We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The solution is easy to use."
"The accuracy of its scans is great."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"Technical support has been good."
"Good at scanning and finding vulnerabilities."
"It scans while you navigate, then you can save the requests performed and work with them later."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"They offer free access to some other tools."
"It's great that we can use it with Portswigger Burp."
"The application scanning feature is the most valuable feature."
"The solution is scalable."
"We use the solution for security testing."
"You can run it against multiple targets."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The scanner could be better."
"We have often encountered scanning errors."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"Not sufficiently compatible with some of our systems."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"It needs more robust reporting tools."
"The forced browse has been incorporated into the program and it is resource-intensive."
"It doesn't run on absolutely every operating system."
"The technical support team must be proactive."
"OWASP Zap needs to extend to mobile application testing."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The product reporting could be improved."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.