OWASP Zap Primary Use Case
NS
reviewer1753959
Cyber Security Engineer at a transportation company with 10,001+ employees
I primarily use the solution for different use cases. It's good for analysis. It also offers additional extensions you can take advantage of. There are different scan extensions you can leverage.
View full review »I use this solution to test applications; web applications, web APIs, and infrastructure. For the web APIs and applications, I use OWASP Zap for interpreting requests and responses, and to see how the application behaves to resist payloads. This is one of the basic applications for us to automate and test. We are customers of OWASP Zap and I'm an application security consultant.
PN
FA9
Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
I use it for vulnerability scanning. It has automatic methods. It's great.
Buyer's Guide
OWASP Zap
April 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
We use the solution for scanning pipelines.
View full review »DD
Delmain Deyzel
Cloud Solutions Architect at TANGENT SOLUTIONS
I use the solution to follow the framework and help my developers develop apps securely from the ground up with the right practices in mind. As part of the DevOps process, we use the tool to scan and see if the web apps are vulnerable. We integrated the tool into our development life cycle for security testing in our DevOps pipeline. We use the tool to spider and test the website.
View full review »AG
Alan Gallagher
CEO at Virtual Security International
I use this solution for penetration tests.
View full review »We use the product to ensure that our source code is safe enough and has no vulnerabilities before delivering a new release for our AML product. We also used the product for dynamic testing to test applications as a black box.
View full review »YK
Yudhistiro Kusumonegoro
Security Officer at UnDisclosed
OWASP Zap is used for dynamic testing. So when any kind of application, like, a web application, needs to be tested for its security and vulnerabilities. It is also used to crawl the site and then to enumerate all the input or the possible exploitation points, and then we try to exploit any blockings within OWASP Zap.
View full review »We use ZAP for penetration testing.
View full review »It's running on my system. I use it to scan URLs and can check things if I find something.
View full review »BS
Balaji Senthiappan
Assistant Vice President at Hexaware Technologies Limited
Currently, we build our products for the banking industry and use this solution in that process.
From a development cycle, we update the SQL injections that basically shows what a developer may have to address. Then, if there is still a problem, we're concerned at the architect level. That's at least initially reported by the customers when they do another round of review after we deliver our code.
View full review »EA
Eldar Aydayev
President & Owner at Aydayev's Investment Business Group
The solution has certain models. It allows the creation of a pipeline in respect of the interface or of certain content. It enables one to check that the security is as it should be.
VN
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
I focus on software application security. In most of the scenarios that we come across, the customers want complete assurance on security of their platforms/products/applications. Clients reach out to us for our abilities to unearth security issues.
I get to use these tools to assess products/platforms before they go live to the market.
View full review »OA
OluwatosinAina
Consultant with 1,001-5,000 employees
Our primary use case for this solution is for reviewing applications developed in-house to test for known vulnerabilities, and we deploy this product on-premises. Additionally, we use the solution to review some applications that were developed in-house and test for any general or known vulnerabilities before moving them to the production environment.
We use it for our security scanning for our applications.
View full review »We use the solution for security testing.
View full review »OWASP ZAP is a very useful, light tool for beginners to learn how to “spider” across websites. It is easy to configure and generate reports. There are other solutions for more mature, experienced security analysts and testers, who are capable of extending the coverage of a security assessment.
It is most frequently used to review HTTP methods, how are they constructed and if there is sensitive information in the traffic, such as how HTTPS certifications work on the website, scanning open ports visible via the web, and trying to modify HTTP methods to add or delete requests.
I have used OWASP ZAP as part of my portfolio of security tools since 2013.
PS
PiyushSharma
Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees
We are using this product at a very basic level to scan reports and then share them with the Dev team for any vulnerabilities. We use the open source version and we are end users.
VG
Vinod_Gupta
CEO and Founder at Indicrypt Systems
We primarily use this application for web application spidering and vulnerability assessment.
View full review »AP
reviewer981930
Security Consultant
Zap collects all the AJAX and Ambelo GS links. It pages in everything from a target. I'm a security consultant and we are customers of Zap.
View full review »VF
Vidar Folden
Consultant at Harald A. Møller AS
Our primary use case of this solution is to scan and check that the applications we put on the internet are safe and secure.
View full review »RK
RajKumar3
Business Analyst at Experion Technologies
I'm a business analyst and we're a customer of OWASP Zap.
View full review »CD
OwaspZ677
Senior Engineer at a aerospace/defense firm with 10,001+ employees
We only tried out the demo to see what the solution offers and how it performs overall business scanning. They also offer open-source projects.
View full review »AM
Anish Mishra
Team Lead at a tech services company with 51-200 employees
Security/penetration testing of a Java-based Web application which is served over a SaaS platform.
Zap has been integrated as one of the important tools in our QA cycle. All beta releases of our software go through Zap scanning. Custom reports are generated - they are pretty decent and standardized - and are submitted to upper management for auditing by a third-party.
DA
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It is a security tool. We use it for application testing.
View full review »RT
reviewer1487928
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
Currently, we deploy these tools to serve in a few of our services in the organization.
View full review »KP
Krystian Przybyl
Works at a computer software company with 1,001-5,000 employees
I tested this application for a bank and public projects. Now, I am testing products.
View full review »RS
Roshni Shinde
Software Engineer at a computer software company with 201-500 employees
We use OWASP Zap for web application security scanning.
View full review »SK
SivaK1
Automation Engineer at a tech services company with 1,001-5,000 employees
We use this product for vulnerability scanning and for testing. I'm an automation engineer.
View full review »JT
Jaromir Tesar
Embedded Software Engineer at Y Soft
Our primary use case is for scanning. We have Bamboo, Nexus and Artifactory and we are able to make snapshots. When we get a pull request we're able to make another snapshot and we compare the two snapshots together and can see what is new in the pull request. We can see which libraries are there and that enables us to see the vulnerabilities. I'm an embedded software engineer.
View full review »We primarily use this product for web application scanning.
View full review »RR
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
The use case was we needed to scan our website to find out what vulnerabilities were present.
We use it to scan the website, then take a report about what vulnerabilities are present on it. Next, we will manually verify those vulnerabilities for false positives.
Buyer's Guide
OWASP Zap
April 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.