OWASP Zap Room for Improvement
I can't recall any features that are lacking. In my role as a service provider, I only go up to standards defined by somebody else. So far, this solution has met their standards.
So far I've not come across a scenario where we had to do anything that's a major rework due to the fact that we didn't catch something soon enough in the queries that we are using.
It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.
Right now, I can't give it off to a team and expect them to give me a report that I'm happy with. I will give it to a team and they will have to have another person sit with them to make sure they have configured it right. Some kind of pre-designed templates, pre-designed guidelines, or patterns to compliment the tool would go a long way in helping us use the solution.
The reporting format could be improved. There is no output, it's cluttered and it's a very, very long report. It would be better if it were in PDF format with a short description, some findings, color coding, and easy to read. What we do now is analyze the HTML report and then rewrite our own shorter reports. I work for a Japanese company and they want the important information to show up. The reports do not really give us recommendations or the points where the vulnerability is coming from so I'd really like to see an improvement in the condition of reports. We should be able to call an API from somewhere and scan applications.
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
The technical support could be improved. It doesn't offer traditional technical support at all.
It would be a great improvement if they could include a marketplace to add extra features to the tool. It would make it more customizable and allow users to add more features as they like.
The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.
The product is somewhat complicated and could be improved by simplifying it because you don't want to have to allocate one person to maintain the solution full time. We'd like to be able to deploy it and have it work. Ideally we'd like to be able to get a pull request analysis and the analysis of repositories.
I think they could definitely work on a more simplified deployment. That would improve the product. The issues are not necessarily related to the solution but possibly connected to how it was initially set up.
Business Analyst at Experion Technologies
I'd like to be able to explore more and improvements could be made in that area because for now I'm only able to explore the manual testing feature. I'd also like to see an improvement in test reports because we get too many false positives.
Information Security Professional at a energy/utilities company with 1,001-5,000 employees
The documentation needs to be improved because I had to learn everything from watching YouTube videos.View full review »
Zap could improve by providing better reports for security and recommendations for the vulnerabilities. Additionally, they should allow more testing other than web applications, such as on the cloud and VMs.View full review »