We performed a comparison between OWASP Zap and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ZAP scan and code crawler are valuable features."
"It has improved my organization with faster security tests."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"The stability of the solution is very good."
"Fuzzer and Java APIs help a lot with our custom needs."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Technical support is helpful."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"The solution is scalable."
"Automatic testing is the most valuable feature."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"OWASP Zap needs to extend to mobile application testing."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Too many false positives; test reports could be improved."
"Deployment is somewhat complicated."
"The port scanner is a little too slow."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"There isn't too much information about it online."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"The performance could be a bit better."
"UI testing should be more in-depth."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews while Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews. OWASP Zap is rated 7.6, while Parasoft SOAtest is rated 8.2. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork. See our OWASP Zap vs. Parasoft SOAtest report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.