We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"For us, the most valuable aspect of the solution is the log-sequence feature."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"Overall, it's a very good tool and a very good engine."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The solution is highly stable."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"Simple and easy to learn and master."
"They offer free access to some other tools."
"It has improved my organization with faster security tests."
"The solution is good at reporting the vulnerabilities of the application."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"You can run it against multiple targets."
"The solution is scalable."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"The solution's pricing could be better."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"There are some versions of the solution that are not as stable as others."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"While we do have it integrated with other solutions, it could still offer more integrations."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"Too many false positives; test reports could be improved."
"OWASP Zap needs to extend to mobile application testing."
"The reporting feature could be more descriptive."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"The solution is unable to customize reports."
"It would be nice to have a solid SQL injection engine built into Zap."
Acunetix is ranked 11th in Application Security Testing (AST) with 26 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Veracode and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.