THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- For Java: OWASP Dependency Check Since it reports a lot of false positives or issues not really needing our attention, this page explains how to use it and to share results.: About OWASP Dependency Check
- For JavaScript: Retire.js see this page: About retire.js
- For HTML HTTP headers: https://cyh.herokuapp.com/cyh. Those are less important but I will try to clear the situation soon! This page gives more information: How to Secure HTTP Headers
There are other web oriented, tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here
...