Is there such a thing as automated security testing in Java? If so, how is it implemented? Is it just JUnit tests written to try and exploit known server vulnerabilities, or are their security-centric testing frameworks?
As a segue I'm also interested in this OWASP Security Testing Framework, but can't tell if they're using "framework" in a classic sense (meaning a set of guidelines and procedures to follow), or in a software context (where they are actually providing automated security testing components).
Thanks to any that can shed some light on this for me!
Don't know is it exactly what you are looking for, but there is a blog post by Stephen Colebourne (author of joda-time and future new standard java8 date-time API) about testing security permissions with junit: Stephen Colebourne's blog: Testing a security permission