Difference between revisions of "ESAPI Roadmap"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
Focus on project charter...
 
Focus on project charter...
 
Volunteers get to work on what they want...
 
Volunteers get to work on what they want...
 
* Internationalization
 
* ESAPI Scala Edition
 
* ESAPI PHP Edition
 
* ESAPI .NET Edition
 
 
* Documentation
 
** Guide to fixing specific vulnerabilities with ESAPI
 
** How to integrate into existing app
 
** Marketing pages to "sell" ESAPI
 
** Threat Model for each control (assumptions and coverage)
 
 
* Filter to do intrusion detection and/or virtual patching (WAF?)
 
* Real example Struts application showing before and after security problems
 
* Easy and efficient dev environment and install w/ clear documentation
 
* Framework layer integration features (bridges?)
 
* Threat Model - SRA of encryption implementation
 
* Separate "day-to-day" calls from "admin-like" calls
 
  
  
Line 55: Line 37:
  
 
== Q4 2009 ==
 
== Q4 2009 ==
 +
 +
 +
 +
 +
== Other Improvements ==
 +
 +
* Internationalization
 +
* ESAPI Scala Edition
 +
* ESAPI PHP Edition
 +
* ESAPI .NET Edition
 +
 +
* Documentation
 +
** Guide to fixing specific vulnerabilities with ESAPI
 +
** How to integrate into existing app
 +
** Marketing pages to "sell" ESAPI
 +
** Threat Model for each control (assumptions and coverage)
 +
 +
* Filter to do intrusion detection and/or virtual patching (WAF?)
 +
* Real example Struts application showing before and after security problems
 +
* Easy and efficient dev environment and install w/ clear documentation
 +
* Framework layer integration features (bridges?)
 +
* Threat Model - SRA of encryption implementation
 +
* Separate "day-to-day" calls from "admin-like" calls
 +
 +
__NOTOC__

Revision as of 15:55, 11 December 2008

Priorities

Focus on project charter... Volunteers get to work on what they want...


Q4 2008

  • Fix Javascript encoding
  • Documentation
    • Get Javadoc back online


Q1 2009

  • Stabilize the API
    • Access control 2.0
    • Validation 2.0
    • Logging 2.0
    • Crypto 2.0
  • Documentation
    • Getting started guide
    • How ESAPI makes you secure
    • Executive overview


Q2 2009

  • CSRF protection
  • Pilot


Q3 2009

Q4 2009

Other Improvements

  • Internationalization
  • ESAPI Scala Edition
  • ESAPI PHP Edition
  • ESAPI .NET Edition
  • Documentation
    • Guide to fixing specific vulnerabilities with ESAPI
    • How to integrate into existing app
    • Marketing pages to "sell" ESAPI
    • Threat Model for each control (assumptions and coverage)
  • Filter to do intrusion detection and/or virtual patching (WAF?)
  • Real example Struts application showing before and after security problems
  • Easy and efficient dev environment and install w/ clear documentation
  • Framework layer integration features (bridges?)
  • Threat Model - SRA of encryption implementation
  • Separate "day-to-day" calls from "admin-like" calls