OWASP Zap Benefits
NS
reviewer1753959
Cyber Security Engineer at a transportation company with 10,001+ employees
It helps that we can use it hand in hand with Portswigger Burp. Since each have scanning capabilities, we can use them together and leverage whichever has the better scanning extension, depending on what we need.
View full review »The solution has tightened our security and that of our clients who depend on it. If you identify a weakness or a limitation in an application, and the tool identifies it, we can highlight it to the developer, who secures it and gives it back to us and we can test it back through the tool.
YK
Yudhistiro Kusumonegoro
Security Officer at UnDisclosed
It improved our company's functioning because it integrates and can automate most of our workflow, so it helps. Based on its automation abilities, I rate it a seven out of ten. But there are many things that I have to do manually for safety and better clarification.
View full review »Buyer's Guide
OWASP Zap
March 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
VN
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
We recently ran into an issue where we had to test the OAuth token validation, where the REST API calls had OAuth token change every time a request was being sent. Somebody from the support community had contributed a sample code to accomplish this. In terms of the community support that is available, OWASP Zap has great set of features to use.
View full review »OA
OluwatosinAina
Consultant with 1,001-5,000 employees
The product has improved our application security engagement. It helps with our in-house review and sometimes, we don't need an external third-party tester to review it. Once we get it from OWASP Zap, we have an idea of the inherent vulnerabilities in the application. This is a plus to save cost and improve our application accuracy practice.
When I checked the CVE and MITRE databases, that gives the latest attacks that are out there for a particular software, hardware and how to protect against it.
View full review »Using this tool, it helps enhance and speed the process of covering big applications with many functionalities. It scans while you navigate, then you can save the requests performed and work with them later. Also, you can pass these requests to colleagues involved in the same security assessment to increase the monitoring as well as avoid extra work.
View full review »PS
PiyushSharma
Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees
The solution has improved company functioning to a certain extent, but it takes a lot of time coordinating with the Dev team because we are using the open source version and not the enterprise version. It's not an awesome solution but we do get the reports we need and there is a good amount of documentation and support.
View full review »VF
Vidar Folden
Consultant at Harald A. Møller AS
This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we are doing large deployments, we might get a professional security partner in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes the process easier and safer.
View full review »AM
Anish Mishra
Team Lead at a tech services company with 51-200 employees
We save a significant amount of money on third-party security auditing time.
We are also able to minimize most of the security threats for our software prior to releases, thus saving a lot of time on security fixes and post-release path builds.
View full review »DA
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It can be used effectively for internal auditing. We use it to detect f/p (false positives).
View full review »KP
Krystian Przybyl
Works at a computer software company with 1,001-5,000 employees
It has improved my organization with faster security tests.
View full review »I can provide examples of how OWASP Zed Attack Proxy (ZAP) has been used inside many of my customer's environments. I've set up Security Regression testing using the ZAP API and written about how this is done in my first book.
I've also spoken and run many pieces of training on setting up Security Regression testing with the ZAP API.
View full review »SB
Saraswathi B
Test Automation Project Lead at a tech services company with 1,001-5,000 employees
We have leveraged our existing functional tests for security testing by integrating web driver scripts with the OWASP ZAP tool.
View full review »RR
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
Every now and then, there is an update. They add new vulnerabilities to the scan list. That is where they just keep on improving.
View full review »DD
Delmain Deyzel
Cloud Solutions Architect at TANGENT SOLUTIONS
The solution helped identify attacks like Cross-site Scripting and SQL Injection. We can perform general health checks to see if the site is secure. If there are problems, they get fixed by the developers before they get to production.
View full review »Buyer's Guide
OWASP Zap
March 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.