We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"The usability and overall scan results are good."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"Picks up weaknesses in our app setups."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The product discovers more vulnerabilities compared to other tools."
"They offer free access to some other tools."
"Automatic updates and pull request analysis."
"The stability of the solution is very good."
"The ZAP scan and code crawler are valuable features."
"The solution is scalable."
"It scans while you navigate, then you can save the requests performed and work with them later."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"There are some versions of the solution that are not as stable as others."
"Acunetix needs to include agent analysis."
"The forced browse has been incorporated into the program and it is resource-intensive."
"There isn't too much information about it online."
"It would be nice to have a solid SQL injection engine built into Zap."
"The solution is unable to customize reports."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
Acunetix is ranked 13th in Static Application Security Testing (SAST) with 26 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, Qualys Web Application Scanning, PortSwigger Burp Suite Professional, Veracode and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.