The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP web site. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
| License | BSDCC-BY-SA 3.0 |
|---|---|
| Tags | owasp |
| Organization | The Open Web Application Security Project (OWASP) |
| HomePage | http://www.esapi.org/ |
| Date | May 11, 2011 |
| Files | pom (20 KB) jar (358 KB) View All |
| Repositories | CentralAKSWMulesoftSonatypeUnvusWSO2 Public |
| Ranking | #3725 in MvnRepository (See Top Artifacts) |
| Used By | 141 artifacts |
| Vulnerabilities | Direct vulnerabilities: CVE-2022-24891 CVE-2022-23457 CVE-2013-5960 View 1 more ... Vulnerabilities from dependencies: CVE-2025-48976 CVE-2025-46392 CVE-2024-23635 View 19 more ... |
Compile Dependencies (8)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Reflection Apache 2.0 |  | commons-beanutils » commons-beanutils-core | 1.7.0 | 1.11.0 |
| Collections Apache 2.0 | | commons-collections » commons-collections2 vulnerabilities | 3.2 | 4.5.0 |
| Config Apache 2.0 |  | commons-configuration » commons-configuration1 vulnerability | 1.5 | 2.12.0 |
| Upload Manager Apache 2.0 |  | commons-fileupload » commons-fileupload7 vulnerabilities | 1.2 | 2.0.0-M4 |
| Logging Apache 2.0 |  | log4j » log4j5 vulnerabilities | 1.2.16 | 2.25.1 |
| JVM Languages Apache 2.0 |  | org.beanshell » bsh-core | 2.0b4 | 2.1.1 |
BSD 3-clause | | org.owasp.antisamy » antisamy6 vulnerabilities | 1.4.3 | 1.7.8 |
| XML Processing LGPL 2.1 |  | xom » xom | 1.1 | 1.3.9 |
Provided Dependencies (2)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Java Spec CDDLGPL 1.1GPL 2.0 |  | javax.servlet » servlet-api | 2.4 | 4.0.1 |
| Java Spec CDDLGPLGPL 2.0 | | javax.servlet » jsp-api | 2.0 | 2.2 |
Test Dependencies (2)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| I/O Apache 2.0 | | commons-io » commons-io1 vulnerability | 1.3 | 2.20.0 |
| Testing EPL 2.0 |  | junit » junit | 4.4 | 5.13.3 |
Licenses
| License | URL |
|---|---|
| BSD | http://www.opensource.org/licenses/bsd-license.php |
| Creative Commons 3.0 BY-SA | http://creativecommons.org/licenses/by-sa/3.0/ |
Developers
| Name | Dev Id | Roles | Organization | |
|---|---|---|---|---|
| Jeff Williams | Project Owner, Architect, Developer | Aspect Security | ||
| Jim Manico | Project Manager, BuildMaster, Developer, Architect | |||
| Chris Schmidt | Project Manager, Continuous Integration Admin, Architect, Developer | Aspect Security | ||
| Kevin Wall | Project Manager, Architect, Developer, Crypto Guy | Qwest |
Mailing Lists
| Name | Details |
|---|---|
| ESAPI-Users |
Subscribe
Unsubscribe |
| ESAPI-Developers |
Subscribe
Unsubscribe |
| OWASP-ESAPI (Inactive! Archive only!) |
Subscribe
Unsubscribe |