THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
This page is about security as in "external security". In other words it's not about authentication nor authorisation, for that refer to OFBiz Security Permissions.
But about about keeping your OFBis OFBiz instance secure from external exploits, and prevent vulnerabilities as soon as they are known.
...
Currently we have no known Java vulnerabilities in OFBiz code. There are some vulnerable third parties libraries. Fortunately it's not high vulnerabilities. You can know more by looking at the last report file. We use the OWASP Dependency Check to check third parties libraries OFBiz uses.This page explains how to use it and to share results: About OWASP Dependency Check
...
For HTTP headers: https://cyh.herokuapp.com/cyh.This page gives more information: How to Secure HTTP Headers
Penetration tools
There are other web oriented tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here.
...