skipfish is a high-performance, easy, and sophisticated Web application security testing tool. It features a single-threaded multiplexing HTTP stack, heuristic detection of obscure Web frameworks, and advanced, differential security checks capable of detecting blind injection vulnerabilities, stored XSS, and so forth.
SerfJ provides a very easy way of developing Java REST Web applications. It helps you to develop your application over an elegant MVC architecture, giving more importance to convention than configuration. This means, for example, you will not need configuration files or annotations in order to specify which view serves a controller's method. However, SerfJ is very flexible, so if you want to jump over those conventions, you can configure the behavior of your applications as you like. The framework tries to meet the JSR 311 specification, but it doesn't follow every point of the specification, because the purpose is to have a very intuitive library, and some some aspects of the specification are out of the scope of SerfJ.