This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ESAPI Roadmap

From OWASP

Revision as of 20:40, 11 December 2008 by Jeff Williams (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

1 Priorities
2 Q4 2008
3 Q1 2009
4 Q2 2009
5 Q3 2009
6 Q4 2009

Priorities

Focus on project charter...

Rewrite to allow for arbitrary validators
Fix Javascript encoding
Internationalization
ESAPI Scala Edition
ESAPI PHP Edition
ESAPI .NET Edition

Documentation
- Easy application remediation Guide
- How to integrate into existing app
- Marketing pages to "sell" ESAPI

Intrusion detection
Filters
Real example Struts application showing before and after security problems
Easy and efficient dev environment and install w/ clear documentation
PILOT
Framework layer integration features (bridges?)
Threat Model - SRA of encryption implementation
Threat Model for each control (assumptions and coverage)
Separate "day-to-day" calls from "admin-like" calls

Q4 2008

Documentation
- Get Javadoc back online

Q1 2009

Stabilize the API
- Access control 2.0
- Validation 2.0
- Logging 2.0
- Crypto 2.0

Documentation
- Getting started guide
- How ESAPI makes you secure
- Executive overview

Q2 2009

CSRF protection

Q3 2009

Q4 2009

Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_Roadmap&oldid=48469"