This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI Roadmap"
From OWASP
m (→Future Plans) |
m (→Future Plans) |
||
| Line 19: | Line 19: | ||
== Future Plans == | == Future Plans == | ||
| + | * Crypto | ||
| + | ** Provide tamper-evident logging using cryptographic primitives | ||
| + | ** File-based encryption | ||
* Internationalization | * Internationalization | ||
* Documentation | * Documentation | ||
Revision as of 19:31, 23 November 2010
Priorities
Focus on project charter... Volunteers get to work on what they want...
ESAPI 2.1
- Remove JavaEncryptor as singleton (required so we can use persistent asymmetric key pairs and create dsigs that persist across a JVM instance).
- Add simpler means to use different cipher algorithms and/or key sizes. (Requires a major kludge today, which is not really thread-safe.
- Support for persist asymmetric key pairs in either Java or PKCS#12 key stores.
- Separate out crypto properties from rest of ESAPI.propertie. (i.e., Google Issue #48).
ESAPI 3.0
- Add support for / integration with some key management system.
Future Plans
- Crypto
- Provide tamper-evident logging using cryptographic primitives
- File-based encryption
- Internationalization
- Documentation
- Guide to fixing specific vulnerabilities with ESAPI
- How to integrate into existing app
- Threat Model for each control (assumptions and coverage)
