diff --git a/Gemfile b/Gemfile
index 219755b..74972e1 100755
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 #don't upgrade
 gem 'rails', '3.2.11'
-gem 'rack', '1.4.3'
+gem 'rack', '1.4.0'
 
 # Bundle edge Rails instead:
 # gem 'rails', :git => 'git://github.com/rails/rails.git'
diff --git a/Gemfile.lock b/Gemfile.lock
index 4c937ea..0d34071 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -167,7 +167,7 @@ GEM
       coderay (~> 1.0)
       method_source (~> 0.8)
       slop (~> 3.4)
-    rack (1.4.3)
+    rack (1.4.0)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-livereload (0.3.15)
@@ -293,7 +293,7 @@ DEPENDENCIES
   poltergeist
   powder
   pry
-  rack (= 1.4.3)
+  rack (= 1.4.0)
   rack-livereload
   rails (= 3.2.11)
   rb-fsevent
diff --git a/app/views/layouts/tutorial/access_control/_access_control_first.html.erb b/app/views/layouts/tutorial/access_control/_access_control_first.html.erb
index 832abb1..7dd02ed 100644
--- a/app/views/layouts/tutorial/access_control/_access_control_first.html.erb
+++ b/app/views/layouts/tutorial/access_control/_access_control_first.html.erb
@@ -66,13 +66,13 @@
         </p>  
         <p><b>Failure to Restrict URL Access - SOLUTION</b></p>
         <p class="desc">
-        The code is already available to restrict access to the admin controller by role within app/controllers/application_controller.rb. The additional condition that if the admin_id param equals 1 means the filter can be circumvented by an attacker. The way to fix this issue is to enforce the filter on all access requests to the admin dashboard as follows:
+        The code is already available to restrict access to the admin controller by role within app/controllers/application_controller.rb. The additional condition that if the admin_id param equals 1 means the filter can be circumvented by an attacker. The way to fix this issue is to remove the conditional and enforce the filter on all access requests to the admin dashboard as follows:
         </p>
         <pre class="ruby">
         <%= %q{
         class AdminController < ApplicationController
         
-          before_filter :administrative, :if => :admin_param
+          before_filter :administrative
         } %>
         </pre>
         </div>
diff --git a/app/views/layouts/tutorial/misconfig/_misconfig_first.html.erb b/app/views/layouts/tutorial/misconfig/_misconfig_first.html.erb
index 076fab2..4679e7c 100755
--- a/app/views/layouts/tutorial/misconfig/_misconfig_first.html.erb
+++ b/app/views/layouts/tutorial/misconfig/_misconfig_first.html.erb
@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A6 - Security Misconfiguration
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A5 - Security Misconfiguration
       </div>
     </div>
     <div class="widget-body">
diff --git a/app/views/layouts/tutorial/misconfig/_misconfig_second.html.erb b/app/views/layouts/tutorial/misconfig/_misconfig_second.html.erb
index db874d7..e7635b1 100644
--- a/app/views/layouts/tutorial/misconfig/_misconfig_second.html.erb
+++ b/app/views/layouts/tutorial/misconfig/_misconfig_second.html.erb
@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A6 - Security Misconfiguration
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A5 - Security Misconfiguration
       </div>
     </div>
     <div class="widget-body">