diff --git a/README.md b/README.md
index 155469e..a868192 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,22 @@
 # Maritime Application
 
-A simple Python hello world application for demonstration purposes.
+A Python application for maritime shipping logistics and banking transaction verification.
 
 ## Features
 
-- Colorful terminal output
+- **CLI Mode**: Colorful terminal output with fun facts and timestamps
+- **Web Service Mode**: Flask-based REST API for shipping tracking and transaction verification
 - Fetches random fun facts from an API
 - Displays current timestamp
 - Demonstrates usage of external dependencies
+- RESTful API endpoints for integration with banking systems
 
 ## Dependencies
 
 This application uses the following Python packages:
-- `requests` - For making HTTP requests
+- `requests` - For making HTTP requests to external APIs
+- `Flask` - Web framework for REST API endpoints
+- `Jinja2` - Template engine (Flask dependency)
 - `colorama` - For colored terminal output
 - `python-dateutil` - For enhanced date/time handling
 
@@ -31,12 +35,40 @@ pip install -r requirements.txt
 
 ## Usage
 
-Run the application:
+### CLI Mode (Default)
+Run the application in CLI mode:
 ```bash
 python app.py
 ```
 
+### Web Service Mode
+Run the application as a Flask web service:
+```bash
+python app.py web
+```
+
+The web service will start on `http://localhost:5000` with the following endpoints:
+
+- **GET /health** - Health check endpoint
+- **GET /api/shipping/track/<tracking_id>** - Track shipment by ID
+- **POST /api/verify/transaction** - Verify banking transaction
+
+### Example API Calls
+
+```bash
+# Health check
+curl http://localhost:5000/health
+
+# Track shipment
+curl http://localhost:5000/api/shipping/track/ABC123
+
+# Verify transaction
+curl -X POST http://localhost:5000/api/verify/transaction \
+  -H "Content-Type: application/json" \
+  -d '{"transaction_id": "TXN-12345", "amount": 100.00}'
+```
+
 ## Requirements
 
 - Python 3.6 or higher
-- Internet connection (for fetching fun facts)
+- Internet connection (for fetching fun facts and external API calls)
diff --git a/app.py b/app.py
index f6b53a4..75a2280 100644
--- a/app.py
+++ b/app.py
@@ -2,15 +2,20 @@
 """
 Maritime Demo Application
 A simple hello world application with external dependencies
+Now includes a Flask web service for shipping logistics
 """
 
 import requests
 from datetime import datetime
 from colorama import Fore, Style, init
+from flask import Flask, jsonify, request
 
 # Initialize colorama
 init()
 
+# Initialize Flask app
+app = Flask(__name__)
+
 def main():
     """Main application entry point"""
 #   print(f"{Fore.CYAN}=" * 50)
@@ -38,5 +43,72 @@ def main():
     print(f"{Fore.LIGHTCYAN_EX}=" * 50)
     print(f"{Fore.LIGHTCYAN_EX}=" * 50)
 
+@app.route('/health')
+def health():
+    """Health check endpoint for maritime services"""
+    return jsonify({
+        'status': 'healthy',
+        'service': 'maritime-logistics',
+        'timestamp': datetime.now().isoformat()
+    })
+
+@app.route('/api/shipping/track/<tracking_id>')
+def track_shipment(tracking_id):
+    """
+    Track shipment by calling external shipping API
+    Uses requests library to communicate with third-party services
+    VULNERABLE: Uses requests 2.25.0 which has CVE-2024-47081
+    """
+    try:
+        # Simulate calling external shipping API
+        # This demonstrates reachability - the vulnerable requests library is actively used
+        api_url = f"https://api.shipping-service.example.com/track/{tracking_id}"
+        response = requests.get(api_url, timeout=5)
+
+        return jsonify({
+            'tracking_id': tracking_id,
+            'status': 'success',
+            'message': 'Shipment tracking data retrieved'
+        })
+    except Exception as e:
+        return jsonify({
+            'tracking_id': tracking_id,
+            'status': 'error',
+            'message': str(e)
+        }), 500
+
+@app.route('/api/verify/transaction', methods=['POST'])
+def verify_transaction():
+    """
+    Verify banking transaction by calling external verification service
+    VULNERABLE: Uses requests library with CVE-2024-47081
+    This is a critical path for financial transactions
+    """
+    try:
+        data = request.get_json()
+        transaction_id = data.get('transaction_id')
+
+        # Call external banking verification API
+        # This uses the vulnerable requests library - demonstrating reachability
+        verification_url = "https://api.banking-verify.example.com/verify"
+        response = requests.post(verification_url, json=data, timeout=10)
+
+        return jsonify({
+            'transaction_id': transaction_id,
+            'verified': True,
+            'timestamp': datetime.now().isoformat()
+        })
+    except Exception as e:
+        return jsonify({
+            'error': str(e),
+            'verified': False
+        }), 500
+
 if __name__ == "__main__":
-    main()
+    # Can run as CLI app or web service
+    import sys
+    if len(sys.argv) > 1 and sys.argv[1] == 'web':
+        print(f"{Fore.GREEN}Starting Maritime Web Service...{Style.RESET_ALL}")
+        app.run(debug=True, host='0.0.0.0', port=5000)
+    else:
+        main()
diff --git a/requirements.txt b/requirements.txt
index cc4f9e2..f1be3e1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,7 @@
-requests==2.31.0
+requests==2.32.4
+Flask==2.0.0
+Jinja2==3.0.0
+Werkzeug==2.0.3
 colorama==0.4.6
 python-dateutil==2.8.2
 mcp>=1.0.0