Difference between revisions of "ESAPI Roadmap"

From OWASP
Jump to: navigation, search
(New page: == Priorities == Focus on project charter... * Rewrite to allow for arbitrary validators * Fix Javascript encoding * Internationalization * ESAPI Scala Edition * ESAPI PHP Edition * ESA...)
 
Line 9: Line 9:
 
* ESAPI PHP Edition
 
* ESAPI PHP Edition
 
* ESAPI .NET Edition
 
* ESAPI .NET Edition
* Access control 2.0
+
 
 +
* Stablize the API
 +
** Access control 2.0
 +
** Validation 2.0
 +
** Logging 2.0
 +
** Crypto 2.0
 +
 
 +
* Documentation
 +
** Getting started guide
 +
** Easy application remediation Guide
 +
** How to integrate into existing app
 +
** How ESAPI makes you secure
 +
 
 +
 
 
* Intrusion detection
 
* Intrusion detection
 
* Filters
 
* Filters
* Documentation
 
* Validation 2.0
 
 
* Sample App showing before and after security problems
 
* Sample App showing before and after security problems
 
* Easy and efficient dev environment and install w/ clear documentation
 
* Easy and efficient dev environment and install w/ clear documentation
 
* Marketing pages to "sell" ESAPI
 
* Marketing pages to "sell" ESAPI
* Documentation - Getting started guide
 
* Documentation - Easy application remediation Guide
 
* Documentation - How to integrate into existing app
 
* Documentation - How ESAPI makes you secure
 
 
* CSRF protection
 
* CSRF protection
 
* Threat Model - SRA of encryption implementation
 
* Threat Model - SRA of encryption implementation
Line 26: Line 33:
 
* Framework layer integration features (bridges?)
 
* Framework layer integration features (bridges?)
 
* Threat Model for each control (assumptions and coverage)
 
* Threat Model for each control (assumptions and coverage)
* Logging 2.0
 
* Stablize the API
 
 
* Separate "day-to-day" calls from "admin-like" calls
 
* Separate "day-to-day" calls from "admin-like" calls
  

Revision as of 15:28, 11 December 2008

Priorities

Focus on project charter...

  • Rewrite to allow for arbitrary validators
  • Fix Javascript encoding
  • Internationalization
  • ESAPI Scala Edition
  • ESAPI PHP Edition
  • ESAPI .NET Edition
  • Stablize the API
    • Access control 2.0
    • Validation 2.0
    • Logging 2.0
    • Crypto 2.0
  • Documentation
    • Getting started guide
    • Easy application remediation Guide
    • How to integrate into existing app
    • How ESAPI makes you secure


  • Intrusion detection
  • Filters
  • Sample App showing before and after security problems
  • Easy and efficient dev environment and install w/ clear documentation
  • Marketing pages to "sell" ESAPI
  • CSRF protection
  • Threat Model - SRA of encryption implementation
  • PILOT - at Lockheed?
  • Framework layer integration features (bridges?)
  • Threat Model for each control (assumptions and coverage)
  • Separate "day-to-day" calls from "admin-like" calls


Q1 2009

Q2 2009

Q3 2009

Q4 2009