We just raised a $30M Series A: Read our story

Compare Fortify WebInspect vs. OWASP Zap

You must select at least 2 products to compare!
Fortify WebInspect Logo
8,048 views|5,374 comparisons
OWASP Zap Logo
32,119 views|21,508 comparisons
Featured Review
Find out what your peers are saying about Fortify WebInspect vs. OWASP Zap and other solutions. Updated: November 2021.
552,136 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

"It is scalable and very easy to use.""The accuracy of its scans is great.""The user interface is ok and it is very simple to use.""The solution is able to detect a wide range of vulnerabilities. It's better at it than other products.""The most valuable feature is the static analysis.""Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features.""The solution is easy to use."

More Fortify WebInspect Pros »

"They offer free access to some other tools.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).""The stability of the solution is very good.""Simple to use, good user interface.""The solution is scalable.""The interface is easy to use.""The solution is good at reporting the vulnerabilities of the application.""Automatic scanning is a valuable feature and very easy to use."

More OWASP Zap Pros »

"The scanner could be better.""Our biggest complaint about this product is that it freezes up, and literally doesn't work for us.""Creating reports is very slow and it is something that should be improved.""It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application.""It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved.""Lately, we've seen more false negatives.""The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."

More Fortify WebInspect Cons »

"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""Too many false positives; test reports could be improved.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""Reporting format has no output, is cluttered and very long.""Deployment is somewhat complicated."

More OWASP Zap Cons »

Pricing and Cost Advice
"Our licensing is such that you can only run one scan at a time, which is inconvenient.""Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that.""The pricing is not clear and while it is not high, it is difficult to understand."

More Fortify WebInspect Pricing and Cost Advice »

"This solution is open source and free.""This is an open-source solution and can be used free of charge."

More OWASP Zap Pricing and Cost Advice »

Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
552,136 professionals have used our research since 2012.
Questions from the Community
Top Answer: I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
Top Answer: OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
Top Answer: It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
Average Words per Review
Average Words per Review
Also Known As
Micro Focus WebInspect, WebInspect
Learn More
Most enterprises rely heavily on the Web to conduct their normal operations, whether providing services, a mechanism for retail sales, or a host of other functions. Yet, most still struggle with efficiently managing their application security risks. For one thing, they need solutions of scale that can be used to manage thousands of active sites and assessments while also tracking discovered vulnerabilities, retesting procedures, and more. They need to perform repeated security tests to address compliance with regulations, legislation, and internal security policies and also see how their risk posture has changed over time. The enterprises have to protect their data, brand, and bottom line from the harsh impacts of what successful vulnerability exploitation could bring. Micro Focus WebInspect Enterprise enables organizations to solve these security problems quickly, efficiently, and intelligently.

Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

Learn more about Fortify WebInspect
Learn more about OWASP Zap
Sample Customers
Information Not Available
Top Industries
Computer Software Company33%
Comms Service Provider14%
Financial Services Firm9%
Computer Software Company27%
Financial Services Firm18%
Manufacturing Company9%
Computer Software Company30%
Comms Service Provider24%
Financial Services Firm5%
Company Size
Small Business18%
Midsize Enterprise9%
Large Enterprise73%
Small Business18%
Midsize Enterprise32%
Large Enterprise50%
Small Business14%
Midsize Enterprise12%
Large Enterprise74%
Find out what your peers are saying about Fortify WebInspect vs. OWASP Zap and other solutions. Updated: November 2021.
552,136 professionals have used our research since 2012.

Fortify WebInspect is ranked 11th in Application Security Testing (AST) with 7 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.0. The top reviewer of Fortify WebInspect writes "Good reporting and vulnerability management, but needs better performance and resource utilization". On the other hand, the top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Micro Focus Fortify on Demand, Veracode, HCL AppScan and Acunetix by Invicti, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Qualys Web Application Scanning and Netsparker by Invicti. See our Fortify WebInspect vs. OWASP Zap report.

See our list of best Application Security Testing (AST) vendors.

We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.