ESAPI Roadmap

Priorities
Focus on project charter...


 * Rewrite to allow for arbitrary validators
 * Fix Javascript encoding
 * Internationalization
 * ESAPI Scala Edition
 * ESAPI PHP Edition
 * ESAPI .NET Edition
 * Access control 2.0
 * Intrusion detection
 * Filters
 * Documentation
 * Validation 2.0
 * Sample App showing before and after security problems
 * Easy and efficient dev environment and install w/ clear documentation
 * Marketing pages to "sell" ESAPI
 * Documentation - Getting started guide
 * Documentation - Easy application remediation Guide
 * Documentation - How to integrate into existing app
 * Documentation - How ESAPI makes you secure
 * CSRF protection
 * Threat Model - SRA of encryption implementation
 * PILOT - at Lockheed?
 * Framework layer integration features (bridges?)
 * Threat Model for each control (assumptions and coverage)
 * Logging 2.0
 * Stablize the API
 * Separate "day-to-day" calls from "admin-like" calls