We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The accuracy of its scans is great."
"Guided Scan option allows us to easily scan and share reports."
"It is scalable and very easy to use."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The solution is easy to use."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"The solution has tightened our security."
"Simple and easy to learn and master."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"The solution is good at reporting the vulnerabilities of the application."
"Simple to use, good user interface."
"It has improved my organization with faster security tests."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"They offer free access to some other tools."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"A localized version, for example, in Korean would be a big improvement to this solution."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The initial setup was complex."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"We have often encountered scanning errors."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"The documentation is lacking and out-of-date, it really needs more love."
"Sometimes, we get some false positives."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"There's very little documentation that comes with OWASP Zap."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"The product should allow users to customize the report based on their needs."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.