OWASP Zap Review

Provides visibility of queries, but security and the ability to search the internet for other use cases could be better

What is our primary use case?

The solution has certain models. It allows the creation of a pipeline in respect of the interface or of certain content. It enables one to check that the security is as it should be. 

What is most valuable?

The solution enables a person to add the certificate and check the queries, to see if there are any that are undefined. This way, a person can have a list of the types of queries and can trace them. 

What needs improvement?

The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed. 

For how long have I used the solution?

We have been using OWASP Zap for more than four years. 

What do I think about the stability of the solution?

The computers perform somewhat slowly when loading a large number of queries into memory. As such, I don't know if it will be possible to use cache on the disk, which would greatly increase performance. 

What do I think about the scalability of the solution?

The solution is scalable. It can be run simultaneously for different targets. 

How are customer service and technical support?

I have not had experience with using technical support. I make use of a public community on the public website.

How was the initial setup?

The initial setup is a bit complex, not straightforward. It could be made easy if, lets say, a project can be defined for a certain task through the project's creation. This may simplify its use. 

Which other solutions did I evaluate?

Zap is a very good startup. There is an alternate solution that is a bit more expensive and requires more technical knowledge than OWASP Zap, although both have a model based configuration. The interface allows one to run predefined templates, something OWASP Zap has in common with the other solution. The automation capabilities are similar, as well. 

What other advice do I have?

I used the source code design for the deployment.

I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. 

I rate OWASP Zap as a six out of ten. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More OWASP Zap reviews from users
...who work at a Computer Software Company
...who compared it with Veracode
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
535,015 professionals have used our research since 2012.
Add a Comment
ITCS user