OWASP Zap Reviews

4.1 out of 5 stars
 (6)
Anonymous avatar x80
Real User
User at a retailer with 1,001-5,000 employees
Aug 20 2017

What is most valuable?

The vulnerabilities that it finds, because the primary goal is to secure applications and websites.

How has it helped my organization?

When I checked the CVE and MITRE databases, that gives the latest attacks that are out there for a particular software, hardware and how to protect against it.

What needs improvement?

It's possibly just a limitation of the product itself but sometimes it won't scan a particular website so you have to manually go in and make some configuration changes. Also, it needs to have more feeds such as from the Darknet, RSS or... more»
4c3932e1 ea54 4df6 be02 9a74ac6900d9 avatar
Real User
Program Manager at a manufacturing company with 1,001-5,000 employees
May 02 2018

What is most valuable?

* Interception of proxy traffic * Session comparisons * Port scanner * Fuzzing * Brute force * Cookie management

How has it helped my organization?

Using this tool, it helps enhance and speed the process of covering big applications with many functionalities. It scans while you navigate, then you can save the requests performed and work with them later. Also, you can pass these requests... more»

What needs improvement?

I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created.
Application security testing report from it central station 2018 05 12 thumbnail
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing.
269,608 professionals have used our research since 2012.
Anonymous avatar x80
Real User
Technologist at a tech services company
Jul 24 2017

What do you think of OWASP Zap?

Valuable Features The API is exceptional. • Improvements to My Organization I can provide examples of how OWASP Zed Attack Proxy (ZAP) has been used inside many of my customer's environments. I've set up Security Regression testing using the ZAP API and written about how this is done in my first book. I've also spoken and run many pieces of training on setting up Security Regression testing with the ZAP API. • Room for Improvement The documentation is lacking and out-of-date, it really needs more love. This is a common scenario with developers running many open-source projects. The community is trying to help with this. I've done my part with providing details on how to use the ZAP API for Security Regression testing. I think ZAP is now sponsored by the Linux Foundation....
B6f5ac62 b790 4554 aa53 ace38bca6572 avatar
Real User
Test Automation Project Lead at a tech services company with 1,001-5,000 employees
Jul 26 2016

What is most valuable?

* Very good open source security tool supporting the top 10 vulnerabilities (Injections, Session Management, XSS, Authentication, Authorization, etc.). * Simple and easy to learn and master. * Good online product documentation. * Built in... more»

How has it helped my organization?

We have leveraged our existing functional tests for security testing by integrating web driver scripts with the OWASP ZAP tool.

What needs improvement?

Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation.
10d5038e 4ccd 4173 9fcf 38325888f188 avatar
Real User
Team Lead at a tech services company with 51-200 employees
May 02 2018

What do you think of OWASP Zap?

Primary Use Case Security/penetration testing of a Java-based Web application which is served over a SaaS platform. Zap has been integrated as one of the important tools in our QA cycle. All beta releases of our software go through Zap scanning. Custom reports are generated - they are pretty decent and standardized - and are submitted to upper management for auditing by a third-party. • Improvements to My Organization We save a significant amount of money on third-party security auditing time. We are also able to minimize most of the security threats for our software prior to releases, thus saving a lot of time on security fixes and post-release path builds. • Valuable Features Fuzzer and Java APIs help a lot with our custom needs. • Room for Improvement It would...
See 1 more reviews

Articles

User Assessments By Topic About OWASP Zap

Application security testing report from it central station 2018 05 12 thumbnail
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing.
269,608 professionals have used our research since 2012.

OWASP Zap Questions

OWASP Zap Projects By Members

OWASP Zap Consultants

What is OWASP Zap?

Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

Vendor 29980 screenshot 1524961235
BUYER'S GUIDE
Not sure which Application Security Testing solution is right for you?

Download our free Application Security Testing Report and find out what your peers are saying about OWASP , PortSwigger, Acunetix, and more!
Application security testing report from it central station 2018 05 12 thumbnail

Sign Up with Email