OWASP Zap Pros and Cons

OWASP Zap Pros

reviewer719781
User at a retailer with 1,001-5,000 employees
The vulnerabilities that it finds, because the primary goal is to secure applications and websites.
View full review »
Vidar Folden
Consultant at Moller
This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.
View full review »
GustavoGonzalez
Program Manager at a manufacturing company with 1,001-5,000 employees
It scans while you navigate, then you can save the requests performed and work with them later.
View full review »
Kim Carter
Technologist at a tech services company
The API is exceptional.
View full review »
Anish Mishra
Team Lead at a tech services company with 51-200 employees
Fuzzer and Java APIs help a lot with our custom needs.
View full review »
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
The community edition updates services regularly. They add new vulnerabilities into the scanning list.
View full review »
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It can be used effectively for internal auditing.
View full review »
Krystian Przybyl
User
​It has improved my organization with faster security tests.​
View full review »

OWASP Zap Cons

reviewer719781
User at a retailer with 1,001-5,000 employees
It doesn't run on absolutely every operating system.
View full review »
Vidar Folden
Consultant at Moller
If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning.
View full review »
GustavoGonzalez
Program Manager at a manufacturing company with 1,001-5,000 employees
I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word ​list, or manually created.
View full review »
Kim Carter
Technologist at a tech services company
The documentation is lacking and out-of-date, it really needs more love.
View full review »
Anish Mishra
Team Lead at a tech services company with 51-200 employees
It would be nice to have a solid SQL injection engine built into Zap.
View full review »
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.
View full review »
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It needs more robust reporting tools.
View full review »
Krystian Przybyl
User
The port scanner is a little too slow.​
View full review »

Sign Up with Email