ESAPI Roadmap

From OWASP
Revision as of 15:23, 11 December 2008 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Priorities

Focus on project charter...

  • Rewrite to allow for arbitrary validators
  • Fix Javascript encoding
  • Internationalization
  • ESAPI Scala Edition
  • ESAPI PHP Edition
  • ESAPI .NET Edition
  • Access control 2.0
  • Intrusion detection
  • Filters
  • Documentation
  • Validation 2.0
  • Sample App showing before and after security problems
  • Easy and efficient dev environment and install w/ clear documentation
  • Marketing pages to "sell" ESAPI
  • Documentation - Getting started guide
  • Documentation - Easy application remediation Guide
  • Documentation - How to integrate into existing app
  • Documentation - How ESAPI makes you secure
  • CSRF protection
  • Threat Model - SRA of encryption implementation
  • PILOT - at Lockheed?
  • Framework layer integration features (bridges?)
  • Threat Model for each control (assumptions and coverage)
  • Logging 2.0
  • Stablize the API
  • Separate "day-to-day" calls from "admin-like" calls


Q1 2009

Q2 2009

Q3 2009

Q4 2009