We performed a comparison between OWASP Zap and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."We use the solution for security testing."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The stability of the solution is very good."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"It's great that we can use it with Portswigger Burp."
"Automatic scanning is a valuable feature and very easy to use."
"The API is exceptional."
"Simple and easy to learn and master."
"The stability is great. We haven't had any issues at all with it."
"The product should allow users to customize the report based on their needs."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"It would be nice to have a solid SQL injection engine built into Zap."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"Too many false positives; test reports could be improved."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points
OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews while Trustwave App Scanner [EOL] doesn't meet the minimum requirements to be ranked in Application Security Testing (AST). OWASP Zap is rated 7.6, while Trustwave App Scanner [EOL] is rated 7.6. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Trustwave App Scanner [EOL] writes "It helps us troubleshoot failed scans and incomplete statuses". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode, whereas Trustwave App Scanner [EOL] is most compared with .
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
