Application Security Testing Forum

Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Content Specialist
IT Central Station
Mar 15 2018
One of the most popular comparisons on IT Central Station is OWASP Zap vs PortSwigger Burp? Which of these two solutions would you recommend for Application Security Testing and why? Thanks! --Rhea
83c4be26 8cfb 4122 aded 38c7a5af37b4 avatar
Murat KayaBoth have very powerful abilities. ZAP can be an advantage for free, but Burp's free version will work similarly. As someone who uses both, depending on the circumstances, one can be preferred to the other.
Anonymous avatar x80
User at a tech vendor
Feb 26 2018
What security testing tools have you used that integrated well with your DevOps pipeline automation?
Hugo van den berg li?1425029360
Hugo Van den BergSecurity starts way before testing actually. Make sure security is already part of the way you develop. We use an external bureau that does our security tests. That guarantees us an independant view of our security.
Anonymous avatar x30
Dmitri T.It depends on your requirements, the list of security testing tools you can find at With regards to including security testing into continuous delivery pipeline you can consider using i.e. Apache JMeter ( - free and open source multiprotocol load testing tools. JMeter is mostly designed for performance testing, however it is very flexible and you can utilize it for security testing as well. See guide for more details on several use cases
Anonymous avatar x80
Associate Test Engineer with 501-1,000 employees
Jan 09 2018
Hi Guys, I'm currently working on vulnerability testing for our application. I just want to know which one is best, IBM Appscan or HP Fortify? Thanks in advance.

Sign Up with Email