We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"The solution is highly stable."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"The application scanning feature is the most valuable feature."
"The solution has tightened our security."
"The scalability of this product is very good."
"You can run it against multiple targets."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"It can be used effectively for internal auditing."
"We use the solution for security testing."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"There's a clear need for a reduction in pricing to make the service more accessible."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"The pricing is a bit on the higher side."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"There are some versions of the solution that are not as stable as others."
"Deployment is somewhat complicated."
"There are too many false positives."
"The solution is unable to customize reports."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"Too many false positives; test reports could be improved."
"The product should allow users to customize the report based on their needs."
"It would be nice to have a solid SQL injection engine built into Zap."
Acunetix is ranked 13th in Static Application Security Testing (SAST) with 26 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, Qualys Web Application Scanning, Veracode, PortSwigger Burp Suite Professional and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.