OWASP Zap Pros and Cons

OWASP Zap Pros

Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.
View full review »
Vidar Folden
Consultant at Moller
This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.
View full review »
Jaromir Tesar
Embedded Software Engineer at Y Soft
Automatic updates and pull request analysis.
View full review »
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: June 2020.
425,604 professionals have used our research since 2012.
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
The community edition updates services regularly. They add new vulnerabilities into the scanning list.
View full review »
Manager677
Senior Manager at a marketing services firm with 10,001+ employees
The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.
View full review »
OwaspZ677
Senior Engineer at a aerospace/defense firm with 10,001+ employees
The scalability of this product is very good.
View full review »
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It can be used effectively for internal auditing.
View full review »

OWASP Zap Cons

Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
There's very little documentation that comes with OWASP Zap.
View full review »
Vidar Folden
Consultant at Moller
If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning.
View full review »
Jaromir Tesar
Embedded Software Engineer at Y Soft
Deployment is somewhat complicated.
View full review »
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: June 2020.
425,604 professionals have used our research since 2012.
Vinod_Gupta
CEO and Founder at Indicrypt Systems
The automated vulnerability assessments that the application performs needs to be simplified as well as diversified.
View full review »
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.
View full review »
Manager677
Senior Manager at a marketing services firm with 10,001+ employees
I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help.
View full review »
OwaspZ677
Senior Engineer at a aerospace/defense firm with 10,001+ employees
I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers.
View full review »
Dittin A
Staff Scientist/Senior Tech. Officer at a tech vendor with 501-1,000 employees
It needs more robust reporting tools.
View full review »
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: June 2020.
425,604 professionals have used our research since 2012.