Instantly share code, notes, and snippets.

Embed
What would you like to do?

Unhandled guidelines:

  • DG 1-6 (HSTS headers need to be investigated)
  • DG 2-2
  • DG 2-3
  • DG 2-8 (username should be considered sensitive)
  • DG 3-1 (need to expose this in a general sense)
  • DG 3-7 (need to review this in code)
  • DG 3-9 (need to acquire access to their blacklist and then check submitted passwords against it)
  • DG 3-12 (need to confirm this with Jodi)
  • DG 4-7 (I think we use a double md5 salted hash; this might need to be updated)
  • DG 4-9 (need to update apache to accommodate this)
  • DG 4-20 (Need to expose this in a general sense)
  • DG 4-23 (related to DG 4-20)

Irrelevant guidelines:

  • DG 2-12
  • DG 2-14
  • DG 3-6
  • DG 3-10
  • DG 3-11
  • DG 3-13
  • DG 3-14
  • DG 3-15
  • DG 4-3
  • DG 4-4
  • DG 4-5
  • DG 4-6
  • DG 4-14
  • DG 4-15
  • DG 4-17
  • DG 4-18
  • DG 4-27
  • DG 4-28
  • DG 5-12
  • DG 7-3
  • DG 7-4
  • DG 7-5
  • DG 7-6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment