We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"Overall, it's a very good tool and a very good engine."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"Picks up weaknesses in our app setups."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"The application scanning feature is the most valuable feature."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"The solution is scalable."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"We use the solution for security testing."
"The stability of the solution is very good."
"Currently only supports web scanning."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"The pricing is a bit on the higher side."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"The solution's pricing could be better."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The port scanner is a little too slow."
"It doesn't run on absolutely every operating system."
"The forced browse has been incorporated into the program and it is resource-intensive."
"The documentation is lacking and out-of-date, it really needs more love."
"The technical support team must be proactive."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
Acunetix is ranked 11th in Application Security Testing (AST) with 26 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Veracode and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.