diff --git a/puzzles/webapp/1/1.cgi b/puzzles/webapp/1/1.cgi
new file mode 100755
index 0000000..c2a405d
--- /dev/null
+++ b/puzzles/webapp/1/1.cgi
@@ -0,0 +1,32 @@
+#!/usr/bin/python
+
+import cgi
+import cgitb
+
+print 'Content-Type: text/html'
+print ''
+
+print '''
+<html>
+	<head>
+		<title>1</title>
+		<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
+		<!-- key = ktFfb8R1Bw -->
+	</head>
+	<body>
+		<div id="wrapper">
+			<div id="content">
+				<h1>Web Application Challenge 1</h1>
+				<p>Through some manipulation or interpretation of this CGI script 
+				and the HTML page(s) that it generates, a 10 character key can be 
+				found.</p>
+				<p><strong>Find the key!</strong></p>
+			</div>
+			<div id="footer">
+				<p>Copyright &copy; 2009 LANS, LLC.</p>
+			</div>
+		</div>
+	</body>
+</html>
+'''
+
diff --git a/puzzles/webapp/1/key b/puzzles/webapp/1/key
new file mode 100644
index 0000000..c6f8085
--- /dev/null
+++ b/puzzles/webapp/1/key
@@ -0,0 +1 @@
+ktFfb8R1Bw
diff --git a/puzzles/webapp/2/2.cgi b/puzzles/webapp/2/2.cgi
new file mode 100755
index 0000000..4cfa463
--- /dev/null
+++ b/puzzles/webapp/2/2.cgi
@@ -0,0 +1,48 @@
+#!/usr/bin/python
+
+import cgi
+import cgitb
+cgitb.enable(context=10)
+
+fields = cgi.FieldStorage()
+
+print 'Content-Type: text/html'
+print ''
+
+
+print '''
+<html>
+	<head>
+		<title>2</title>
+		<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
+	</head>
+	<body>
+		<div id="wrapper">
+			<div id="content">
+				<h1>Web Application Challenge 2</h1>
+				<p>Through some manipulation or interpretation of this CGI script 
+				and the HTML page(s) that it generates, a 10 character key can be 
+				found.</p>
+				<p><strong>Find the key!</strong></p>
+				<p style="margin-top: 5em;">Question: How many geeks does it take to break a CGI?</p>
+'''
+
+# key = uq4G4dXrpx
+if (fields.has_key('num')):
+	print '''
+				<p style="color: #fff;">You entered %d.</p>
+	''' % int(fields['num'].value)
+
+print '''
+				<form method="get" action="two.py">
+					Enter an integer: <input name="num" type="text" size="10" />
+				</form>
+			</div>
+			<div id="footer">
+				<p>Copyright &copy; 2009 LANS, LLC.</p>
+			</div>
+		</div>
+	</body>
+</html>
+'''
+
diff --git a/puzzles/webapp/2/key b/puzzles/webapp/2/key
new file mode 100644
index 0000000..f460886
--- /dev/null
+++ b/puzzles/webapp/2/key
@@ -0,0 +1 @@
+uq4G4dXrpx
diff --git a/puzzles/webapp/3/3.cgi b/puzzles/webapp/3/3.cgi
new file mode 100755
index 0000000..bd24fe4
--- /dev/null
+++ b/puzzles/webapp/3/3.cgi
@@ -0,0 +1,73 @@
+#!/usr/bin/python
+
+import cgi
+import cgitb
+cgitb.enable(context=10)
+
+fields = cgi.FieldStorage()
+
+print 'Content-Type: text/html'
+print ''
+
+
+print '''
+<html>
+	<head>
+		<title>3</title>
+		<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
+	</head>
+	<body>
+		<div id="wrapper">
+			<div id="content">
+				<h1>Web Application Challenge 3</h1>
+				<p>Through some manipulation or interpretation of this CGI script 
+				and the HTML page(s) that it generates, a 10 character key can be 
+				found.</p>
+				<p><strong>Find the key!</strong></p>
+
+				<div class="vertsep"></div>
+'''
+
+PRODUCT_NAME = "Monkey of some kind"
+
+def purchase_success(quantity):
+	print '''
+				<p>Congratulations, your order for %d "%s" has been placed.</p>
+	''' % (quantity, PRODUCT_NAME)
+
+# key = BRrHdtdADI
+if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME:
+	product  = fields['product'].value
+	quantity = int(fields['quantity'].value)
+
+	purchase_success(quantity)
+else:
+	print '''
+
+				<h2>SALE: %s</h2>
+				<p>Use the order form below to place an order.</p>
+
+				<form method="get" action="3.py">
+					How many would you like?
+					<select name="quantity">
+						<option value="12">12</option>
+						<option value="24">24</option>
+						<option value="48">48</option>
+					</select>
+					<br /><br />
+					<input type="submit" value="Order!" />
+					<input type="hidden" name="product" value="%s" />
+				</form>
+	''' % (PRODUCT_NAME, PRODUCT_NAME)
+
+print '''
+
+			</div>
+			<div id="footer">
+				<p>Copyright &copy; 2009 LANS, LLC.</p>
+			</div>
+		</div>
+	</body>
+</html>
+'''
+
diff --git a/puzzles/webapp/3/key b/puzzles/webapp/3/key
new file mode 100644
index 0000000..4023e13
--- /dev/null
+++ b/puzzles/webapp/3/key
@@ -0,0 +1 @@
+BRrHdtdADI
diff --git a/puzzles/webapp/4/4.cgi b/puzzles/webapp/4/4.cgi
new file mode 100755
index 0000000..a069ad9
--- /dev/null
+++ b/puzzles/webapp/4/4.cgi
@@ -0,0 +1,76 @@
+#!/usr/bin/python
+
+import os
+import cgi
+import cgitb
+cgitb.enable(context=10)
+
+if os.environ.has_key('QUERY_STRING'):
+	os.environ['QUERY_STRING'] = ''
+
+fields = cgi.FieldStorage()
+
+print 'Content-Type: text/html'
+print ''
+
+print '''
+<html>
+	<head>
+		<title>4</title>
+		<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
+	</head>
+	<body>
+		<div id="wrapper">
+			<div id="content">
+				<h1>Web Application Challenge 4</h1>
+				<p>Through some manipulation or interpretation of this CGI script 
+				and the HTML page(s) that it generates, a 10 character key can be 
+				found.</p>
+				<p><strong>Find the key!</strong></p>
+
+				<div class="vertsep"></div>
+'''
+
+PRODUCT_NAME = "Unidentifiable garbage"
+
+def purchase_success(quantity):
+	print '''
+				<p>Congratulations, your order for %d "%s" has been placed.</p>
+	''' % (quantity, PRODUCT_NAME)
+
+# key = 765JBo4B54
+if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME:
+	product  = fields['product'].value
+	quantity = int(fields['quantity'].value)
+
+	purchase_success(quantity)
+else:
+	print '''
+
+				<h2>SALE: %s</h2>
+				<p>Use the order form below to place an order.</p>
+
+				<form method="post" action="4.py">
+					How many would you like?
+					<select name="quantity">
+						<option value="12">12</option>
+						<option value="24">24</option>
+						<option value="48">48</option>
+					</select>
+					<br /><br />
+					<input type="submit" value="Order!" />
+					<input type="hidden" name="product" value="%s" />
+				</form>
+	''' % (PRODUCT_NAME, PRODUCT_NAME)
+
+print '''
+
+			</div>
+			<div id="footer">
+				<p>Copyright &copy; 2009 LANS, LLC.</p>
+			</div>
+		</div>
+	</body>
+</html>
+'''
+
diff --git a/puzzles/webapp/4/key b/puzzles/webapp/4/key
new file mode 100644
index 0000000..606cf1d
--- /dev/null
+++ b/puzzles/webapp/4/key
@@ -0,0 +1 @@
+765JBo4B54
diff --git a/puzzles/webapp/binary.png b/puzzles/webapp/binary.png
new file mode 100644
index 0000000..81cecbf
Binary files /dev/null and b/puzzles/webapp/binary.png differ
diff --git a/puzzles/webapp/ctf.css b/puzzles/webapp/ctf.css
new file mode 100644
index 0000000..a1c53e0
--- /dev/null
+++ b/puzzles/webapp/ctf.css
@@ -0,0 +1,54 @@
+html,body {
+	height: 100%;
+	min-height: 100%;
+	background-color: #000000;
+	background-image: url("binary.png");
+	background-repeat: repeat-x repeat-y;
+	margin: 0;
+	padding: 0;
+}
+
+#wrapper {
+	min-height: 100%;
+	height: 100%;
+	width: 800px;
+	margin: 0 auto;
+	border-left: 2px solid #009900;
+	border-right: 2px solid #009900;
+	font: .9em monospace;
+	color: #009900;
+	padding: 0;
+	background: #000;
+}
+
+#content {
+	padding: 2em 1.5em 2em 1.5em;
+}
+
+#footer {
+	padding: 0;
+	margin: 0;
+	height: 2em;
+	line-height: 2em;
+	width: 800px;
+	text-align: center;
+}
+
+input {
+	background-color: #222;
+	color: #fff;
+	border: 1px solid #009900;
+	padding: 1px 2px 1px 2px;
+}
+
+h1,h2,h3,h4 {
+	padding-bottom: 5px;
+}
+
+.vertsep {
+	width: 100%;
+	height: 1px;
+	padding: 0;
+	margin: 2em auto 2em auto;
+	border-bottom: 1px dotted #222;
+}