OWASP Zap Review

Good user interface and easy to use; test reports could be improved

What is our primary use case?

I'm a business analyst and we're a customer of OWASP Zap. 

What is most valuable?

The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.

What needs improvement?

I'd like to be able to explore more and improvements could be made in that area because for now I'm only able to explore the manual testing feature. I'd also like to see an improvement in test reports because we get too many false positives. 

For how long have I used the solution?

I've been using this solution for the past few months. 

What do I think about the stability of the solution?

The stability is okay although we get many false positives when pulling out test reports. 

What do I think about the scalability of the solution?

The scalability is very good. 

How are customer service and technical support?

I haven't needed technical support to date and I haven't yet started using the community support.  

How was the initial setup?

The initial setup wasn't very complex. You're supposed to install a JDK, Java file. I think implementation took about an hour. There are seven people in the company using the solution and maybe in the coming days there will be more. 

What other advice do I have?

I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. 

I would rate this solution a seven out of 10. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More OWASP Zap reviews from users
...who work at a Computer Software Company
...who compared it with PortSwigger Burp
Add a Comment