OWASP Zap Benefits

NS
Cyber Security Engineer at a transportation company with 10,001+ employees

It helps that we can use it hand in hand with Portswigger Burp. Since each have scanning capabilities, we can use them together and leverage whichever has the better scanning extension, depending on what we need. 

View full review »
AnkithKumar - PeerSpot reviewer
Application Security Consultant at a tech services company with 10,001+ employees

The solution has tightened our security and that of our clients who depend on it. If you identify a weakness or a limitation in an application, and the tool identifies it, we can highlight it to the developer, who secures it and gives it back to us and we can test it back through the tool. 

View full review »
YK
Security Officer at UnDisclosed

It improved our company's functioning because it integrates and can automate most of our workflow, so it helps. Based on its automation abilities, I rate it a seven out of ten. But there are many things that I have to do manually for safety and better clarification.

View full review »
Buyer's Guide
OWASP Zap
March 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
VN
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd

We recently ran into an issue where we had to test the OAuth token validation, where the REST API calls had OAuth token change every time a request was being sent. Somebody from the support community had contributed a sample code to accomplish this. In terms of the community support that is available, OWASP Zap has great set of features to use.

View full review »
OA
Consultant with 1,001-5,000 employees

The product has improved our application security engagement. It helps with our in-house review and sometimes, we don't need an external third-party tester to review it. Once we get it from OWASP Zap, we have an idea of the inherent vulnerabilities in the application. This is a plus to save cost and improve our application accuracy practice.

View full review »
it_user719781 - PeerSpot reviewer
Works at a retailer with 1,001-5,000 employees

When I checked the CVE and MITRE databases, that gives the latest attacks that are out there for a particular software, hardware and how to protect against it.

View full review »
it_user860865 - PeerSpot reviewer
Program Manager at a manufacturing company with 1,001-5,000 employees

Using this tool, it helps enhance and speed the process of covering big applications with many functionalities. It scans while you navigate, then you can save the requests performed and work with them later. Also, you can pass these requests to colleagues involved in the same security assessment to increase the monitoring as well as avoid extra work.

View full review »
PS
Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees

The solution has improved company functioning to a certain extent, but it takes a lot of time coordinating with the Dev team because we are using the open source version and not the enterprise version. It's not an awesome solution but we do get the reports we need and there is a good amount of documentation and support. 

View full review »
VF
Consultant at Harald A. Møller AS

This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we are doing large deployments, we might get a professional security partner in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes the process easier and safer.

View full review »
AM
Team Lead at a tech services company with 51-200 employees

We save a significant amount of money on third-party security auditing time.

We are also able to minimize most of the security threats for our software prior to releases, thus saving a lot of time on security fixes and post-release path builds.

View full review »
DA
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees

It can be used effectively for internal auditing. We use it to detect f/p (false positives). 

View full review »
KP
Works at a computer software company with 1,001-5,000 employees

It has improved my organization with faster security tests.

View full review »
it_user707190 - PeerSpot reviewer
Technologist at a tech services company

I can provide examples of how OWASP Zed Attack Proxy (ZAP) has been used inside many of my customer's environments. I've set up Security Regression testing using the ZAP API and written about how this is done in my first book.

I've also spoken and run many pieces of training on setting up Security Regression testing with the ZAP API.

View full review »
SB
Test Automation Project Lead at a tech services company with 1,001-5,000 employees

We have leveraged our existing functional tests for security testing by integrating web driver scripts with the OWASP ZAP tool.

View full review »
RR
Security Testing Engineer at a tech services company with 1,001-5,000 employees

Every now and then, there is an update. They add new vulnerabilities to the scan list. That is where they just keep on improving.

View full review »
DD
Cloud Solutions Architect at TANGENT SOLUTIONS

The solution helped identify attacks like Cross-site Scripting and SQL Injection. We can perform general health checks to see if the site is secure. If there are problems, they get fixed by the developers before they get to production.

View full review »
Buyer's Guide
OWASP Zap
March 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.