We performed a comparison between OWASP Zap and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"It updates repositories and libraries quickly."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"It scans while you navigate, then you can save the requests performed and work with them later."
"You can run it against multiple targets."
"Simple to use, good user interface."
"We use the solution for security testing."
"The API is exceptional."
"I would say that it is stable, as I am not aware of any major issues."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The setup is usually straightforward."
"It scans all the components developed within a web application."
"OWASP Zap needs to extend to mobile application testing."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"There isn't too much information about it online."
"There's very little documentation that comes with OWASP Zap."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"The technical support team must be proactive."
"The forced browse has been incorporated into the program and it is resource-intensive."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"Support response times are slow and can be improved."
"AppSpider has some problems with the RAM needed while scanning."
"The dashboard and interface are crucial and they need some improvement."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"There are some glitches with stability, and it is an area for improvement."
"Integration could be better."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews while Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews. OWASP Zap is rated 7.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Contrast Security Assess, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Acunetix, Invicti, Qualys Web Application Scanning and Tenable.io Web Application Scanning. See our OWASP Zap vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.