This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ESAPI Roadmap

From OWASP

Revision as of 20:28, 11 December 2008 by Jeff Williams (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

1 Priorities
2 Q1 2009
3 Q2 2009
4 Q3 2009
5 Q4 2009

Priorities

Focus on project charter...

Rewrite to allow for arbitrary validators
Fix Javascript encoding
Internationalization
ESAPI Scala Edition
ESAPI PHP Edition
ESAPI .NET Edition

Stablize the API
- Access control 2.0
- Validation 2.0
- Logging 2.0
- Crypto 2.0

Documentation
- Getting started guide
- Easy application remediation Guide
- How to integrate into existing app
- How ESAPI makes you secure

Intrusion detection
Filters
Sample App showing before and after security problems
Easy and efficient dev environment and install w/ clear documentation
Marketing pages to "sell" ESAPI
CSRF protection
Threat Model - SRA of encryption implementation
PILOT - at Lockheed?
Framework layer integration features (bridges?)
Threat Model for each control (assumptions and coverage)
Separate "day-to-day" calls from "admin-like" calls

Q1 2009

Q2 2009

Q3 2009

Q4 2009

Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_Roadmap&oldid=48468"