Difference between revisions of "ESAPI Roadmap"
From OWASP
| Line 2: | Line 2: | ||
Focus on project charter... | Focus on project charter... | ||
| + | Volunteers get to work on what they want... | ||
| − | |||
| − | |||
* Internationalization | * Internationalization | ||
* ESAPI Scala Edition | * ESAPI Scala Edition | ||
| Line 11: | Line 10: | ||
* Documentation | * Documentation | ||
| − | ** | + | ** Guide to fixing specific vulnerabilities with ESAPI |
** How to integrate into existing app | ** How to integrate into existing app | ||
** Marketing pages to "sell" ESAPI | ** Marketing pages to "sell" ESAPI | ||
| + | ** Threat Model for each control (assumptions and coverage) | ||
| − | * | + | * Filter to do intrusion detection and/or virtual patching (WAF?) |
| − | |||
* Real example Struts application showing before and after security problems | * Real example Struts application showing before and after security problems | ||
* Easy and efficient dev environment and install w/ clear documentation | * Easy and efficient dev environment and install w/ clear documentation | ||
| − | |||
* Framework layer integration features (bridges?) | * Framework layer integration features (bridges?) | ||
* Threat Model - SRA of encryption implementation | * Threat Model - SRA of encryption implementation | ||
| − | |||
* Separate "day-to-day" calls from "admin-like" calls | * Separate "day-to-day" calls from "admin-like" calls | ||
| Line 28: | Line 25: | ||
== Q4 2008 == | == Q4 2008 == | ||
| − | * | + | * Fix Javascript encoding |
* Documentation | * Documentation | ||
** Get Javadoc back online | ** Get Javadoc back online | ||
| + | |||
== Q1 2009 == | == Q1 2009 == | ||
| Line 45: | Line 43: | ||
** How ESAPI makes you secure | ** How ESAPI makes you secure | ||
** Executive overview | ** Executive overview | ||
| + | |||
== Q2 2009 == | == Q2 2009 == | ||
* CSRF protection | * CSRF protection | ||
| + | * Pilot | ||
== Q3 2009 == | == Q3 2009 == | ||
| + | |||
== Q4 2009 == | == Q4 2009 == | ||
Revision as of 20:54, 11 December 2008
Priorities
Focus on project charter... Volunteers get to work on what they want...
- Internationalization
- ESAPI Scala Edition
- ESAPI PHP Edition
- ESAPI .NET Edition
- Documentation
- Guide to fixing specific vulnerabilities with ESAPI
- How to integrate into existing app
- Marketing pages to "sell" ESAPI
- Threat Model for each control (assumptions and coverage)
- Filter to do intrusion detection and/or virtual patching (WAF?)
- Real example Struts application showing before and after security problems
- Easy and efficient dev environment and install w/ clear documentation
- Framework layer integration features (bridges?)
- Threat Model - SRA of encryption implementation
- Separate "day-to-day" calls from "admin-like" calls
Q4 2008
- Fix Javascript encoding
- Documentation
- Get Javadoc back online
Q1 2009
- Stabilize the API
- Access control 2.0
- Validation 2.0
- Logging 2.0
- Crypto 2.0
- Documentation
- Getting started guide
- How ESAPI makes you secure
- Executive overview
Q2 2009
- CSRF protection
- Pilot
