This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI Roadmap"
From OWASP
| Line 44: | Line 44: | ||
* Release ESAPI 2.0 | * Release ESAPI 2.0 | ||
| + | |||
| + | == Q1 2010 == | ||
| + | Fix bug with escaped characters in .properties file | ||
== Other Improvements == | == Other Improvements == | ||
Revision as of 21:05, 16 December 2009
Priorities
Focus on project charter... Volunteers get to work on what they want...
Q4 2008
- Fix Javascript encoding
- Documentation
- Get Javadoc back online
Q1 2009
- Stabilize the API
- Access control 2.0
- Validation 2.0
- Logging 2.0
- Crypto 2.0
- Documentation
- Getting started guide
- How ESAPI makes you secure
- Executive overview
Q2 2009
- CSRF protection
- Pilot
Q3 2009
- Update ESAPI 2.0 to take advantage of Java 5
- Improve Unit Test Coverage
Q4 2009
- Documentation - Installation Guide
- Reference Implementation - Encryption Refactor
- Ensure Thread-Safety
- Resolve Fortify and FindBugs issues
- Release ESAPI 2.0
Q1 2010
Fix bug with escaped characters in .properties file
Other Improvements
- Internationalization
- ESAPI Scala Edition
- ESAPI PHP Edition
- ESAPI .NET Edition
- Documentation
- Guide to fixing specific vulnerabilities with ESAPI
- How to integrate into existing app
- Marketing pages to "sell" ESAPI
- Threat Model for each control (assumptions and coverage)
- Filter to do intrusion detection and/or virtual patching (WAF?)
- Real example Struts application showing before and after security problems
- Easy and efficient dev environment and install w/ clear documentation
- Framework layer integration features (bridges?)
- Threat Model - SRA of encryption implementation
- Separate "day-to-day" calls from "admin-like" calls
