We performed a comparison between OWASP Zap and Seeker based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."It scans while you navigate, then you can save the requests performed and work with them later."
"It has improved my organization with faster security tests."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"The solution has tightened our security."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"You can run it against multiple targets."
"The API is exceptional."
"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"Reporting format has no output, is cluttered and very long."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"OWASP Zap needs to extend to mobile application testing."
"There's very little documentation that comes with OWASP Zap."
"The port scanner is a little too slow."
"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."
OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews while Seeker is ranked 25th in Static Application Security Testing (SAST) with 1 review. OWASP Zap is rated 7.6, while Seeker is rated 7.0. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Seeker writes "More effective than dynamic scanners, but is missing useful learning capabilities". OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional, whereas Seeker is most compared with Synopsys API Security Testing, Coverity, Contrast Security Assess, SonarQube and Polaris Software Integrity Platform.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.