We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is ok and it is very simple to use."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"The most valuable feature of this solution is the ability to make our customers more secure."
"Good at scanning and finding vulnerabilities."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The solution is easy to use."
"It's a well-known platform for doing dynamic application scanning."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The scalability of this product is very good."
"Fuzzer and Java APIs help a lot with our custom needs."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"It scans while you navigate, then you can save the requests performed and work with them later."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The solution has tightened our security."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The interface is easy to use."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"Not sufficiently compatible with some of our systems."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Lately, we've seen more false negatives."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"One thing I would like to see them introduce is a cloud-based platform."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Reporting format has no output, is cluttered and very long."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"OWASP Zap needs to extend to mobile application testing."
"There isn't too much information about it online."
"The reporting feature could be more descriptive."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.