diff --git a/README.md b/README.md
index b3d2908..850287c 100755
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ in the application.
 To run them, though, you'll first need to [install PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs),
 which is required by the Poltergeist Capybara driver. Then just rake:
 
-  rake
+  rake training
 
 NOTE: As vulnerabilities are fixed in the application, these specs won't change from to passing but to _pending_.
 
diff --git a/lib/tasks/traning.rake b/lib/tasks/traning.rake
new file mode 100644
index 0000000..2a40c39
--- /dev/null
+++ b/lib/tasks/traning.rake
@@ -0,0 +1,4 @@
+desc 'run training tests'
+task :training do
+  Rake::Task["spec:vulnerabilities"].invoke
+end
\ No newline at end of file
diff --git a/spec/support/capybara_shared.rb b/spec/support/capybara_shared.rb
index 6e3657d..2f982f9 100644
--- a/spec/support/capybara_shared.rb
+++ b/spec/support/capybara_shared.rb
@@ -16,7 +16,7 @@ def verifying_fixed?
 ******************************************************************************
   You are running the RailsGoat Capybara Specs in Training mode. These specs
   are supposed to fail, indicating vulnerabilities exist. They contain
-  spoilers, so do not read the code in spec/features if your goal is to
+  spoilers, so do not read the code in spec/vulnerabilities if your goal is to
   learn more about patching the vulnerabilities. You should fix the
   vulnerabilities in the application in order to get these specs to pass**.
   You can use them to measure your progress.
diff --git a/spec/vulnerabilities/password_hashing_spec.rb b/spec/vulnerabilities/password_hashing_spec.rb
new file mode 100644
index 0000000..077a352
--- /dev/null
+++ b/spec/vulnerabilities/password_hashing_spec.rb
@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+feature 'improper password hashing' do
+  before do
+    UserFixture.reset_all_users
+    @normal_user = UserFixture.normal_user
+  end
+
+  scenario 'with just md5' do
+    new_pass = 'testpassword'
+    @normal_user.password = new_pass
+    @normal_user.password_confirmation = new_pass
+    @normal_user.save
+    pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
+  end
+
+  scenario 'with md5 and salt' do
+    pending unless @normal_user.has_attribute?('salt')
+    new_pass = 'testpassword'
+    @normal_user.password = new_pass
+    @normal_user.password_confirmation = new_pass
+    @normal_user.save
+    pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
+  end
+end
\ No newline at end of file