I am using the latest version. I usually download the latest version and then use it.

Users need to read the documentation before starting. Users need to educate themselves before they start.

I'd rate the solution seven out of ten. 

If you're a smaller organization, this tool is a great first choice as a starting point. It's quite usable. 

I rate this solution eight out of 10. 

Overall, I would rate the solution an eight out of ten.

My advice for OWASP Zap users is that you must be connected to vulnerability discovery work. As security testers, we must find vulnerabilities in our project. There are many false positives [with OWASP Zap], so we have to try new ways of exploiting and restarting. Maybe that's my advice. 

I would recommend the solution to my clients since it is a proven product. We have no issues with stability, scalability, and technical support. Overall, I rate the product an eight out of ten.

I will recommend the product to others. Everyone must use the tool. Overall, I rate the solution a nine out of ten.

I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11.

I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market.

One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them.

I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job.

There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles.

I would rate OWASP Zap a nine out of ten.

We use SonarQube for penetration testing. We are most likely to have hybrid solutions. However, the deployment model depends on our clients, the data, and the type of product we will deploy. I didn't use automatic scalability for our deliveries and deployment. 

The solution is worth using. We've used many tools and discovered that OWASP detects multiple high vulnerabilities, which the other tools do not detect. Overall, I rate the product an eight out of ten.

I can recommend others to use the solution for a quick and easy introduction to dynamic testing. But for the more advanced solution and for users like myself who understand the application suite itself for others and any organization to use the commercial solution as a proxy. I rate the overall solution a seven out of ten.

My advice would be to not look at Zap as a one-stop-shop for all your results because Zap cannot do that. Zap is very good for a certain number of basic vulnerabilities or medium to high-level issues, but it can't go beyond that. You can use Zap along with another tool. If you're doing two or three levels of security testing, you can use Zap along with other tools.

It is more of a learner tool. So, if you're using Zap, it would be best if you use it as a beginner in the field. Once you get into projects or work for people on their applications, you'll definitely end up needing something stronger.

I would rate it a five out of ten.

I rate OWASP ZAP seven out of 10. It's an excellent penetration testing tool for developers. That scanning part is solid, but the integration with AWS and Azure pipelines could be better. 

I'm an end-user. 

I'm not sure which version of the solution I'm using. 

I would rate the solution seven out of ten. While it is free to use, it does take up a lot of memory. I also find Burp easier to use than this product.

We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are. 

There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company. 

Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.

I used the source code design for the deployment.

I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. 

I rate OWASP Zap as a six out of ten. 

When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online.

There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool.

In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten. 

I rate this solution a seven out of ten. The product is good, but the reporting process could be improved. I recommend this solution to people looking for a quick DAST application and a dynamic application security testing tool. Additionally, the solution is cost-effective.

Overall, i would rate the solution a seven out of ten. 

I rate the solution an eight out of ten. 

If you're a company and you've got your own websites, internally and externally, it's great. It's a great free, open source tool to get your security staff and even your web developers to use it. If you already have a mature SDLC framework in place or web development, then maybe you should get even maybe more serious and buy the Burp Suite Professional license or other tools out there like Acunetix.

But overall I think it's a great product. It finds, I'd say, 90% if not more of the things that it needs to and helps you remediate any security findings.

This is a very mature tool. It is capable of facilitating the work of many security experts. I highly recommend it for beginners and advanced users when some other tools fail to catch traffic.

If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that. 

I rate this solution a six out of 10.

I would recommend that you should go through the documentation really well. That's it.

I would rate this product 8 out of 10.

Whether this is a good solution depends on the use case. If an organization is looking for a professional license without putting down any money, this is one of the best solutions.  

I would rate this solution more highly if we were able to customize reports. For now, I rate this solution eight out of 10.

I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs.

I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.

I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. 

I would rate this solution a seven out of 10. 

I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.

I would rate it an eight out of 10, based on the usability and variety of features provided. It is highly customizable in terms of usability and reporting, and all of this is available in a free solution.

I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.

We are a customer and end-user of the product.

There's lots of information online for users who are curious to learn more about the product.

In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.

It is a very good product. Though, the port scanner is a little too slow.

Don't re-implement it, just use it.

It's an excellent solution, i.e., driven by committed and passionate security focussed developers.

I rate OWASP Zap a six out of ten.

It's worth exploring and learning the tool. It helps a lot to understand the vulnerabilities in the applications. I rate the solution eight out of 10. 

I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance.

I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10. 

Very good and useful tool for security testing and penetrations testers.

This is a good product where most of the functionality is free, which is why I recommend that others use it.

I would rate this solution a seven out of ten.

The community edition updates services regularly. They add new vulnerabilities into the scanning list.