What is our primary use case?
The use case was we needed to scan our website to find out what vulnerabilities were present.
We use it to scan the website, then take a report about what vulnerabilities are present on it. Next, we will manually verify those vulnerabilities for false positives.
How has it helped my organization?
Every now and then, there is an update. They add new vulnerabilities to the scan list. That is where they just keep on improving.
What is most valuable?
The community support that ZAP provides me. As an open source, it provides me flexibility and is convenient to use.
What needs improvement?
As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.
I would like to have more vulnerabilities added to the scan list, because as of now, it covers around 72 to 80. I need more because we need broader coverage.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
We have not scaled yet. Though, we should be able to scale.
How is customer service and technical support?
I have not used any support for this solution yet.
How was the initial setup?
The initial setup is straightforward, because we can integrate it directly into the SDLC.
What other advice do I have?
The community edition updates services regularly. They add new vulnerabilities into the scanning list.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jul 29 2018