THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- For Java: OWASP Dependency Check Since it It reports a lot of false positives or , issues not really needing our attention , this and even misses important ones but it's the best (only?) tool we have for this kind of security issues, and they really need our attention.
This page explains how to use it and to share results: About OWASP Dependency Check - For JavaScript: Retire.js see this page: About retire.js
- For HTTP headers: https://cyh.herokuapp.com/cyh. This page gives more information: How to Secure HTTP Headers
There are other web oriented , tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here
...