We performed a comparison between Fortify Software Security Center and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can easily download the tool's rule packs and update them."
"This is a stable solution at the end of the day."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"It can be used effectively for internal auditing."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"Simple to use, good user interface."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"Fuzzer and Java APIs help a lot with our custom needs."
"The interface is easy to use."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"We are having issues with false positives that need to be resolved."
"Fortify Software Security Center's setup is really painful."
"Lacks resources where users can internally access a learning module from the tool."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The port scanner is a little too slow."
"There are too many false positives."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Static Application Security Testing (SAST) with 3 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Fortify Software Security Center is rated 7.4, while OWASP Zap is rated 7.6. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify Software Security Center is most compared with Fortify on Demand and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional. See our Fortify Software Security Center vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.