I primarily use the solution for different use cases. It's good for analysis. It also offers additional extensions you can take advantage of. There are different scan extensions you can leverage. 

I use this solution to test applications; web applications, web APIs, and infrastructure. For the web APIs and applications, I use OWASP Zap for interpreting requests and responses, and to see how the application behaves to resist payloads. This is one of the basic applications for us to automate and test. We are customers of OWASP Zap and I'm an application security consultant.

I use it for vulnerability scanning. It has automatic methods. It's great.

We use the solution for scanning pipelines.

I use the solution to follow the framework and help my developers develop apps securely from the ground up with the right practices in mind. As part of the DevOps process, we use the tool to scan and see if the web apps are vulnerable. We integrated the tool into our development life cycle for security testing in our DevOps pipeline. We use the tool to spider and test the website.

I use this solution for penetration tests.

We use the product to ensure that our source code is safe enough and has no vulnerabilities before delivering a new release for our AML product. We also used the product for dynamic testing to test applications as a black box.

OWASP Zap is used for dynamic testing. So when any kind of application, like, a web application, needs to be tested for its security and vulnerabilities. It is also used to crawl the site and then to enumerate all the input or the possible exploitation points, and then we try to exploit any blockings within OWASP Zap.

We use ZAP for penetration testing. 

It's running on my system. I use it to scan URLs and can check things if I find something. 

Currently, we build our products for the banking industry and use this solution in that process.

From a development cycle, we update the SQL injections that basically shows what a developer may have to address. Then, if there is still a problem, we're concerned at the architect level. That's at least initially reported by the customers when they do another round of review after we deliver our code. 

The solution has certain models. It allows the creation of a pipeline in respect of the interface or of certain content. It enables one to check that the security is as it should be. 

I focus on software application security. In most of the scenarios that we come across, the customers want complete assurance on security of their platforms/products/applications. Clients reach out to us for our abilities to unearth security issues.

I get to use these tools to assess products/platforms before they go live to the market.

Our primary use case for this solution is for reviewing applications developed in-house to test for known vulnerabilities, and we deploy this product on-premises. Additionally, we use the solution to review some applications that were developed in-house and test for any general or known vulnerabilities before moving them to the production environment.

We use it for our security scanning for our applications. 

We use the solution for security testing. 

OWASP ZAP is a very useful, light tool for beginners to learn how to “spider” across websites. It is easy to configure and generate reports. There are other solutions for more mature, experienced security analysts and testers, who are capable of extending the coverage of a security assessment.

It is most frequently used to review HTTP methods, how are they constructed and if there is sensitive information in the traffic, such as how HTTPS certifications work on the website, scanning open ports visible via the web, and trying to modify HTTP methods to add or delete requests.

I have used OWASP ZAP as part of my portfolio of security tools since 2013.

We are using this product at a very basic level to scan reports and then share them with the Dev team for any vulnerabilities. We use the open source version and we are end users. 

We primarily use this application for web application spidering and vulnerability assessment.

Zap collects all the AJAX and Ambelo GS links. It pages in everything from a target. I'm a security consultant and we are customers of Zap. 

Our primary use case of this solution is to scan and check that the applications we put on the internet are safe and secure.

I'm a business analyst and we're a customer of OWASP Zap. 

We only tried out the demo to see what the solution offers and how it performs overall business scanning. They also offer open-source projects.

Security/penetration testing of a Java-based Web application which is served over a SaaS platform.

Zap has been integrated as one of the important tools in our QA cycle. All beta releases of our software go through Zap scanning. Custom reports are generated - they are pretty decent and standardized - and are submitted to upper management for auditing by a third-party.

It is a security tool. We use it for application testing. 

Currently, we deploy these tools to serve in a few of our services in the organization.

I tested this application for a bank and public projects. Now, I am testing products.

We use OWASP Zap for web application security scanning.

We use this product for vulnerability scanning and for testing. I'm an automation engineer. 

Our primary use case is for scanning. We have Bamboo, Nexus and Artifactory and we are able to make snapshots. When we get a pull request we're able to make another snapshot and we compare the two snapshots together and can see what is new in the pull request. We can see which libraries are there and that enables us to see the vulnerabilities. I'm an embedded software engineer.

We primarily use this product for web application scanning.

The use case was we needed to scan our website to find out what vulnerabilities were present.

We use it to scan the website, then take a report about what vulnerabilities are present on it. Next, we will manually verify those vulnerabilities for false positives.