OWASP Zap Reviews

Filter by:Reset all filters
industry
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
rating
Filter Unavailable
reviewer719781
Real User
User at a retailer with 1,001-5,000 employees
Aug 20 2017

What is most valuable?

The vulnerabilities that it finds, because the primary goal is to secure applications and websites.

How has it helped my organization?

When I checked the CVE and MITRE databases, that gives the latest attacks that are out there for a particular software, hardware and how to... more»

What needs improvement?

It's possibly just a limitation of the product itself but sometimes it won't scan a particular website so you have to manually go in and make... more»

Which other solutions did I evaluate??

I use a lot of different tools, the right tool for the job. Burp Suite, IBM Security AppScan, InMap, NIKTO, Wpscan. Depending on what you find,... more»

What other advice do I have??

If you're a company and you've got your own websites, internally and externally, it's great. It's a great free, open source tool to get your... more»
GustavoGonzalez
Real User
Program Manager at a manufacturing company with 1,001-5,000 employees
May 02 2018

What is most valuable?

* Interception of proxy traffic * Session comparisons * Port scanner * Fuzzing * Brute force * Cookie management

How has it helped my organization?

Using this tool, it helps enhance and speed the process of covering big applications with many functionalities. It... more»

What needs improvement?

I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same... more»

What's my experience with pricing, setup cost, and licensing??

OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate.

Which other solutions did I evaluate??

OWASP ZAP is one of the solutions that I use. For simple tasks, I use Fiddler. For other advanced techniques, I use the... more»

What other advice do I have??

This is a very mature tool. It is capable of facilitating the work of many security experts. I highly recommend it for... more»
Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing.
291,767 professionals have used our research since 2012.
Kim Carter
Real User
Technologist at a tech services company
Jul 24 2017

What is most valuable?

The API is exceptional.

How has it helped my organization?

I can provide examples of how OWASP Zed Attack Proxy.

What needs improvement?

The documentation is lacking and out-of-date, it really needs more love. This is a common scenario with developers... more»

What's my experience with pricing, setup cost, and licensing??

It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution... more»

Which other solutions did I evaluate??

I've used many HTTP intercepting proxies, ZAP is one of the few that has an excellent API to program against. Using ZAP... more»

What other advice do I have??

Don't re-implement it, just use it. It's an excellent solution, i.e., driven by committed and passionate security... more»
Anish Mishra
Real User
Team Lead at a tech services company with 51-200 employees
May 02 2018

What is most valuable?

Fuzzer and Java APIs help a lot with our custom needs.

How has it helped my organization?

We save a significant amount of money on third-party security auditing time. We are also able to minimize most of the security threats for our... more»

What needs improvement?

It would be nice to have a solid SQL injection engine built into Zap.

What's my experience with pricing, setup cost, and licensing??

As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out.

What other advice do I have??

I would rate it an eight out of 10, based on the usability and variety of features provided. It is highly customizable in terms of usability and... more»
Associa299191
Real User
Security Testing Engineer at a tech services company with 1,001-5,000 employees
Jul 29 2018

What is most valuable?

The community support that ZAP provides me. As an open source, it provides me flexibility and is convenient to use.

How has it helped my organization?

Every now and then, there is an update. They add new vulnerabilities to the scan list. That is where they just keep on improving.

What needs improvement?

As security evolves, we would like DevOps built into it. As of now, Zap does not provide this. I would like to have more vulnerabilities added to the scan list, because as of now,... more»

What other advice do I have??

The community edition updates services regularly. They add new vulnerabilities into the scanning list.
Krystian Przybyl
Real User
User
Apr 26 2018

What do you think of OWASP Zap?

Primary Use Case: I tested this application for a bank and public projects. Now, I am testing products. • Improvements to My Organization: It has improved my organization with faster security tests. • Valuable Features: Automatic scanner: It makes work easier.  I like the new solution, ZAP Browser Launch.  Automation script • Room for Improvement: The port scanner and Zap could not send a request several times, but this has been corrected. • Other Advice: It is a very good product. Though, the port scanner is a little too slow.

Articles

User Assessments By Topic About OWASP Zap

Find out what your peers are saying about OWASP , PortSwigger, Acunetix and others in Application Security Testing.
291,767 professionals have used our research since 2012.

OWASP Zap Questions

OWASP Zap Projects By Members

OWASP Zap Consultants

What is OWASP Zap?

Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

BUYER'S GUIDE
Not sure which Application Security Testing solution is right for you?

Download our free Application Security Testing Report and find out what your peers are saying about OWASP , PortSwigger, Acunetix, and more!

Sign Up with Email