We performed a comparison between NowSecure and OWASP Zap based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"It updates repositories and libraries quickly."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"Simple to use, good user interface."
"The stability of the solution is very good."
"They offer free access to some other tools."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The API is exceptional."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
"It would be nice to have a solid SQL injection engine built into Zap."
"The product should allow users to customize the report based on their needs."
"It doesn't run on absolutely every operating system."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"Too many false positives; test reports could be improved."
"The forced browse has been incorporated into the program and it is resource-intensive."
Earn 20 points
NowSecure is ranked 33rd in Static Application Security Testing (SAST) while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. NowSecure is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". NowSecure is most compared with Veracode, Data Theorem API Secure , Acunetix, Checkmarx One and GitLab, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.