We performed a comparison between Fortify Software Security Center and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This is a stable solution at the end of the day."
"You can easily download the tool's rule packs and update them."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"Automatic scanning is a valuable feature and very easy to use."
"The interface is easy to use."
"The ZAP scan and code crawler are valuable features."
"Fuzzer and Java APIs help a lot with our custom needs."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"You can run it against multiple targets."
"The stability of the solution is very good."
"Fortify Software Security Center's setup is really painful."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"We are having issues with false positives that need to be resolved."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The technical support team must be proactive."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"The product reporting could be improved."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Application Security Testing (AST) with 3 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. Fortify Software Security Center is rated 7.4, while OWASP Zap is rated 7.6. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca, Checkmarx One and Fortify WebInspect, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Veracode. See our Fortify Software Security Center vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.