OWASP Zap vs Rapid7 AppSpider comparison

Cancel
You must select at least 2 products to compare!
OWASP Logo
22,442 views|10,766 comparisons
Rapid7 Logo
1,380 views|1,011 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between OWASP Zap and Rapid7 AppSpider based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed OWASP Zap vs. Rapid7 AppSpider Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The ZAP scan and code crawler are valuable features.""The solution is good at reporting the vulnerabilities of the application.""We use the solution for security testing.""Simple to use, good user interface.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""The product discovers more vulnerabilities compared to other tools.""The solution has tightened our security.""The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."

More OWASP Zap Pros →

"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines.""Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements.""The setup is usually straightforward.""It is really accurate and the rate of false positives is very low.""The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.""The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way.""I would say that it is stable, as I am not aware of any major issues.""It scans all the components developed within a web application."

More Rapid7 AppSpider Pros →

Cons
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word ​list, or manually created.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""The port scanner is a little too slow.​""ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline.""The product should allow users to customize the report based on their needs.""There's very little documentation that comes with OWASP Zap.""There isn't too much information about it online.""Reporting format has no output, is cluttered and very long."

More OWASP Zap Cons →

"The dashboard and interface are crucial and they need some improvement.""The enterprise interface is too simple. It should be more customizable.""Integration could be better.""Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan.""AppSpider could improve in the area of integration. They need to add more integration opportunities.""One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions.""The solution is too slow. It could take a full day to scan. Competitors are much faster.""The tech support is responsive but issues remain unresolved."

More Rapid7 AppSpider Cons →

Pricing and Cost Advice
  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."
  • More OWASP Zap Pricing and Cost Advice →

  • "It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
  • "The price is pretty fair."
  • "The licensing cost depends on the number of users."
  • "AppSpider is closed-source software and you need to acquire a license in order to use it."
  • "The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
  • More Rapid7 AppSpider Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The application scanning feature is the most valuable feature.
    Top Answer:The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all… more »
    Top Answer:The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor. The price of the… more »
    Top Answer:The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution.
    Ranking
    Views
    22,442
    Comparisons
    10,766
    Reviews
    12
    Average Words per Review
    360
    Rating
    7.3
    Views
    1,380
    Comparisons
    1,011
    Reviews
    3
    Average Words per Review
    429
    Rating
    7.3
    Comparisons
    Also Known As
    AppSpider
    Learn More
    Overview

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

    Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

    Sample Customers
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Microsoft
    Top Industries
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm33%
    University33%
    Comms Service Provider33%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm15%
    Government8%
    Healthcare Company6%
    Company Size
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise64%
    REVIEWERS
    Small Business54%
    Midsize Enterprise15%
    Large Enterprise31%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise15%
    Large Enterprise66%
    Buyer's Guide
    OWASP Zap vs. Rapid7 AppSpider
    March 2024
    Find out what your peers are saying about OWASP Zap vs. Rapid7 AppSpider and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews while Rapid7 AppSpider is ranked 25th in Application Security Testing (AST) with 13 reviews. OWASP Zap is rated 7.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and GitLab, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Acunetix, Tenable.io Web Application Scanning, Invicti and Qualys Web Application Scanning. See our OWASP Zap vs. Rapid7 AppSpider report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.