...
There are other web oriented, tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here
In December 2015, I ran (Jacques Le Roux) a complete (100%) OWASP Zed Attack automated penetration session against a locale instance of OFBiz backend (trunk head) running on localhost. It started with the same link used for backend demos. No flaws were discovered.