We performed a comparison between Fortify Software Security Center and OWASP Zap based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The reporting is very useful because you can always view an entire list of the issues that you have."
"You can easily download the tool's rule packs and update them."
"This is a stable solution at the end of the day."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"We use the solution for security testing."
"It can be used effectively for internal auditing."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"Simple and easy to learn and master."
"Fuzzer and Java APIs help a lot with our custom needs."
"The solution is scalable."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Fortify Software Security Center's setup is really painful."
"We are having issues with false positives that need to be resolved."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"Deployment is somewhat complicated."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The port scanner is a little too slow."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The solution is unable to customize reports."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"Lacks resources where users can internally access a learning module from the tool."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Application Security Testing (AST) with 3 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Fortify Software Security Center is rated 7.4, while OWASP Zap is rated 7.6. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca, Fortify WebInspect and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.