THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
You might refer to
| Jira | ||||||
|---|---|---|---|---|---|---|
|
| Warning | ||
|---|---|---|
| ||
| Be sure to read The infamous Java serialization vulnerability page if, within your OFBiz instance, you use/add RMI, JMX, Spring, or/and any external librairies not included in OFBiz out of the box. |
...
In December 2015, I ran a complete (100%) OWASP Zed Attack automated (Quick Start) penetration session against a locale instance of OFBiz backend (trunk head) running on localhost. It started with the same link used for backend demos. No major flaws were discovered.
Another simpler but not to be negledted tool is the security option of Spotbug. I have used it as an Eclipse plugin.