We performed a comparison between OWASP Zap and Synopsys API Security Testing based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"Fuzzer and Java APIs help a lot with our custom needs."
"Simple to use, good user interface."
"The application scanning feature is the most valuable feature."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"It has improved my organization with faster security tests."
"The stability of the solution is very good."
"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"There's very little documentation that comes with OWASP Zap."
"Deployment is somewhat complicated."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"OWASP Zap needs to extend to mobile application testing."
"The product should allow users to customize the report based on their needs."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."
OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews while Synopsys API Security Testing is ranked 29th in Static Application Security Testing (SAST). OWASP Zap is rated 7.6, while Synopsys API Security Testing is rated 7.0. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Synopsys API Security Testing writes "Useful threat vectors, beneficial results, but implementation needed support". OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Veracode, whereas Synopsys API Security Testing is most compared with Seeker, Fortify WebInspect and Acunetix.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.