Difference between revisions of "ESAPI Roadmap"

Jump to: navigation, search
m (ESAPI 2.1)
m (Priorities)
Line 1: Line 1:
== Priorities ==
Focus on project charter...
Volunteers get to work on what they want...
== ESAPI 2.1 ==
== ESAPI 2.1 ==

Revision as of 13:31, 23 November 2010


  • Remove JavaEncryptor as singleton (required so we can use persistent asymmetric key pairs and create dsigs that persist across a JVM instance).
  • Add simpler means to use different cipher algorithms and/or key sizes. (Requires a major kludge today, which is not really thread-safe.
  • Support for persist asymmetric key pairs in either Java or PKCS#12 key stores.
  • Separate out crypto properties from rest of ESAPI.propertie. (i.e., Google Issue #48).


  • Add support for / integration with some key management system.

Future Plans

  • Crypto
    • Provide tamper-evident logging using cryptographic primitives
    • File-based encryption
  • Internationalization
  • Documentation
    • Guide to fixing specific vulnerabilities with ESAPI
    • How to integrate into existing app
    • Threat Model for each control (assumptions and coverage)