diff --git a/docs/content/images/rfc6479_abstract_flow_alternative.png b/docs/content/images/rfc6479_abstract_flow_alternative.png
deleted file mode 100644
index 83f61ab..0000000
Binary files a/docs/content/images/rfc6479_abstract_flow_alternative.png and /dev/null differ
diff --git a/docs/content/images/rfc6479_abstract_flow.png b/docs/content/images/rfc6749_abstract_flow.png
similarity index 100%
rename from docs/content/images/rfc6479_abstract_flow.png
rename to docs/content/images/rfc6749_abstract_flow.png
diff --git a/docs/content/images/rfc6479_code_grant.png b/docs/content/images/rfc6749_code_grant.png
similarity index 100%
rename from docs/content/images/rfc6479_code_grant.png
rename to docs/content/images/rfc6749_code_grant.png
diff --git a/docs/content/security_resources.md b/docs/content/security_resources.md
index d0ec9c7..3efc29b 100644
--- a/docs/content/security_resources.md
+++ b/docs/content/security_resources.md
@@ -15,8 +15,3 @@
* [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/)
* [OWASP Software Assurance Maturity Model](https://owaspsamm.org/)
----
-
-## Going deeper into A&A?
-
-![OAuth2 in Action](content/images/oauth2inaction.jpeg)
diff --git a/docs/content/the_basics_of_aanda_1.md b/docs/content/the_basics_of_aanda_1.md
index 7789ef3..e547717 100644
--- a/docs/content/the_basics_of_aanda_1.md
+++ b/docs/content/the_basics_of_aanda_1.md
@@ -78,7 +78,7 @@ Many scenarios will require __your__ app/api's to play multiples roles, often in
[RFC6749 1.2](https://datatracker.ietf.org/doc/html/rfc6749#section-1.2)
-![Abstract flow](content/images/rfc6479_abstract_flow.png)
+![Abstract flow](content/images/rfc6749_abstract_flow.png)
@@ -125,11 +125,11 @@ Many scenarios will require __your__ app/api's to play multiples roles, often in
---
-## The Authorization Code Grant
[rfc6479 - 4.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
+## The Authorization Code Grant
[rfc6749 - 4.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
| | |
| - | - |
-| ![Code Grant](content/images/rfc6479_code_grant.png) | ![Code Grant](content/images/actors.jpg) |
+| ![Code Grant](content/images/rfc6749_code_grant.png) | ![Code Grant](content/images/actors.jpg) |
---
diff --git a/docs/content/wrap-up.md b/docs/content/wrap-up.md
index 0abea2b..a015bc8 100644
--- a/docs/content/wrap-up.md
+++ b/docs/content/wrap-up.md
@@ -6,6 +6,7 @@
* Microsoft Entra ID App Registrations
* Remove unused Github CodeSpaces
+* Remove unused Github CodeSpace Secrets
---
diff --git a/ex-02/doc/preparing_the_environment.md b/ex-02/doc/preparing_the_environment.md
index d07a227..d3c1b7e 100644
--- a/ex-02/doc/preparing_the_environment.md
+++ b/ex-02/doc/preparing_the_environment.md
@@ -26,4 +26,4 @@ npm test
## --Now You--
* Do the steps
-* When done post the time it took to run the tests to the workshop Slack channel
+* When done post the time it took to run the tests to the workshop Slack channel ⚡️
diff --git a/ex-04/doc/exploring_oauth2_frameworks.md b/ex-04/doc/exploring_oauth2_frameworks.md
index 183e0b0..2f589eb 100644
--- a/ex-04/doc/exploring_oauth2_frameworks.md
+++ b/ex-04/doc/exploring_oauth2_frameworks.md
@@ -12,7 +12,7 @@ The purpose of this section is to list and perhaps discuss a few frameworks for
## --Now You--
* Spend a few minutes browsing and make yourself familiar with the resources
-* Drop a message on the course slack channel state which authentication library you are using today (if any)
+* Drop a message on the course slack channel state which authentication library you are using today (if any) ⚡️
## --Discuss security issues and good practices--
diff --git a/ex-04/doc/preparing_the_environment.md b/ex-04/doc/preparing_the_environment.md
index 03a7918..c3fb77e 100644
--- a/ex-04/doc/preparing_the_environment.md
+++ b/ex-04/doc/preparing_the_environment.md
@@ -22,4 +22,4 @@ Steps:
## --Now You--
* Do the steps
-* When done post the output the last two lines of the **npm test** command to the course Slack channel
+* When done post the output the last two lines of the **npm test** command to the course Slack channel ⚡️
diff --git a/ex-06/doc/scenario_2.md b/ex-06/doc/scenario_2.md
index 87d30a5..e573440 100644
--- a/ex-06/doc/scenario_2.md
+++ b/ex-06/doc/scenario_2.md
@@ -40,7 +40,7 @@ Steps:
* You may have to start / stop the back-end between changes.
* Do the steps above
* Login to your application and figure out how to observe the changes (Hint: "id token")
-* When done - post how many AD groups you are member of into the course Slack channel.
+* When done - post how many AD groups you are member of into the course Slack channel. ⚡️
### --Further experiments-- (🥸)
diff --git a/ex-10/doc/the_scenario.md b/ex-10/doc/0_the_scenario.md
similarity index 100%
rename from ex-10/doc/the_scenario.md
rename to ex-10/doc/0_the_scenario.md
diff --git a/ex-10/doc/registering_api_in_azure_ad.md b/ex-10/doc/1_registering_api_in_azure_ad.md
similarity index 97%
rename from ex-10/doc/registering_api_in_azure_ad.md
rename to ex-10/doc/1_registering_api_in_azure_ad.md
index b6b20e5..b31cae0 100644
--- a/ex-10/doc/registering_api_in_azure_ad.md
+++ b/ex-10/doc/1_registering_api_in_azure_ad.md
@@ -36,5 +36,5 @@ Steps:
## --Now You--
* Do the steps above
-* When done; post a message to the course Slack channel and include your api's scope (api://..../...)
+* When done; post a message to the course Slack channel and include your api's scope (api://..../...) ⚡️
diff --git a/ex-10/doc/exploring_the_client_code.md b/ex-10/doc/2_exploring_the_client_code.md
similarity index 100%
rename from ex-10/doc/exploring_the_client_code.md
rename to ex-10/doc/2_exploring_the_client_code.md
diff --git a/ex-10/doc/exploring_the_api_code.md b/ex-10/doc/3_exploring_the_api_code.md
similarity index 100%
rename from ex-10/doc/exploring_the_api_code.md
rename to ex-10/doc/3_exploring_the_api_code.md
diff --git a/ex-10/doc/configure_client_and_api.md b/ex-10/doc/4_configure_client_and_api.md
similarity index 100%
rename from ex-10/doc/configure_client_and_api.md
rename to ex-10/doc/4_configure_client_and_api.md
diff --git a/ex-10/doc/execute_client_and_api.md b/ex-10/doc/5_execute_client_and_api.md
similarity index 100%
rename from ex-10/doc/execute_client_and_api.md
rename to ex-10/doc/5_execute_client_and_api.md
diff --git a/ex-10/doc/swapping_tech_for_episodes_api.md b/ex-10/doc/6_swapping_tech_for_episodes_api.md
similarity index 100%
rename from ex-10/doc/swapping_tech_for_episodes_api.md
rename to ex-10/doc/6_swapping_tech_for_episodes_api.md
diff --git a/ex-10/doc/protecting_apis.md b/ex-10/doc/7_protecting_apis.md
similarity index 98%
rename from ex-10/doc/protecting_apis.md
rename to ex-10/doc/7_protecting_apis.md
index 249549e..a082a8c 100644
--- a/ex-10/doc/protecting_apis.md
+++ b/ex-10/doc/7_protecting_apis.md
@@ -60,7 +60,7 @@ There are other security measures in the API implementation that we don't discus
* Document APIs using Swagger or OpenAPI spec
* Create security related test
* Use [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) as an guide line for testing and secure coding practices.
- * Apply tools to test your API's. (Fuzzers, OWASP ZAP etc..)
+ * Apply tools to test your API's. (Fuzzers, ZAP etc..)
* Test from the outside (integration, end-to-end) (utilizing all components?)
* Consult OWASP Top 10's
* [API](https://owasp.org/www-project-api-security/)
diff --git a/ex-10/readme.md b/ex-10/readme.md
index e3fb5d4..ee91a6c 100644
--- a/ex-10/readme.md
+++ b/ex-10/readme.md
@@ -4,11 +4,11 @@ In this exercise we will investigate how to protect web api's using OAuth2. We w
## Outline
-* [The Scenario](doc/the_scenario.md)
-* [Registering the API in Microsoft Entra ID](doc/registering_api_in_azure_ad.md)
-* [Exploring the Client Code](doc/exploring_the_client_code.md)
-* [Exploring the API Code](doc/exploring_the_api_code.md)
-* [Configure the Client and the API](doc/configure_client_and_api.md)
-* [Execute the Client and the API](doc/execute_client_and_api.md)
-* [Swapping from Node to Python on the Episodes API](doc/swapping_tech_for_episodes_api.md)
-* [Defense in depth - protecting API's](doc/protecting_apis.md) (🥸)
+* [1. The Scenario](doc/0_the_scenario.md)
+* [Registering the API in Microsoft Entra ID](doc/1_registering_api_in_azure_ad.md)
+* [Exploring the Client Code](doc/2_exploring_the_client_code.md)
+* [Exploring the API Code](doc/3_exploring_the_api_code.md)
+* [Configure the Client and the API](doc/4_configure_client_and_api.md)
+* [Execute the Client and the API](doc/5_execute_client_and_api.md)
+* [Swapping from Node to Python on the Episodes API](doc/6_swapping_tech_for_episodes_api.md)
+* [Defense in depth - protecting API's](doc/7_protecting_apis.md) (🥸)
diff --git a/ex-11/doc/the_scenario.md b/ex-11/doc/0_the_scenario.md
similarity index 100%
rename from ex-11/doc/the_scenario.md
rename to ex-11/doc/0_the_scenario.md
diff --git a/ex-11/doc/the_obo_flow.md b/ex-11/doc/1_the_obo_flow.md
similarity index 100%
rename from ex-11/doc/the_obo_flow.md
rename to ex-11/doc/1_the_obo_flow.md
diff --git a/ex-11/doc/quotes_code_config.md b/ex-11/doc/2_quotes_code_config.md
similarity index 100%
rename from ex-11/doc/quotes_code_config.md
rename to ex-11/doc/2_quotes_code_config.md
diff --git a/ex-11/doc/episodes_code_config.md b/ex-11/doc/3_episodes_code_config.md
similarity index 100%
rename from ex-11/doc/episodes_code_config.md
rename to ex-11/doc/3_episodes_code_config.md
diff --git a/ex-11/doc/client_code_config.md b/ex-11/doc/4_client_code_config.md
similarity index 100%
rename from ex-11/doc/client_code_config.md
rename to ex-11/doc/4_client_code_config.md
diff --git a/ex-11/doc/swapping_tech_for_episodes_api.md b/ex-11/doc/5_swapping_tech_for_episodes_api.md
similarity index 100%
rename from ex-11/doc/swapping_tech_for_episodes_api.md
rename to ex-11/doc/5_swapping_tech_for_episodes_api.md
diff --git a/ex-11/doc/swapping_tech_for_quotes_api.md b/ex-11/doc/6_swapping_tech_for_quotes_api.md
similarity index 100%
rename from ex-11/doc/swapping_tech_for_quotes_api.md
rename to ex-11/doc/6_swapping_tech_for_quotes_api.md
diff --git a/ex-11/doc/security_considerations.md b/ex-11/doc/7_security_considerations.md
similarity index 97%
rename from ex-11/doc/security_considerations.md
rename to ex-11/doc/7_security_considerations.md
index bff0506..b51aeb9 100644
--- a/ex-11/doc/security_considerations.md
+++ b/ex-11/doc/7_security_considerations.md
@@ -7,7 +7,7 @@
* Use frameworks as much as possible to handle the flows?
* Testability and frameworks are a potential issue.
* Using a lot of different technologies in projects sets high demand to team skills and capabilities.
-* Establish good practice around debugging/tracing to understand network flow (OWASP Zap)
+* Establish good practice around debugging/tracing to understand network flow (Zap)
* For NodeJS i recommend the Global Agent module to enable debugging using a network proxy
* Scan for open source components for known vulnerabilities
diff --git a/ex-11/readme.md b/ex-11/readme.md
index e8031ef..495c7c2 100644
--- a/ex-11/readme.md
+++ b/ex-11/readme.md
@@ -4,11 +4,11 @@ In this exercise we will investigate how to protect web api's using the OBO flow
## Outline
-* [The Scenario](doc/the_scenario.md)
-* [The On-Behalf-Of flow](doc/the_obo_flow.md)
-* [Quotes Api - Code, Config and start](doc/quotes_code_config.md)
-* [Episodes Api - Code, Config and start](doc/episodes_code_config.md)
-* [Client - Code, Config and start](doc/client_code_config.md)
-* [Swapping from Node to Python on the Episodes API](doc/swapping_tech_for_episodes_api.md)
-* [Swapping from Node to .net on the Quotes API](doc/swapping_tech_for_quotes_api.md)
-* [Security Considerations](doc/security_considerations.md)
+* [The Scenario](doc/0_the_scenario.md)
+* [The On-Behalf-Of flow](doc/1_the_obo_flow.md)
+* [Quotes Api - Code, Config and start](doc/2_quotes_code_config.md)
+* [Episodes Api - Code, Config and start](doc/3_episodes_code_config.md)
+* [Client - Code, Config and start](doc/4_client_code_config.md)
+* [Swapping from Node to Python on the Episodes API](doc/5_swapping_tech_for_episodes_api.md)
+* [Swapping from Node to .net on the Quotes API](doc/6_swapping_tech_for_quotes_api.md)
+* [Security Considerations](doc/7_security_considerations.md)