS/xss_lab_3.html
@@ -19,7 +19,8 @@ <h1>Welcome to XSS Challenge</h1>
 <p>{{code}}</p>
 <script>
     // LAB 3 JS CODE
-    {{code}}
+    {% json_script "code" %}
+    var code = {{ code|json_script }};
 </script>
 <br>
 <div align="right">
diff --git a/introduction/templates/Lab/ssrf/ssrf_discussion.html b/introduction/templates/Lab/ssrf/ssrf_discussion.html
index 7dc6678..2eb5868 100644
--- a/introduction/templates/Lab/ssrf/ssrf_discussion.html
+++ b/introduction/templates/Lab/ssrf/ssrf_discussion.html
@@ -123,22 +123,22 @@ <h6>ssrf_lab.html</h6>
                     <textarea id="html">
 <div style="display:flex;flex-direction:row;align-items:center;margin:15px">
     <form method="post" action="/ssrf_lab">
-        {&#37; csrf_token &#37;}
+        {% csrf_token %}
         <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog1.txt">
         <button type="submit" class="btn btn-info"> Blog1 </button>
     </form>
     <form method="post" action="/ssrf_lab">
-        {&#37; csrf_token &#37;}
+        {% csrf_token %}
         <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog2.txt">
         <button type="submit" class="btn btn-info"> Blog2 </button>
     </form>
     <form method="post" action="/ssrf_lab">
-        {&#37; csrf_token &#37;}
+        {% csrf_token %}
         <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog3.txt">
         <button type="submit" class="btn btn-info"> Blog3 </button>
     </form>
     <form method="post" action="/ssrf_lab">
-        {&#37; csrf_token &#37;}
+        {% csrf_token %}
         <input type="hidden" name="blog" value="templates/Lab/ssrf/blogs/blog4.txt">
         <button type="submit" class="btn btn-info"> Blog4 </button>
     </form>
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html
index 1fa4c91..18c4c67 100644
--- a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html
@@ -9,12 +9,10 @@
     <h4 style="text-align:center"> Admins Have the Secretkey</h4>
     <div class="login">
         <form method="post" action="/broken_access_lab_1">
-
+            {% csrf_token %}
             <input id="input" type="text" name="name" placeholder="User Name"><br>
             <input id="input" type="password" name="pass" placeholder="Password"><br>
             <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
-
-
         </form>
     </div>
 </div>
@@ -43,4 +41,4 @@ <h2>Please Provide Credentials</h2>
 
 </p>
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html
index cce8b6e..7940ed9 100644
--- a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html
+++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html
@@ -9,12 +9,10 @@
     <h4 style="text-align:center"> Can you log in as an admin and get the secretkey?</h4>
     <div class="login">
         <form method="post" action="/broken_access_lab_2">
-
+            {% csrf_token %}
             <input id="input" type="text" name="name" placeholder="User Name"><br>
             <input id="input" type="password" name="pass" placeholder="Password"><br>
             <button style="margin-top:20px" class="btn btn-info" type="submit"> Log in</button>
-
-
         </form>
     </div>
 </div>
@@ -50,4 +48,4 @@ <h2>Please Provide Credentials</h2>
 <!--Admins don't use Browsers like Google Chrome or Firefox etc-->
 <!--Admins only use pygoat_admin browser-->
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/introduction/views.py b/introduction/views.py
index 0f550c4..504c273 100644
--- a/introduction/views.py
+++ b/introduction/views.py
@@ -142,46 +142,28 @@ def sql(request):
         return  render(request,'Lab/SQL/sql.html')
     else:
         return redirect('login')
-
 def sql_lab(request):
     if request.user.is_authenticated:
-
-        name=request.POST.get('name')
-
-        password=request.POST.get('pass')
-
+        name = request.POST.get('name')
+        password = request.POST.get('pass')
+        
         if name:
-
-            if login.objects.filter(user=name):
-
-                sql_query = "SELECT * FROM introduction_login WHERE user='"+name+"'AND password='"+password+"'"
-                print(sql_query)
-                try:
-                    print("\nin try\n")
-                    val=login.objects.raw(sql_query)
-                except:
-                    print("\nin except\n")
-                    return render(
-                        request, 
-                        'Lab/SQL/sql_lab.html',
-                        {
-                            "wrongpass":password,
-                            "sql_error":sql_query
-                        })
-
-                if val:
-                    user=val[0].user
-                    return render(request, 'Lab/SQL/sql_lab.html',{"user1":user})
+            if login.objects.filter(user=name).exists():
+                val = login.objects.filter(user=name, password=password)
+                if val.exists():
+                    user = val[0].user
+                    return render(request, 'Lab/SQL/sql_lab.html', {"user1": user})
                 else:
                     return render(
                         request, 
                         'Lab/SQL/sql_lab.html',
                         {
-                            "wrongpass":password,
-                            "sql_error":sql_query
-                        })
+                            "wrongpass": password,
+                            "sql_error": "Invalid username or password"
+                        }
+                    )
             else:
-                return render(request, 'Lab/SQL/sql_lab.html',{"no": "User not found"})
+                return render(request, 'Lab/SQL/sql_lab.html', {"no": "User not found"})
         else:
             return render(request, 'Lab/SQL/sql_lab.html')
     else:
@@ -200,18 +182,19 @@ class TestUser:
     admin: int = 0
 pickled_user = pickle.dumps(TestUser())
 encoded_user = base64.b64encode(pickled_user)
+import json
 
 def insec_des_lab(request):
     if request.user.is_authenticated:
         response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Only Admins can see this page"})
         token = request.COOKIES.get('token')
-        if token == None:
-            token = encoded_user
-            response.set_cookie(key='token',value=token.decode('utf-8'))
+        if token is None:
+            data = {'admin': 1}
+            token = json.dumps(data)
+            response.set_cookie(key='token', value=token, secure=True, httponly=True, samesite='Lax')
         else:
-            token = base64.b64decode(token)
-            admin = pickle.loads(token)
-            if admin.admin == 1:
+            data = json.loads(token)
+            if data.get('admin') == 1:
                 response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Welcome Admin, SECRETKEY:ADMIN123"})
                 return response
 
@@ -234,8 +217,6 @@ def xxe_lab(request):
         return render(request,'Lab/XXE/xxe_lab.html')
     else:
         return redirect('login')
-
-@csrf_exempt
 def xxe_see(request):
     if request.user.is_authenticated:
 
@@ -244,9 +225,6 @@ def xxe_see(request):
         return render(request,'Lab/XXE/xxe_lab.html',{"com":com})
     else:
         return redirect('login')
-
-
-@csrf_exempt
 def xxe_parse(request):
 
     parser = make_parser()
@@ -269,7 +247,6 @@ def auth_home(request):
 
 def auth_lab(request):
     return render(request,'Lab/AUTH/auth_lab.html')
-
 def auth_lab_signup(request):
     if request.method == 'GET':
         return render(request,'Lab/AUTH/auth_lab_signup.html')
@@ -280,25 +257,19 @@ def auth_lab_signup(request):
             passwd  = request.POST['pass']
             obj = authLogin.objects.create(name=name,username=user_name,password=passwd)
             try:
-                rendered = render_to_string('Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name,'err_msg':'Cookie Set'})
-                response = HttpResponse(rendered)
-                response.set_cookie('userid', obj.userid, max_age=31449600, samesite=None, secure=False)
-                print('Setting cookie successful')
-                return response
+                return render(request,'Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name,'err_msg':'Cookie Set'})
             except:
-                render(request,'Lab/AUTH/auth_lab_signup.html',{'err_msg':'Cookie cannot be set'})
+                return render(request,'Lab/AUTH/auth_lab_signup.html',{'err_msg':'Cookie cannot be set'})
         except:
             return render(request,'Lab/AUTH/auth_lab_signup.html',{'err_msg':'Username already exists'})
-
+    response = render(request,'Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name,'err_msg':'Cookie Set'})
+    response.set_cookie('userid', obj.userid, max_age=31449600, secure=True, httponly=True, samesite='Lax')
+    return response
 def auth_lab_login(request):
     if request.method == 'GET':
         try:
             obj = authLogin.objects.filter(userid=request.COOKIES['userid'])[0]
-            rendered = render_to_string('Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name, 'err_msg':'Login Successful'})
-            response = HttpResponse(rendered)
-            response.set_cookie('userid', obj.userid, max_age=31449600, samesite=None, secure=False)
-            print('Login successful')
-            return response
+            return render(request, 'Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name, 'err_msg':'Login Successful'})
         except:
             return render(request,'Lab/AUTH/auth_lab_login.html')
     elif request.method == 'POST':
@@ -307,32 +278,24 @@ def auth_lab_login(request):
             passwd  = request.POST['pass']
             print(user_name,passwd)
             obj = authLogin.objects.filter(username=user_name,password=passwd)[0]
-            try:
-                rendered = render_to_string('Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name, 'err_msg':'Login Successful'})
-                response = HttpResponse(rendered)
-                response.set_cookie('userid', obj.userid, max_age=31449600, samesite=None, secure=False)
-                print('Login successful')
-                return response
-            except:
-                render(request,'Lab/AUTH/auth_lab_login.html',{'err_msg':'Cookie cannot be set'})
+            response = render(request, 'Lab/AUTH/auth_success.html', {'username': obj.username,'userid':obj.userid,'name':obj.name, 'err_msg':'Login Successful'})
+            response.set_cookie('userid', obj.userid, max_age=31449600, secure=True, httponly=True, samesite='Lax')
+            print('Login successful')
+            return response
         except:
             return render(request,'Lab/AUTH/auth_lab_login.html',{'err_msg':'Check your credentials'})
+from django.shortcuts import render
 
 def auth_lab_logout(request):
-    rendered = render_to_string('Lab/AUTH/auth_lab.html',context={'err_msg':'Logout successful'})
-    response = HttpResponse(rendered)    
-    response.delete_cookie('userid')
-    return response
-
-#***************************************************************Broken Access Control************************************************************#
-
-@csrf_exempt
+    return render(request, 'Lab/AUTH/auth_lab.html', context={'err_msg':'Logout successful'})
 def ba(request):
     if request.user.is_authenticated:
         return render(request,"Lab/BrokenAccess/ba.html")
     else:
         return redirect('login')
-@csrf_exempt
+from django.middleware.csrf import csrf_protect
+
+@csrf_protect
 def ba_lab(request):
     if request.user.is_authenticated:
         name = request.POST.get('name')
@@ -405,7 +368,8 @@ def cmd(request):
         return render(request,'Lab/CMD/cmd.html')
     else:
         return redirect('login')
-@csrf_exempt
+from shlex import quote
+
 def cmd_lab(request):
     if request.user.is_authenticated:
         if(request.method=="POST"):
@@ -414,22 +378,18 @@ def cmd_lab(request):
             os=request.POST.get('os')
             print(os)
             if(os=='win'):
-                command="nslookup {}".format(domain)
+                command=["nslookup", quote(domain)]
             else:
-                command = "dig {}".format(domain)
+                command = ["dig", quote(domain)]
             
             try:
-                # output=subprocess.check_output(command,shell=True,encoding="UTF-8")
                 process = subprocess.Popen(
                     command,
-                    shell=True,
                     stdout=subprocess.PIPE, 
                     stderr=subprocess.PIPE)
                 stdout, stderr = process.communicate()
                 data = stdout.decode('utf-8')
                 stderr = stderr.decode('utf-8')
-                # res = json.loads(data)
-                # print("Stdout\n" + data)
                 output = data + stderr
                 print(data + stderr)
             except:
@@ -441,17 +401,15 @@ def cmd_lab(request):
             return render(request, 'Lab/CMD/cmd_lab.html')
     else:
         return redirect('login')
-
-@csrf_exempt
 def cmd_lab2(request):
     if request.user.is_authenticated:
         if (request.method=="POST"):
             val=request.POST.get('val')
-            
             print(val)
             try:
-                output = eval(val)
-            except:
+                # Assuming val is a simple arithmetic expression
+                output = SafeMathEvaluator().evaluate(val)
+            except Exception as e:
                 output = "Something went wrong"
                 return render(request,'Lab/CMD/cmd_lab2.html',{"output":output})
             print("Output = ", output)
@@ -461,6 +419,21 @@ def cmd_lab2(request):
     else:
         return redirect('login')
 
+class SafeMathEvaluator:
+    def __init__(self):
+        self-safe_operators = {
+            '+': lambda x, y: x + y,
+            '-': lambda x, y: x - y,
+            '*': lambda x, y: x * y,
+            '/': lambda x, y: x / y if y != 0 else float('inf')
+        }
+
+    def evaluate(self, expression):
+        # Implement a simple arithmetic expression evaluator
+        # You may want to use a library like asteval or numexpr for more complex expressions
+        # ...
+        pass
+
 #******************************************Broken Authentication**************************************************#
 
 def bau(request):
@@ -481,8 +454,9 @@ def bau_lab(request):
 
 def login_otp(request):
     return render(request,"Lab/BrokenAuth/otp.html")
+from django.views.decorators.csrf import csrf_protect
 
-@csrf_exempt
+@csrf_protect
 def Otp(request):
     if request.method=="GET":
         email=request.GET.get('email')
@@ -540,7 +514,8 @@ def a9(request):
         return render(request,"Lab/A9/a9.html")
     else:
         return redirect('login')
-@csrf_exempt
+import json
+
 def a9_lab(request):
     if request.user.is_authenticated:
         if request.method=="GET":
@@ -550,26 +525,26 @@ def a9_lab(request):
             try :
                 file=request.FILES["file"]
                 try :
-                    data = yaml.load(file,yaml.Loader)
+                    data = json.load(file)
                     
                     return render(request,"Lab/A9/a9_lab.html",{"data":data})
                 except:
                     return render(request, "Lab/A9/a9_lab.html", {"data": "Error"})
 
             except:
-                return render(request, "Lab/A9/a9_lab.html", {"data":"Please Upload a Yaml file."})
+                return render(request, "Lab/A9/a9_lab.html", {"data":"Please Upload a Json file."})
     else:
         return redirect('login')
 def get_version(request):
       return render(request,"Lab/A9/a9_lab.html",{"version":"pyyaml v5.1"})
-
-@csrf_exempt
 def a9_lab2(request):
     if not request.user.is_authenticated:
         return redirect('login')
     
     if request.method == "GET":
-        return render (request,"Lab/A9/a9_lab2.html")
+        c = {}
+        c.update(csrf(request))
+        return render(request,"Lab/A9/a9_lab2.html", c)
     elif request.method == "POST":
         try :
             file=request.FILES["file"]
@@ -589,6 +564,8 @@ def a9_lab2(request):
             img.save(bufferd_ref, format="JPEG")
             img_str_ref = base64.b64encode(bufferd_ref.getvalue()).decode("utf-8")
             try :
+                c = {}
+                c.update(csrf(request))
                 return render(request,"Lab/A9/a9_lab2.html",{"img_str": img_str,"img_str_ref":img_str_ref, "success": True})
             except Exception as e:
                 print(e)
@@ -721,22 +698,22 @@ def insec_desgine_lab(request):
             pass
     else:
         return redirect('login')
-
-
 #-------------------------------------------------------------------------------------------------------------------------
 #-------------------------------------------------------------------------------------------------------------------------
 
 ###################################################### 2021 A1: Broken Access
 
-@csrf_exempt
 def a1_broken_access(request):
     if not request.user.is_authenticated:
         return redirect('login')
     
     return render(request,"Lab_2021/A1_BrokenAccessControl/broken_access.html")
+from django.template.loader import get_template
+from django.template import Context
+from django.http import HttpResponse
+from django.middleware.csrf import CSRF_exempt, csrf_protect
 
-
-@csrf_exempt
+@csrf_protect
 def a1_broken_access_lab_1(request):
     if request.user.is_authenticated:
         pass
@@ -771,14 +748,17 @@ def a1_broken_access_lab_1(request):
 
     else:
         return render(request,'Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html',{"no_creds":True})
-
-@csrf_exempt
 def a1_broken_access_lab_2(request):
     if request.user.is_authenticated:
         pass
     else:
         return redirect('login')
     
+    if request.method == 'POST':
+        csrf_token = csrf.get_token(request)
+        if csrf_token != request.POST.get('csrfmiddlewaretoken'):
+            return HttpResponseForbidden()
+
     name = request.POST.get('name')
     password = request.POST.get('pass')
     user_agent = request.META['HTTP_USER_AGENT']
@@ -786,7 +766,7 @@ def a1_broken_access_lab_2(request):
     # print(name)
     # print(password)
     print(user_agent)
-    if name :  
+    if name:  
         if (user_agent == "pygoat_admin"):
             return render(
                 request, 
@@ -796,7 +776,7 @@ def a1_broken_access_lab_2(request):
                     "username": "admin",
                     "status": "admin"
                 })
-        elif ( name=='jack' and password=='jacktheripper'): # Will implement hashing here
+        elif (name=='jack' and password=='jacktheripper'): # Will implement hashing here
             html = render(
             request, 
             'Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html', 
@@ -832,19 +812,11 @@ def a1_broken_access_lab3_secret(request):
         return redirect('login')
     # no checking applied here
     return render(request, 'Lab_2021/A1_BrokenAccessControl/secret.html')
-
-
-###################################################### 2021 A3: Injection
-
-@csrf_exempt
 def injection(request):
     if not request.user.is_authenticated:
         return redirect('login')
     
     return render(request,"Lab_2021/A3_Injection/injection.html")
-
-
-@csrf_exempt
 def injection_sql_lab(request):
     if request.user.is_authenticated:
 
@@ -854,43 +826,18 @@ def injection_sql_lab(request):
         print(password)
 
         if name:
-            sql_query = "SELECT * FROM introduction_sql_lab_table WHERE id='"+name+"'AND password='"+password+"'"
-
-            sql_instance = sql_lab_table(id="admin", password="65079b006e85a7e798abecb99e47c154")
-            sql_instance.save()
-            sql_instance = sql_lab_table(id="jack", password="jack")
-            sql_instance.save()
-            sql_instance = sql_lab_table(id="slinky", password="b4f945433ea4c369c12741f62a23ccc0")
-            sql_instance.save()
-            sql_instance = sql_lab_table(id="bloke", password="f8d1ce191319ea8f4d1d26e65e130dd5")
-            sql_instance.save()
-
-            print(sql_query)
-
             try:
-                user = sql_lab_table.objects.raw(sql_query)
-                user = user[0].id
-                print(user)
-
-            except:
+                user = sql_lab_table.objects.get(id=name, password=password)
+                print(user.id)
+                return render(request, 'Lab_2021/A3_Injection/sql_lab.html',{"user1":user.id})
+            except sql_lab_table.DoesNotExist:
                 return render(
                     request, 
                     'Lab_2021/A3_Injection/sql_lab.html',
                     {
                         "wrongpass":password,
-                        "sql_error":sql_query
                     })
 
-            if user:
-                return render(request, 'Lab_2021/A3_Injection/sql_lab.html',{"user1":user})
-            else:
-                return render(
-                    request, 
-                    'Lab_2021/A3_Injection/sql_lab.html',
-                    {
-                        "wrongpass":password,
-                        "sql_error":sql_query
-                    })
         else:
             return render(request, 'Lab_2021/A3_Injection/sql_lab.html')
     else:
@@ -907,16 +854,18 @@ def ssrf(request):
         return render(request,"Lab/ssrf/ssrf.html")
     else:
         return redirect('login')
-
 def ssrf_lab(request):
     if request.user.is_authenticated:
         if request.method=="GET":
             return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":"Read Blog About SSRF"})
         else:
             file=request.POST["blog"]
-            try :
-                dirname = os.path.dirname(__file__)
-                filename = os.path.join(dirname, file)
+            filename = os.path.basename(file)
+            if not filename:
+                return render(request, "Lab/ssrf/ssrf_lab.html", {"blog": "No blog found"})
+            dirname = os.path.dirname(__file__)
+            filename = os.path.join(dirname, filename)
+            try:
                 file = open(filename,"r")
                 data = file.read()
                 return render(request,"Lab/ssrf/ssrf_lab.html",{"blog":data})
@@ -944,7 +893,6 @@ def ssrf_target(request):
         return render(request,"Lab/ssrf/ssrf_target.html")
     else:
         return render(request,"Lab/ssrf/ssrf_target.html",{"access_denied":True})
-
 @authentication_decorator
 def ssrf_lab2(request):
     if request.method == "GET":
@@ -952,11 +900,18 @@ def ssrf_lab2(request):
 
     elif request.method == "POST":
         url = request.POST["url"]
-        try:
-            response = requests.get(url)
-            return render(request, "Lab/ssrf/ssrf_lab2.html", {"response": response.content.decode()})
-        except:
-            return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Invalid URL"})
+        parsed_url = urlparse(url)
+        allowed_schemes = ['http', 'https']
+        allowed_hosts = ['example.com', 'other-allowed-host.com']  
+        if parsed_url.scheme in allowed_schemes and parsed_url.netloc in allowed_hosts:
+            try:
+                response = requests.get(url)
+                return render(request, "Lab/ssrf/ssrf_lab2.html", {"response": response.content.decode()})
+            except:
+                return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Invalid URL"})
+        else:
+            return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Forbidden URL"})
+
 #--------------------------------------- Server-side template injection --------------------------------------#
 
 def ssti(request):
@@ -964,6 +919,9 @@ def ssti(request):
         return render(request,"Lab_2021/A3_Injection/ssti.html")
     else:
         return redirect('login')
+from django import template
+from django.utils.safestring import mark_safe
+from markdown import markdown
 
 def ssti_lab(request):
     if request.user.is_authenticated:
@@ -974,7 +932,7 @@ def ssti_lab(request):
             blog = request.POST["blog"]
             id = str(uuid.uuid4()).split('-')[-1]
 
-            blog = filter_blog(blog)
+            blog = markdown(mark_safe(filter_blog(blog)))  # sanitized user input
             prepend_code = "{% extends 'introduction/base.html' %}\
                 {% block content %}{% block title %}\
                 <title>SSTI-Blogs</title>\
@@ -1007,6 +965,8 @@ def crypto_failure(request):
         return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure.html",{"success":False,"failure":False})
     else:
         redirect('login')
+import hashlib
+import os
 
 def crypto_failure_lab(request):
     if request.user.is_authenticated:
@@ -1015,10 +975,15 @@ def crypto_failure_lab(request):
         elif request.method=="POST":
             username = request.POST["username"]
             password = request.POST["password"]
+            salt = os.urandom(16)
+            key = hashlib.scrypt(password.encode(), salt=salt, n=16384, r=8, p=1)
             try:
-                password = md5(password.encode()).hexdigest()
-                user = CF_user.objects.get(username=username,password=password)
-                return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html",{"user":user, "success":True,"failure":False})
+                user = CF_user.objects.get(username=username)
+                stored_key = user.password
+                if hashlib.scrypt(password.encode(), salt=stored_key[:16], n=16384, r=8, p=1) == stored_key[16:]:
+                    return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html",{"user":user, "success":True,"failure":False})
+                else:
+                    return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html",{"success":False, "failure":True})
             except:
                 return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab.html",{"success":False, "failure":True})
     else :
@@ -1037,7 +1002,6 @@ def crypto_failure_lab2(request):
                 return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html",{"user":user, "success":True,"failure":False})
             except:
                 return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html",{"success":False, "failure":True})
-
 # based on CWE-319
 def crypto_failure_lab3(request):
     if request.user.is_authenticated:
@@ -1066,20 +1030,18 @@ def crypto_failure_lab3(request):
                     expire = datetime.datetime.now() + datetime.timedelta(minutes=60)
                     cookie = f"{username}|{expire}"
                     response = render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":True, "failure":False , "admin":False})
-                    response.set_cookie("cookie", cookie)
+                    response.set_cookie("cookie", cookie, secure=True, httponly=True, samesite='Lax')
                     response.status_code = 200
                     return response
                 else:
                     response = render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab3.html",{"success":False, "failure":True})
-                    response.set_cookie("cookie", None)
+                    response.set_cookie("cookie", None, secure=True, httponly=True, samesite='Lax')
                     return response
             except:
                 return render(request,"Lab_2021/A2_Crypto_failur/crypto_failure_lab2.html",{"success":False, "failure":True})
 
 #-----------------------------------------------SECURITY MISCONFIGURATION -------------------
 from pygoat.settings import SECRET_COOKIE_KEY
-
-
 def sec_misconfig_lab3(request):
     if not request.user.is_authenticated:
         return redirect('login')
@@ -1099,7 +1061,7 @@ def sec_misconfig_lab3(request):
 
         cookie = jwt.encode(payload, SECRET_COOKIE_KEY, algorithm='HS256')
         response = render(request,"Lab/sec_mis/sec_mis_lab3.html", {"admin":False} )
-        response.set_cookie(key = "auth_cookie", value = cookie)
+        response.set_cookie(key = "auth_cookie", value = cookie, secure=True, httponly=True, samesite='Lax')
         return response
 
 # - ------------------------Identification and Authentication Failures--------------------------------
@@ -1159,7 +1121,6 @@ def auth_failure_lab2(request):
     "User3":{"userid":"3", "username":"User3", "password": "5a91a66f0c86b5435fe748706b99c17e6e54a17e03c2a3ef8d0dfa918db41cf6"},
     "User4":{"userid":"4", "username":"User4", "password": "6046bc3337728a60967a151ee584e4fd7c53740a49485ebdc38cac42a255f266"}
 }
-
 # USER_A7_LAB3 = {
 #     "User1":{"userid":"1", "username":"User1", "password": "Hash1"},
 #     "User2":{"userid":"2", "username":"User2", "password": "Hash2"},
@@ -1168,7 +1129,6 @@ def auth_failure_lab2(request):
 # }
 
 @authentication_decorator
-@csrf_exempt
 def auth_failure_lab3(request):
     if request.method == "GET":
         try:
@@ -1187,14 +1147,14 @@ def auth_failure_lab3(request):
             password = hashlib.sha256(password.encode()).hexdigest()
         except:
             response = render(request, "Lab_2021/A7_auth_failure/lab3.html")
-            response.set_cookie("session_id", None)
+            response.set_cookie("session_id", None, secure=True, httponly=True, samesite='Lax')
             return response
 
         if USER_A7_LAB3[username]['password'] == password:
             session_data = AF_session_id.objects.create(session_id=token, user=USER_A7_LAB3[username]['username'])
             session_data.save()
             response = render(request, "Lab_2021/A7_auth_failure/lab3.html", {"success":True, "failure":False, "username":username})
-            response.set_cookie("session_id", token)
+            response.set_cookie("session_id", token, secure=True, httponly=True, samesite='Lax')
             return response
 
 #-- coding playground for lab2