I've always used other solutions, which always contain the OWASP open-source tool behind the scenes. We can't compare OWASP Zap with anything else. The solution has an active community. The vendor keeps improving the OWASP framework often. There's no reason for me to deviate from it. OWASP is used widely in web application firewalls as the rule engine.

I was making a comparison between OWASP and Acunetix to see what the differences were.

I am still currently using Burp Suite, which is free.

We did a POC for a tool by NetSuite, but that was a paid tool. 

Zap is a very good startup. There is an alternate solution that is a bit more expensive and requires more technical knowledge than OWASP Zap, although both have a model based configuration. The interface allows one to run predefined templates, something OWASP Zap has in common with the other solution. The automation capabilities are similar, as well. 

We did not evaluate other options before choosing this solution.

Burp Suite. It's part of the pool in terms of the tools that do the job, whether they're free or commercially based. So Burp Suite and Nikto, and WPScan, that's for WordPress. They're all website security checkers per se, but they're not all created equal, some are specialized for certain things.

As mentioned, BURP Suite and Fiddler are two other great options. OWASP ZAP excels for what it does and for how smooth and light the tool’s learning curve can be.

I carried out an evaluation between Checkmarx and OWASP Zap.

We ran IBM Appscan for a year, but it was expensive and did not deliver more value. Veracode was pretty much the same and cost the same. We then also looked at PortSwigger Burp Suite Pro, which is at a better price point and a very good expert tool. Though at this point in time, given our needs, it does not seem to give us any advantage over ZAP. Also, the forums and the internet community is excellent on ZAP and it's free.

We evaluated several other packages prior to OWASP Zap, such as Burp Suite and Acunetix. We finally moved to Zap as it is open-source and provides almost all the features and the customization that we need.

We looked at Arachni and Acunetix.

I've been evaluating all the well-known HTTP intercepting proxies for years, as I have mentioned earlier, ZAP is the only one that has a fully featured REST API. It also has API clients written in many languages.

I have been evaluating Armor for my teammates who are using ZAP. I have found that Armor is better than ZAP and we are looking to switch solutions.

No, we are happy with the features provided with this tool, but if you want to go with static code analysis for security tests, we need to find a different option here.