- DG 1-6 (HSTS headers need to be investigated)
- DG 2-2
- DG 2-3
- DG 2-8 (username should be considered sensitive)
- DG 3-1 (need to expose this in a general sense)
- DG 3-7 (need to review this in code)
- DG 3-9 (need to acquire access to their blacklist and then check submitted passwords against it)
- DG 3-12 (need to confirm this with Jodi)
- DG 4-7 (I think we use a double md5 salted hash; this might need to be updated)
- DG 4-9 (need to update apache to accommodate this)
- DG 4-20 (Need to expose this in a general sense)
- DG 4-23 (related to DG 4-20)
- DG 2-12
- DG 2-14
- DG 3-6
- DG 3-10
- DG 3-11
- DG 3-13
- DG 3-14
- DG 3-15
- DG 4-3
- DG 4-4
- DG 4-5
- DG 4-6
- DG 4-14
- DG 4-15
- DG 4-17
- DG 4-18
- DG 4-27
- DG 4-28
- DG 5-12
- DG 7-3
- DG 7-4
- DG 7-5
- DG 7-6