THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Now you might wonder how to yourself keep your own OFBiz instance safe from vulnerabilities and maybe how to contribute your experience to other OFBiz users. Having worked on the OFBiz security for few years, these are the tools I (Jacques Le Roux) personnaly recommend. For each it's explained in specific pages how they work and how to share your results.
...
Java
Currently we have no known Java vulnerabilities in OFBiz code. There are some vulnerable third parties libraries. Fortunately it's not high vulnerabilities. You can know more looking at the last report file. We use the OWASP Dependency Check to check third parties libraries. This tools checks vulnerabilities in the third parties Java librairires OFBiz uses.This page explains how to use it and to share results: About OWASP Dependency Check
JavaScript
For JavaScript: Retire.js see this page: About retire.js
HTTP headers
For HTTP headers: https://cyh.herokuapp.com/cyh.This page gives more information: How to Secure HTTP Headers
There are other web oriented tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here.
In December 2015, I ran a complete (100%) OWASP Zed Attack automated (Quick Start) penetration session against a locale instance of OFBiz backend (trunk head) running on localhost. It started with the same link used for backend demos. No major flaws were discovered.
...