We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"Picks up weaknesses in our app setups."
"Our developers can run the attacks directly from their environments, desktops."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"The solution is highly stable."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"It can be used effectively for internal auditing."
"The API is exceptional."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"It updates repositories and libraries quickly."
"They offer free access to some other tools."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"While we do have it integrated with other solutions, it could still offer more integrations."
"There are some versions of the solution that are not as stable as others."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"The port scanner is a little too slow."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"Sometimes, we get some false positives."
"Too many false positives; test reports could be improved."
"Reporting format has no output, is cluttered and very long."
"Lacks resources where users can internally access a learning module from the tool."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
Acunetix is ranked 13th in Static Application Security Testing (SAST) with 26 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, Qualys Web Application Scanning, PortSwigger Burp Suite Professional, Veracode and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.