We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The solution is easy to use."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Good at scanning and finding vulnerabilities."
"Technical support has been good."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"It's a well-known platform for doing dynamic application scanning."
"Automatic scanning is a valuable feature and very easy to use."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The stability of the solution is very good."
"The most valuable feature is scanning the URL to drill down all the different sites."
"Fuzzer and Java APIs help a lot with our custom needs."
"The solution is scalable."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"Not sufficiently compatible with some of our systems."
"The initial setup was complex."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"We have often encountered scanning errors."
"It doesn't run on absolutely every operating system."
"It would be nice to have a solid SQL injection engine built into Zap."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"The product should allow users to customize the report based on their needs."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The port scanner is a little too slow."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.