We performed a comparison between Fortra Tripwire IP360 and OWASP Zap based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"Tripwire IP360 is a very stable solution."
"We could manage our entire IP range with the solution."
"It scans while you navigate, then you can save the requests performed and work with them later."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"We use the solution for security testing."
"Automatic scanning is a valuable feature and very easy to use."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The solution is good at reporting the vulnerabilities of the application."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"We need to dedicate time and resources to keep it running."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"I am not very impressed by the technical support."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"Sometimes, we get some false positives."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"There are too many false positives."
"The product should allow users to customize the report based on their needs."
Fortra Tripwire IP360 is ranked 37th in Vulnerability Management with 6 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Fortra Tripwire IP360 is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortra Tripwire IP360 writes "The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortra Tripwire IP360 is most compared with Tenable Nessus, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.