The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP web site. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
License | BSDCC-BY-SA 3.0 |
---|---|
Tags | owasp |
Organization | The Open Worldwide Application Security Project (OWASP) |
HomePage | https://owasp.org/www-project-enterprise-security-api/ |
Date | Jun 03, 2025 |
Files | pom (44 KB) jar (445 KB) View All |
Repositories | Central |
Ranking | #3725 in MvnRepository (See Top Artifacts) |
Used By | 141 artifacts |
Vulnerabilities | Vulnerabilities from dependencies: CVE-2025-48976 CVE-2025-48924 CVE-2025-46392 |
Compile Dependencies (11)
Category/License | Group / Artifact | Version | Updates | |
---|---|---|---|---|
Defect Detection LGPL 2.1 | com.github.spotbugs » spotbugs-annotations (optional) | 4.9.3 | ✔ | |
Reflection Apache 2.0 | commons-beanutils » commons-beanutils | 1.11.0 | ✔ | |
Config Apache 2.0 | commons-configuration » commons-configuration1 vulnerability | 1.10 | 2.12.0 | |
Upload Manager Apache 2.0 | commons-fileupload » commons-fileupload1 vulnerability | 1.5 | 2.0.0-M4 | |
Core Utils Apache 2.0 | commons-lang » commons-lang1 vulnerability | 2.6 | 3.18.0 | |
JVM Languages Apache 2.0 | org.apache-extras.beanshell » bsh | 2.0b6 | 2.1.1 | |
Collections Apache 2.0 | org.apache.commons » commons-collections4 | 4.5.0-M2 | 4.5.0 | |
BSD 3-clause | org.owasp.antisamy » antisamy | 1.7.8 | ✔ | |
Logging MIT | org.slf4j » slf4j-api | 2.0.16 | 2.0.17 | |
XML Processing ApacheW3C | xml-apis » xml-apis | 1.4.01 | 2.0.2 | |
XML Processing LGPL 2.1 | xom » xom | 1.3.9 | ✔ |
Provided Dependencies (2)
Category/License | Group / Artifact | Version | Updates | |
---|---|---|---|---|
Java Spec EPL 2.0GPL | javax.servlet » javax.servlet-api | 3.1.0 | 6.1.0 | |
Java Spec EPL 2.0GPL | javax.servlet.jsp » javax.servlet.jsp-api | 2.3.3 | 4.0.0 |
Test Dependencies (10)
Category/License | Group / Artifact | Version | Updates | |
---|---|---|---|---|
Base64 Apache 2.0 | commons-codec » commons-codec | 1.17.1 | 1.18.0 | |
Testing EPL 2.0 | junit » junit | 4.13.2 | 5.13.3 | |
Encryption Lib BouncyCastle | org.bouncycastle » bcprov-jdk18on | 1.78.1 | 1.81 | |
Testing BSD 3-clause | org.hamcrest » hamcrest-core | 2.2 | 3.0 | |
Mocking MIT | org.mockito » mockito-core | 3.12.4 | 5.18.0 | |
Microbenchmarks GPL 2.0 | org.openjdk.jmh » jmh-core | 1.37 | ✔ | |
Mocking Apache 2.0 | org.powermock » powermock-api-mockito2 | 2.0.9 | ✔ | |
Mocking Apache 2.0 | org.powermock » powermock-core | 2.0.9 | ✔ | |
Mocking Apache 2.0 | org.powermock » powermock-module-junit4 | 2.0.9 | ✔ | |
Apache 2.0 | org.powermock » powermock-reflect | 2.0.9 | ✔ |
Licenses
License | URL |
---|---|
BSD | https://www.opensource.org/licenses/bsd-license.php |
Creative Commons 3.0 BY-SA | https://creativecommons.org/licenses/by-sa/3.0/ |
Developers
Name | Dev Id | Roles | Organization | |
---|---|---|---|---|
Jeff Williams | Project Founder | Contrast Security | ||
Kevin W. Wall | Project Co-leader | Verisign | ||
Matt Seil | Project Co-leader | OWASP | ||
Jeremiah J. Stacey | JUnit SME, Jack of all trades, master of many | |||
Chris Schmidt | Former project co-leader | Fluid Truck |
Mailing Lists
Name | Details |
---|---|
(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-user ... |
Subscribe
Unsubscribe |
(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-dev/ |
Subscribe
Unsubscribe |
OWASP-ESAPI (Inactive! Archive only!) |
Subscribe
Unsubscribe |