We performed a comparison between OWASP Zap and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ZAP scan and code crawler are valuable features."
"The solution is good at reporting the vulnerabilities of the application."
"We use the solution for security testing."
"Simple to use, good user interface."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The product discovers more vulnerabilities compared to other tools."
"The solution has tightened our security."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The setup is usually straightforward."
"It is really accurate and the rate of false positives is very low."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"I would say that it is stable, as I am not aware of any major issues."
"It scans all the components developed within a web application."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The port scanner is a little too slow."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"The product should allow users to customize the report based on their needs."
"There's very little documentation that comes with OWASP Zap."
"There isn't too much information about it online."
"Reporting format has no output, is cluttered and very long."
"The dashboard and interface are crucial and they need some improvement."
"The enterprise interface is too simple. It should be more customizable."
"Integration could be better."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"The tech support is responsive but issues remain unresolved."
OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews while Rapid7 AppSpider is ranked 25th in Application Security Testing (AST) with 13 reviews. OWASP Zap is rated 7.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and GitLab, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Acunetix, Tenable.io Web Application Scanning, Invicti and Qualys Web Application Scanning. See our OWASP Zap vs. Rapid7 AppSpider report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.