diff --git a/spec/vulnerabilities/csrf_spec.rb b/spec/vulnerabilities/csrf_spec.rb
index 375ae40..d876dab 100644
--- a/spec/vulnerabilities/csrf_spec.rb
+++ b/spec/vulnerabilities/csrf_spec.rb
@@ -10,7 +10,7 @@ feature "csrf" do
     pending unless verifying_fixed?
   end
 
-  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF", js: true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF", js: true do
     visit "/"
     # TODO: is there a way to get this without visiting root first?
     base_url = current_url
diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb
index 2434e61..50e5854 100644
--- a/spec/vulnerabilities/insecure_dor_spec.rb
+++ b/spec/vulnerabilities/insecure_dor_spec.rb
@@ -18,15 +18,17 @@ feature "insecure direct object reference" do
     visit download_url.sub(/name=(.*?)&/, "name=config/database.yml&")
 
     expect(page.status_code).not_to eq(200)
-    expect(page.response_headers["Content-Disposition"]).not_to include("database.yml")
+    expect(page.response_headers["Content-Disposition"].to_a).not_to include("database.yml")
   end
 
   scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
+    login(normal_user)
+
     expect(normal_user.id).not_to eq(another_user.id)
 
     visit "/users/#{another_user.id}/work_info"
 
-    expect(first("td").text).not_to include(another_user.name)
-    expect(first("td").text).to include(normal_user.name)
+    expect(first("td").text).not_to include(another_user.full_name)
+    expect(first("td").text).to include(normal_user.full_name)
   end
 end
diff --git a/spec/vulnerabilities/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb
index 43f6f59..5b40ca0 100644
--- a/spec/vulnerabilities/mass_assignment_spec.rb
+++ b/spec/vulnerabilities/mass_assignment_spec.rb
@@ -23,7 +23,7 @@ feature "mass assignment" do
     expect(normal_user.reload.admin).to be_falsy
   end
 
-  scenario "attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role" do
+  scenario "attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-Extras-Mass-Assignment-Admin-Role" do
     params = { user: {  admin: "t",
                         email: "hackety@h4x0rs.c0m",
                         first_name: "hackety",
@@ -33,6 +33,6 @@ feature "mass assignment" do
 
     page.driver.post "/users", params
 
-    expect(User.find_by(email: "hackety@h4x0rs.c0m")).to be_nil
+    expect(User.find_by(email: "hackety@h4x0rs.c0m").admin).to be_falsy
   end
 end
diff --git a/spec/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb
index a1ff494..97b9627 100644
--- a/spec/vulnerabilities/unvalidated_redirects_spec.rb
+++ b/spec/vulnerabilities/unvalidated_redirects_spec.rb
@@ -20,6 +20,7 @@ feature "unvalidated redirect" do
       click_on "Login"
     end
 
-    expect(current_url).to eq("/dashboard/home")
+    expect(current_url).to start_with("http://127.0.0.1")
+    expect(current_path).to eq("/dashboard/home")
   end
 end
diff --git a/spec/vulnerabilities/url_access_spec.rb b/spec/vulnerabilities/url_access_spec.rb
index f7d0468..4fa70ce 100644
--- a/spec/vulnerabilities/url_access_spec.rb
+++ b/spec/vulnerabilities/url_access_spec.rb
@@ -15,6 +15,6 @@ feature "url access" do
 
     visit "/admin/1/dashboard"
 
-    expect(current_path).to eq("/")
+    expect(current_path).to eq("/dashboard/home")
   end
 end