diff --git a/README.md b/README.md
index 22f73fa..1733471 100644
--- a/README.md
+++ b/README.md
@@ -8,17 +8,30 @@
 - 3334: Python backend server
 - 3335: PostgreSQL
 
-backend-for-frontend server
+1. PostgreSQL
+2. ~~Python ML server~~
+3. Backend server
+4. ~~Suricata~~
+5. Apache + ModSecurity
+6. Client
 
-!remember to set the environment variables
-!include this in the setup instructions
-!should we use a .env file and let the user set the variables?
+## Presentation Flow
 
-PGHOST=localhost
-PGPORT=5432
-PGDATABASE=asdfdb
-PGUSER=asdfuser
-PGPASSWORD=asdfpassword
+1. [video] start postgres: postgres docker compose -> start pg docker
+2. [video] start backend: show main.go -> http.go -> db.go -> go build . -> ./server
+3. [video] setup db: postman -> /nuke-db -> /setup-demo-db
+4. skip account registration
+5. [video] login account normally -> show normal login
+6. [video] do sql injection on unsecure endpoint -> show success
+7. [video] do sql injection on secure endpoint -> show unsuccess
+8. [slides] show backend code, unsecure login endpoint -> show concatenation of sql query
+9. [slides] show backend code, secure login endpoint -> parameterization of sql query
+10. [video] start apache reverse proxy + modsecurity: docker compose file -> start docker
+11. [video] change server url on client to reverse proxy -> do sql injection -> show rejection
+12. [video] zaproxy scan endpoint: start zaproxy -> send first request to unsecure server endpoint with arguments -> include context -> start attack -> show breached
+    1. `Content-Type: application/json`
+    2. same as on top
+13. [video] zaproxy scan reverse proxy: send first request to unsecure reverse proxy endpoint with argumens -> include context -> start attack -> show unbreached
 
 ## Server
 
@@ -47,9 +60,11 @@ Parameterized queries separate the SQL code from the data, so user input is neve
 
 ## ZAP
 
-Content-Type: application/json
+`Content-Type: application/json`
 
+```json
 {
-"email": "tohyouxuan@gmail.com",
-"password": "testpassword"
+  "email": "tohyouxuan@gmail.com",
+  "password": "testpassword"
 }
+```
diff --git a/client/install.sh b/client/install.sh
new file mode 100644
index 0000000..6294cba
--- /dev/null
+++ b/client/install.sh
@@ -0,0 +1,2 @@
+sudo rm /usr/local/bin/cspj-application
+sudo cp ./src-tauri/target/release/cspj-application /usr/local/bin
\ No newline at end of file
diff --git a/client/src/components/Pages/SqlInjection/SqlInjection.tsx b/client/src/components/Pages/SqlInjection/SqlInjection.tsx
index 25284e5..ba37cc3 100644
--- a/client/src/components/Pages/SqlInjection/SqlInjection.tsx
+++ b/client/src/components/Pages/SqlInjection/SqlInjection.tsx
@@ -78,8 +78,8 @@ export const SqlInjection = () => {
             >
               <SqlInjectionLogin />
             </TabPanel>
-            <Divider />
-            the logged in account details goes here
+            {/* <Divider />
+            the logged in account details goes here */}
           </Box>
         </TabContext>
       </Box>