We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The solution is easy to use."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"Guided Scan option allows us to easily scan and share reports."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"It's a well-known platform for doing dynamic application scanning."
"The accuracy of its scans is great."
"The user interface is ok and it is very simple to use."
"The stability of the solution is very good."
"The interface is easy to use."
"It has improved my organization with faster security tests."
"It updates repositories and libraries quickly."
"Automatic scanning is a valuable feature and very easy to use."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The product discovers more vulnerabilities compared to other tools."
"The solution has tightened our security."
"Creating reports is very slow and it is something that should be improved."
"Lately, we've seen more false negatives."
"We have often encountered scanning errors."
"A localized version, for example, in Korean would be a big improvement to this solution."
"The scanner could be better."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"OWASP Zap needs to extend to mobile application testing."
"The port scanner is a little too slow."
"Sometimes, we get some false positives."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"There are too many false positives."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"It needs more robust reporting tools."
"Lacks resources where users can internally access a learning module from the tool."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.