OWASP Zap Pros and Cons

OWASP Zap Pros

Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.
View full review »
Vidar Folden
Consultant at Moller
This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.
View full review »
GustavoGonzalez
Program Manager at a manufacturing company with 1,001-5,000 employees
It scans while you navigate, then you can save the requests performed and work with them later.
View full review »
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: October 2019.
370,827 professionals have used our research since 2012.
Anish Mishra
Team Lead at a tech services company with 51-200 employees
Fuzzer and Java APIs help a lot with our custom needs.
View full review »
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
The community edition updates services regularly. They add new vulnerabilities into the scanning list.
View full review »
Manager677
Senior Manager at a marketing services firm with 10,001+ employees
The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.
View full review »
OwaspZ677
Senior Engineer at a aerospace/defense firm with 10,001+ employees
The scalability of this product is very good.
View full review »
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It can be used effectively for internal auditing.
View full review »
Krystian Przybyl
User
​It has improved my organization with faster security tests.​
View full review »

OWASP Zap Cons

Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
There's very little documentation that comes with OWASP Zap.
View full review »
Vidar Folden
Consultant at Moller
If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning.
View full review »
GustavoGonzalez
Program Manager at a manufacturing company with 1,001-5,000 employees
I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word ​list, or manually created.
View full review »
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: October 2019.
370,827 professionals have used our research since 2012.
Anish Mishra
Team Lead at a tech services company with 51-200 employees
It would be nice to have a solid SQL injection engine built into Zap.
View full review »
Vinod_Gupta
CEO and Founder at Indicrypt Systems
The automated vulnerability assessments that the application performs needs to be simplified as well as diversified.
View full review »
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.
View full review »
Manager677
Senior Manager at a marketing services firm with 10,001+ employees
I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help.
View full review »
OwaspZ677
Senior Engineer at a aerospace/defense firm with 10,001+ employees
I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers.
View full review »
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It needs more robust reporting tools.
View full review »
Krystian Przybyl
User
The port scanner is a little too slow.​
View full review »
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: October 2019.
370,827 professionals have used our research since 2012.
Sign Up with Email