What are the open source and free tools to automatically scan Java application for security vulnerabilities? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

开发者_JAVA技巧

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 7 years ago.

Improve this question

These tools are also knows as security scanners. I am looking for such open source and free scanners for Ajax driven grails/Java web application that would identify major security flaws such as Injection and XSS Attacks. Such top 10 security risks are identified by OWASP Top 10.

As a bonus question what is Java/groovy source code level scanner for such purpose?

---

You should try to use Sonar. Sonar has the ability to analyse the quality of your code and in addition to detect :

• SQL Injection Vulnerability
• Password Management Vulnerability
• Error Handling and Logging flaws
• Insecure direct object reference
• Servlet reflected cross site scripting vulnerability

etc...

You can read this for more information !

Some great screencasts are available here.

A online demo Sonar is available here if you want to test the tool before installing.