diff --git a/.travis.yml b/.travis.yml
index 8c734ac..4ae7691 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,5 @@
 language: ruby
 rvm:
   - "1.9.3"
-before_script: rake db:migrate
+before_script: rake db:setup
+env: RAILSGOAT_MAINTAINER=true
\ No newline at end of file
diff --git a/Gemfile b/Gemfile
index b175ad7..253dec3 100755
--- a/Gemfile
+++ b/Gemfile
@@ -25,8 +25,9 @@ end
 gem 'gauntlt'
 
 group :development, :test do
+  gem 'launchy'
   gem 'capybara'
-  gem 'database_cleaner'
+  gem 'database_cleaner', '< 1.1.0'
   gem 'poltergeist'
   gem 'rspec-rails'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index dc27f3d..8bf624c 100755
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -28,6 +28,7 @@ GEM
     activesupport (3.2.13)
       i18n (= 0.6.1)
       multi_json (~> 1.0)
+    addressable (2.3.5)
     arel (3.0.2)
     aruba (0.5.3)
       childprocess (>= 0.3.6)
@@ -70,7 +71,7 @@ GEM
       diff-lcs (>= 1.1.3)
       gherkin (~> 2.12.0)
       multi_json (~> 1.3)
-    database_cleaner (1.1.1)
+    database_cleaner (1.0.1)
     diff-lcs (1.2.4)
     em-websocket (0.5.0)
       eventmachine (>= 0.12.9)
@@ -124,6 +125,8 @@ GEM
       thor (>= 0.14, < 2.0)
     json (1.7.7)
     kgio (2.8.0)
+    launchy (2.3.0)
+      addressable (~> 2.3)
     libv8 (3.16.14.3)
     listen (0.7.3)
     lumberjack (1.0.3)
@@ -172,7 +175,7 @@ GEM
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
     raindrops (0.10.0)
-    rake (10.0.4)
+    rake (10.1.0)
     rb-fsevent (0.9.3)
     rdoc (3.12.2)
       json (~> 1.4)
@@ -248,7 +251,7 @@ DEPENDENCIES
   bundler-audit
   capybara
   coffee-rails (~> 3.2.1)
-  database_cleaner
+  database_cleaner (< 1.1.0)
   execjs
   foreman
   gauntlt
@@ -258,6 +261,7 @@ DEPENDENCIES
   guard-shell
   jquery-fileupload-rails
   jquery-rails
+  launchy
   poltergeist
   powder
   pry
diff --git a/README.md b/README.md
index 2f87ac6..b3d2908 100755
--- a/README.md
+++ b/README.md
@@ -5,13 +5,11 @@
 
 	cd railsgoat
 
-	rvm use 1.9.3@railsgoat --create
+	rvm use 1.9.3@railsgoat --create # https://rvm.io/
 
 	bundle
 
-	rake db:create
-
-	rake db:migrate
+	rake db:setup
 
 	rails s
 
@@ -51,6 +49,8 @@ Then proceed with browsing the site as normal :thumbsup:
 
 [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat)
 
+[![Build Status](https://travis-ci.org/mccabe615/railsgoat.png?branch=master)](https://travis-ci.org/mccabe615/railsgoat)
+
 ### License Stuff ###
 
 The MIT License (MIT)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ce51404..e7f1684 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,12 +1,12 @@
 class UsersController < ApplicationController
-  
+
   skip_before_filter :has_info
   skip_before_filter :authenticated, :only => [:new, :create]
-  
+
   def new
     @user = User.new
   end
-  
+
   def create
     user = User.new(params[:user])
     user.build_benefits_data
@@ -15,35 +15,41 @@ class UsersController < ApplicationController
       redirect_to home_dashboard_index_path
     else
       @user = user
-      render :new
+      flash[:error] = user.errors.full_messages.to_sentence
+      redirect_to :sign_up
     end
   end
-  
+
   def account_settings
     @user = current_user
   end
-  
+
   def update
     message = false
     #Safest
     # user = current_user
-    
+
     # Still an Insecure DoR vulnerability
     #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
-    
+
     user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
-    user.skip_user_id_assign = true
-    user.skip_hash_password = true
-    user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
-    if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
-      user.skip_hash_password = false
-      user.password = params[:user][:password]
-    end 
-    message = true if user.save!
-    respond_to do |format|
-      format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }
-      format.json { render :json => {:msg => message ? "success" : "false "} }
+    if user
+      user.skip_user_id_assign = true
+      user.skip_hash_password = true
+      user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
+      if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
+        user.skip_hash_password = false
+        user.password = params[:user][:password]
+      end
+      message = true if user.save!
+      respond_to do |format|
+        format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }
+        format.json { render :json => {:msg => message ? "success" : "false "} }
+      end
+    else
+      flash[:error] = "Could not update user!"
+      redirect_to user_account_settings_path(:user_id => current_user.user_id)
     end
   end
-  
-end
+
+end
\ No newline at end of file
diff --git a/gauntlt_scripts/sqlmap.attack b/gauntlt_scripts/sqlmap.attack
new file mode 100644
index 0000000..f766c61
--- /dev/null
+++ b/gauntlt_scripts/sqlmap.attack
@@ -0,0 +1,17 @@
+#sqlmap.attack
+Feature: Run sqlmap against a target
+  # See:
+  #   https://github.com/sqlmapproject/sqlmap/wiki/Usage
+
+  Scenario: Identify SQL injection vulnerabilities
+  	Given "sqlmap" is installed
+  	And the following profile:
+    	| target_url  | http://localhost:300/|
+  	When I launch a "sqlmap" attack with:
+    	"""
+    	/usr/bin/python <sqlmap_path> -u <target_url> --dbms sqlite
+    	"""
+  	Then the output should contain:
+    	"""
+    	sqlmap identified the following injection points
+    	"""
\ No newline at end of file
diff --git a/spec/features/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb
similarity index 100%
rename from spec/features/broken_auth_spec.rb
rename to spec/vulnerabilities/broken_auth_spec.rb
diff --git a/spec/features/command_injection_spec.rb b/spec/vulnerabilities/command_injection_spec.rb
similarity index 100%
rename from spec/features/command_injection_spec.rb
rename to spec/vulnerabilities/command_injection_spec.rb
diff --git a/spec/features/csrf_spec.rb b/spec/vulnerabilities/csrf_spec.rb
similarity index 100%
rename from spec/features/csrf_spec.rb
rename to spec/vulnerabilities/csrf_spec.rb
diff --git a/spec/features/info_disclosure_spec.rb b/spec/vulnerabilities/info_disclosure_spec.rb
similarity index 100%
rename from spec/features/info_disclosure_spec.rb
rename to spec/vulnerabilities/info_disclosure_spec.rb
diff --git a/spec/features/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb
similarity index 100%
rename from spec/features/insecure_dor_spec.rb
rename to spec/vulnerabilities/insecure_dor_spec.rb
diff --git a/spec/features/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb
similarity index 100%
rename from spec/features/mass_assignment_spec.rb
rename to spec/vulnerabilities/mass_assignment_spec.rb
diff --git a/spec/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb
new file mode 100644
index 0000000..a92bcbd
--- /dev/null
+++ b/spec/vulnerabilities/password_complexity_spec.rb
@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+feature 'password complexity' do
+  before do
+    UserFixture.reset_all_users
+    @normal_user = UserFixture.normal_user
+  end
+
+  scenario 'one' do
+    visit '/signup'
+    within('.signup') do
+      fill_in 'user_email', :with => @normal_user.email + 'not'
+      fill_in 'user_first_name', :with => @normal_user.first_name
+      fill_in 'user_last_name', :with => @normal_user.last_name + 'not'
+      fill_in 'user_password', :with => 'password'
+      fill_in 'user_password_confirmation', :with => 'password'
+    end
+    click_on 'Submit'
+    pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'}
+  end
+end
\ No newline at end of file
diff --git a/spec/features/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb
similarity index 100%
rename from spec/features/sql_injection_spec.rb
rename to spec/vulnerabilities/sql_injection_spec.rb
diff --git a/spec/features/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb
similarity index 100%
rename from spec/features/unvalidated_redirects_spec.rb
rename to spec/vulnerabilities/unvalidated_redirects_spec.rb
diff --git a/spec/features/url_access_spec.rb b/spec/vulnerabilities/url_access_spec.rb
similarity index 100%
rename from spec/features/url_access_spec.rb
rename to spec/vulnerabilities/url_access_spec.rb
diff --git a/spec/features/xss_spec.rb b/spec/vulnerabilities/xss_spec.rb
similarity index 100%
rename from spec/features/xss_spec.rb
rename to spec/vulnerabilities/xss_spec.rb