OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
The Java Engine for Testing (JET) is a system for running distributed automated tests. It has been used by Sun for testing the High Availability DataBase (HADB), JavaDB, PostgreSQL, Memcached, and the MySQL Cluster Manager. JET should be a good way to write your tests if the product you want to test is distributed or has a client/server architecture, if it is natural for you to write the tests in Java, and if you want to invest time in developing tests and abstractions for later reuse.
Feed4JUnit makes it easy to write parameterized tests for the JUnit framework and feed them with predefined or randomly generated test data: test case data can be read from Excel or CSV files, databases, or custom data sources, and equivalence class tests can be defined easily. Setup is based on Java annotations and is easy to learn, apply, and maintain. Annotations defined in the "Bean Validation" JSR 303, Java 7, and Benerator are automatically recognized and generated smoke test data will match the constraints. By connecting to Benerator, you can configure generation of complex valid and invalid data sets.
CollectionSpy is a Java profiler that focuses on tracking and analyzing your program's usage of Collection Framework containers. It detects hashing container (e.g. HashMap) corruption due to mutating keys. It tracks expensive internal rehashing of containers whose capacity needs expanding. It detects multithreaded access to any unsynchronized container (e.g. HashMap, ArrayList). It visualizes hashing container bucket list lengths, allowing you to diagnose worst-case access performance.