We performed a comparison between NowSecure and OWASP Zap based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"It's great that we can use it with Portswigger Burp."
"It can be used effectively for internal auditing."
"Simple to use, good user interface."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The application scanning feature is the most valuable feature."
"Fuzzer and Java APIs help a lot with our custom needs."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The documentation is lacking and out-of-date, it really needs more love."
"Lacks resources where users can internally access a learning module from the tool."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"Sometimes, we get some false positives."
"The product should allow users to customize the report based on their needs."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"Deployment is somewhat complicated."
Earn 20 points
NowSecure is ranked 33rd in Static Application Security Testing (SAST) while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. NowSecure is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". NowSecure is most compared with Veracode, Data Theorem API Secure , Acunetix, Checkmarx One and GitLab, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.