diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts/index.md
index c1afc60502..e97389f9ed 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts/index.md
@@ -3,8 +3,14 @@ title: Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts()
---
## Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts()
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- You want your `app` to `use` helmet's `hsts()` method.
+- Don't forget to give the methed the appropriate `maxAge` and `force` configurations.
-
+### Solution
+
+- In the `myApp.js` file, create a variable to use for the `maxAge` configuration by adding `var ninetyDaysInMilliseconds = 90*24*60*60*1000;` under the seventh instructions.
+- Then, on the next line add `app.use(helmet.hsts({ maxAge: ninetyDaysInMilliseconds, force: true }));`.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/avoid-inferring-the-response-mime-type-with-helmet.nosniff/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/avoid-inferring-the-response-mime-type-with-helmet.nosniff/index.md
index 160229c232..63693a29d2 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/avoid-inferring-the-response-mime-type-with-helmet.nosniff/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/avoid-inferring-the-response-mime-type-with-helmet.nosniff/index.md
@@ -3,8 +3,12 @@ title: Avoid Inferring the Response MIME Type with helmet.noSniff()
---
## Avoid Inferring the Response MIME Type with helmet.noSniff()
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- You want your `app` to `use` helmet's `noSniff()` method on each request.
-
+### Solution
+
+- In the `myApp.js` file add `app.use(helmet.noSniff());` under the fifth instructions.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/configure-helmet-using-the-parent-helmet-middleware/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/configure-helmet-using-the-parent-helmet-middleware/index.md
index 0c03c8a01d..9829436cc1 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/configure-helmet-using-the-parent-helmet-middleware/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/configure-helmet-using-the-parent-helmet-middleware/index.md
@@ -3,8 +3,8 @@ title: Configure Helmet Using the ‘parent’ helmet() Middleware
---
## Configure Helmet Using the ‘parent’ helmet() Middleware
-This is a stub. Help our community expand it.
+### Solution
-This quick style guide will help ensure your pull request gets accepted.
+- This lesson describes additional details on how to better use helmet and requires no modifications to the project to complete it.
-
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-client-side-caching-with-helmet.nocache/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-client-side-caching-with-helmet.nocache/index.md
index 60a25eee27..89e302d746 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-client-side-caching-with-helmet.nocache/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-client-side-caching-with-helmet.nocache/index.md
@@ -3,8 +3,12 @@ title: Disable Client-Side Caching with helmet.noCache()
---
## Disable Client-Side Caching with helmet.noCache()
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- You want your `app` to `use` helmet's `noCache()` method.
-
+### Solution
+
+- In the `myApp.js` file, add `app.use(helmet.noCache());` under the ninth instruction.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-dns-prefetching-with-helmet.dnsprefetchcontrol/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-dns-prefetching-with-helmet.dnsprefetchcontrol/index.md
index 0aaa8452f6..ae920a9661 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-dns-prefetching-with-helmet.dnsprefetchcontrol/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-dns-prefetching-with-helmet.dnsprefetchcontrol/index.md
@@ -3,8 +3,12 @@ title: Disable DNS Prefetching with helmet.dnsPrefetchControl()
---
## Disable DNS Prefetching with helmet.dnsPrefetchControl()
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- You want your `app` to `use` helmet's `dnsPrefetchControl()` method.
-
+### Solution
+
+- In the `myApp.js` file add `app.use(helmet.dnsPrefetchControl());` under the eighth instructions.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-asynchronously/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-asynchronously/index.md
index d2ba3e8143..342dd40590 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-asynchronously/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-asynchronously/index.md
@@ -3,8 +3,24 @@ title: Hash and Compare Passwords Asynchronously
---
## Hash and Compare Passwords Asynchronously
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- The code for this lesson goes between the `//START_ASYNC` and `//END_ASYNC` lines in your server file.
+- Use bcrypt's `hash()` method to hash a `plain text password` with a specific number of `salt rounds`.
+- Then use bcrypt's `compare()` method to compare a `plain text password` with the results from the hash.
-
+### Solution
+
+- In the `server.js` file, add:
+```javascript
+bcrypt.hash(myPlaintextPassword, saltRounds, (err, hash) => {
+ console.log(hash);
+ bcrypt.compare(myPlaintextPassword, hash, (err, res) => {
+ console.log(res);
+ });
+});
+```
+between the `//START_ASYNC` and `//END_ASYNC` lines.
+- Check the console to see the results from the methods.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-synchronously/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-synchronously/index.md
index 35aca0fc32..bc0aceee12 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-synchronously/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-synchronously/index.md
@@ -3,8 +3,22 @@ title: Hash and Compare Passwords Synchronously
---
## Hash and Compare Passwords Synchronously
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- The code for this lesson goes between the `//START_SYNC` and `//END_SYNC` lines in your server file.
+- Use bcrypt's `hashSync()` method to hash a `plain text password` with a specific number of `salt rounds`, and set the results to a variable.
+- Then use bcrypt's `compareSync()` method to compare a `plain text password` against the variable.
-
+### Solution
+
+- In the `server.js` file, add:
+```javascript
+let hash = bcrypt.hashSync(myPlaintextPassword, saltRounds);
+console.log(hash);
+let result = bcrypt.compareSync(myPlaintextPassword, hash);
+console.log(result);
+```
+between the `//START_SYNC` and `//END_SYNC` lines.
+- Check the console to see the results from the methods.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/index.md
index e9b437d3b1..2c4eaf4234 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/index.md
@@ -3,11 +3,12 @@ title: Information Security with HelmetJS
---
## Information Security with HelmetJS
-This is a stub. Help our community expand it.
+This set of lessons has two parts:
+- The first part teaches how to introduce more security to your web site with helmetJS
+- The second part teaches you how to encrypt passwords with bcrypt
-This quick style guide will help ensure your pull request gets accepted.
-
-
+Each part has it's own boilerplate project to get you started.
#### More Information:
-
+[Helmet](https://helmetjs.github.io/)
+[bcrypt](https://github.com/kelektiv/node.bcrypt.js#readme)
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen/index.md
index 5fab10d89b..f159da82bf 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen/index.md
@@ -3,8 +3,12 @@ title: Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()
---
## Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- You want your `app` to `use` helmet's `ieNoOpen()` method on each request.
-
+### Solution
+
+- In the `myApp.js` file add `app.use(helmet.ieNoOpen());` under the sixth instructions.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/set-a-content-security-policy-with-helmet.contentsecuritypolicy/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/set-a-content-security-policy-with-helmet.contentsecuritypolicy/index.md
index af86ac1fd0..ed551ba456 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/set-a-content-security-policy-with-helmet.contentsecuritypolicy/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/set-a-content-security-policy-with-helmet.contentsecuritypolicy/index.md
@@ -3,8 +3,13 @@ title: Set a Content Security Policy with helmet.contentSecurityPolicy()
---
## Set a Content Security Policy with helmet.contentSecurityPolicy()
-This is a stub. Help our community expand it.
+### Hint
-This quick style guide will help ensure your pull request gets accepted.
+- You want your `app` to `use` helmet's `contentSecurityPolicy()` method.
+- Be sure to give the `directives` object in the configuration a `defaultSrc` and `scriptSrc`.
-
+### Solution
+
+- In the `myApp.js` file, add `app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'", "trusted-cdn.com"] }} ))` under the tenth instruction.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.
diff --git a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes/index.md b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes/index.md
index d700515072..b68ad87ca4 100644
--- a/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes/index.md
+++ b/guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes/index.md
@@ -3,8 +3,16 @@ title: Understand BCrypt Hashes
---
## Understand BCrypt Hashes
-This is a stub. Help our community expand it.
+**Starting with this lesson there is a new boilerplate project to clone on glitch.** So be sure to start by cloning that first!
-This quick style guide will help ensure your pull request gets accepted.
+### Hint
-
+- Add `bcrypt` to your project as a dependency.
+- After you add it, you need to require it in the server file.
+
+### Solution
+
+- In the `package.json` file, click the `add package` button, search for `bcrypt`, and click it to add it to your project.
+- Then, go in the `server.js` file, and require it by adding `const bcrypt = require('bcrypt');` near the top of the file by the rest of the dependencies.
+
+**Note:** Be sure to submit the link to the **live demo** of your project.