We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution's technical support was very helpful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Technical support has been good."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"The most valuable feature of this solution is the ability to make our customers more secure."
"It's a well-known platform for doing dynamic application scanning."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"It is scalable and very easy to use."
"They offer free access to some other tools."
"The API is exceptional."
"The stability of the solution is very good."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The ZAP scan and code crawler are valuable features."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"Automatic scanning is a valuable feature and very easy to use."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"Creating reports is very slow and it is something that should be improved."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"One thing I would like to see them introduce is a cloud-based platform."
"We have often encountered scanning errors."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The solution is unable to customize reports."
"Deployment is somewhat complicated."
"The port scanner is a little too slow."
"The product should allow users to customize the report based on their needs."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.