diff --git a/Exercise/Writeup/lab03.md b/Exercise/Writeup/lab03.md
index fda291a..31cf6c4 100644
--- a/Exercise/Writeup/lab03.md
+++ b/Exercise/Writeup/lab03.md
@@ -1,17 +1,25 @@
-# Lab 3
+# Lab 3: Security Risk Assessment
 
-## Stride examples
+## Security Threats
 
-| DFD-Element | Concern | Example | Likelihood | Impact | 
-| -- | -- | -- | -- | -- |
-| User | Spoofing | Send a chat message in the name of another user | Possible | Moderate |
-| User | Spoofing | Stolen credentials might be used to login | Unlikely | Severe |
-| User Login | Tampering | Modify HTTP login header | Very Likely | Severe |
-| Login | Denial of Service | Flood server with login requests | Unlikely | Minor |
-| Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe |
-| Login | Tampering | Tamper the credentials of the user | Unlikely | Significant |
-| Database | Information Disclosure | SQL Injection | Likely | Severe |
+Below is a list of security threats identified from applying STRIDE to the metaverse system DFD. After that we analyzed likelihood and impact (in-class discussion) to assess the risk of each threat. From the lab slides we also selected possible mitigations.
+
+| DFD-Element | Concern | Example | Likelihood | Impact | Mitigation |
+| -- | -- | -- | -- | -- | -- |
+| User | Spoofing | Send a chat message in the name of another user | Possible | Moderate | Cookie Authentication |
+| User | Information Disclosure | Stolen credentials cookie might be used to login | Unlikely | Severe | Input Validation (XSS) |
+| User Login | Tampering | Modify HTTP login header | Very Likely | Severe | HTTP over TLS or Digital signatures |
+| Login | Denial of Service | Flood server with login requests | Unlikely | Minor | ACL (Fail2Ban) |
+| Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe | PKI & DNSSec |
+| Login | Tampering | Tamper the credentials of the user | Unlikely | Significant | 2FA |
+| Database | Information Disclosure | SQL Injection | Likely | Severe | Validation |
 
 Notes:
 - At this point in modeling we have to assume, we have no security features.
-- Modifying HTTP headers thus results in a risk treatment that we require secure connections
+- Modifying HTTP headers thus results in a risk mitigation that we require secure connections
+
+## Possible Attacks
+
+- [Phishing](https://attack.mitre.org/techniques/T1566/) can be used to steal another users credentials
+- [Password Guessing](https://attack.mitre.org/techniques/T1110/001/) can be used to try to gain access to the system
+- [Credentials from Password Stores](https://attack.mitre.org/techniques/T1555/)