We performed a comparison between Kiuwan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"The solution has a continuous integration process."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."
"We use Kiuwan to locate the source of application vulnerabilities."
"The solution offers very good technical support."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The ZAP scan and code crawler are valuable features."
"Simple to use, good user interface."
"Fuzzer and Java APIs help a lot with our custom needs."
"You can run it against multiple targets."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The scalability of this product is very good."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
"I would like to see better integration with Azure DevOps in the next release of this solution."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"The QA developer and security could be improved."
"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."
"I would like to see better integration with the Visual Studio and Eclipse IDEs."
"It could improve its scalability abilities."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"The technical support team must be proactive."
"There are too many false positives."
"Lacks resources where users can internally access a learning module from the tool."
"There's very little documentation that comes with OWASP Zap."
"Reporting format has no output, is cluttered and very long."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
Kiuwan is ranked 16th in Static Application Security Testing (SAST) with 23 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Kiuwan is rated 8.6, while OWASP Zap is rated 7.6. The top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Kiuwan is most compared with SonarQube, Checkmarx One, Snyk, Veracode and SonarCloud, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional. See our Kiuwan vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.