OWASP Zap Other Advice
NS
reviewer1753959
Cyber Security Engineer at a transportation company with 10,001+ employees
I am using the latest version. I usually download the latest version and then use it.
Users need to read the documentation before starting. Users need to educate themselves before they start.
I'd rate the solution seven out of ten.
View full review »If you're a smaller organization, this tool is a great first choice as a starting point. It's quite usable.
I rate this solution eight out of 10.
PN
FA9
Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
Overall, I would rate the solution an eight out of ten.
My advice for OWASP Zap users is that you must be connected to vulnerability discovery work. As security testers, we must find vulnerabilities in our project. There are many false positives [with OWASP Zap], so we have to try new ways of exploiting and restarting. Maybe that's my advice.
View full review »Buyer's Guide
OWASP Zap
April 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
I would recommend the solution to my clients since it is a proven product. We have no issues with stability, scalability, and technical support. Overall, I rate the product an eight out of ten.
View full review »DD
Delmain Deyzel
Cloud Solutions Architect at TANGENT SOLUTIONS
I will recommend the product to others. Everyone must use the tool. Overall, I rate the solution a nine out of ten.
AG
Alan Gallagher
CEO at Virtual Security International
I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11.
I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market.
One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them.
I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job.
There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles.
I would rate OWASP Zap a nine out of ten.
View full review »We use SonarQube for penetration testing. We are most likely to have hybrid solutions. However, the deployment model depends on our clients, the data, and the type of product we will deploy. I didn't use automatic scalability for our deliveries and deployment.
The solution is worth using. We've used many tools and discovered that OWASP detects multiple high vulnerabilities, which the other tools do not detect. Overall, I rate the product an eight out of ten.
View full review »YK
Yudhistiro Kusumonegoro
Security Officer at UnDisclosed
I can recommend others to use the solution for a quick and easy introduction to dynamic testing. But for the more advanced solution and for users like myself who understand the application suite itself for others and any organization to use the commercial solution as a proxy. I rate the overall solution a seven out of ten.
View full review »My advice would be to not look at Zap as a one-stop-shop for all your results because Zap cannot do that. Zap is very good for a certain number of basic vulnerabilities or medium to high-level issues, but it can't go beyond that. You can use Zap along with another tool. If you're doing two or three levels of security testing, you can use Zap along with other tools.
It is more of a learner tool. So, if you're using Zap, it would be best if you use it as a beginner in the field. Once you get into projects or work for people on their applications, you'll definitely end up needing something stronger.
I would rate it a five out of ten.
View full review »I rate OWASP ZAP seven out of 10. It's an excellent penetration testing tool for developers. That scanning part is solid, but the integration with AWS and Azure pipelines could be better.
View full review »I'm an end-user.
I'm not sure which version of the solution I'm using.
I would rate the solution seven out of ten. While it is free to use, it does take up a lot of memory. I also find Burp easier to use than this product.
View full review »BS
Balaji Senthiappan
Assistant Vice President at Hexaware Technologies Limited
We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are.
There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company.
Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.
View full review »EA
Eldar Aydayev
President & Owner at Aydayev's Investment Business Group
I used the source code design for the deployment.
I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler.
I rate OWASP Zap as a six out of ten.
VN
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online.
There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool.
In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten.
View full review »OA
OluwatosinAina
Consultant with 1,001-5,000 employees
I rate this solution a seven out of ten. The product is good, but the reporting process could be improved. I recommend this solution to people looking for a quick DAST application and a dynamic application security testing tool. Additionally, the solution is cost-effective.
View full review »Overall, i would rate the solution a seven out of ten.
View full review »I rate the solution an eight out of ten.
View full review »If you're a company and you've got your own websites, internally and externally, it's great. It's a great free, open source tool to get your security staff and even your web developers to use it. If you already have a mature SDLC framework in place or web development, then maybe you should get even maybe more serious and buy the Burp Suite Professional license or other tools out there like Acunetix.
But overall I think it's a great product. It finds, I'd say, 90% if not more of the things that it needs to and helps you remediate any security findings.
View full review »This is a very mature tool. It is capable of facilitating the work of many security experts. I highly recommend it for beginners and advanced users when some other tools fail to catch traffic.
View full review »PS
PiyushSharma
Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees
If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that.
I rate this solution a six out of 10.
VG
Vinod_Gupta
CEO and Founder at Indicrypt Systems
I would recommend that you should go through the documentation really well. That's it.
I would rate this product 8 out of 10.
View full review »AP
reviewer981930
Security Consultant
Whether this is a good solution depends on the use case. If an organization is looking for a professional license without putting down any money, this is one of the best solutions.
I would rate this solution more highly if we were able to customize reports. For now, I rate this solution eight out of 10.
View full review »VF
Vidar Folden
Consultant at Harald A. Møller AS
I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs.
I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.
View full review »RK
RajKumar3
Business Analyst at Experion Technologies
I would definitely recommend this product provided the company can provide more clarity on the false positives that we get.
I would rate this solution a seven out of 10.
View full review »CD
OwaspZ677
Senior Engineer at a aerospace/defense firm with 10,001+ employees
I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.
AM
Anish Mishra
Team Lead at a tech services company with 51-200 employees
I would rate it an eight out of 10, based on the usability and variety of features provided. It is highly customizable in terms of usability and reporting, and all of this is available in a free solution.
View full review »AC
Manager677
Senior Manager at a marketing services firm with 10,001+ employees
I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.
View full review »RT
reviewer1487928
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
We are a customer and end-user of the product.
There's lots of information online for users who are curious to learn more about the product.
In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.
View full review »KP
Krystian Przybyl
Works at a computer software company with 1,001-5,000 employees
It is a very good product. Though, the port scanner is a little too slow.
View full review »Don't re-implement it, just use it.
It's an excellent solution, i.e., driven by committed and passionate security focussed developers.
View full review »RS
Roshni Shinde
Software Engineer at a computer software company with 201-500 employees
I rate OWASP Zap a six out of ten.
View full review »SK
SivaK1
Automation Engineer at a tech services company with 1,001-5,000 employees
It's worth exploring and learning the tool. It helps a lot to understand the vulnerabilities in the applications. I rate the solution eight out of 10.
JT
Jaromir Tesar
Embedded Software Engineer at Y Soft
I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance.
I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.
SB
Saraswathi B
Test Automation Project Lead at a tech services company with 1,001-5,000 employees
Very good and useful tool for security testing and penetrations testers.
View full review »This is a good product where most of the functionality is free, which is why I recommend that others use it.
I would rate this solution a seven out of ten.
View full review »RR
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
The community edition updates services regularly. They add new vulnerabilities into the scanning list.
View full review »Buyer's Guide
OWASP Zap
April 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.