OWASP Zap Valuable Features
NS
reviewer1753959
Cyber Security Engineer at a transportation company with 10,001+ employees
We like the functionality.
It's great that we can use it with Portswigger Burp.
There is a good community surrounding the solution.
The initial setup is easy.
It's stable and reliable.
The solution can scale.
View full review »The most beneficial thing is that the solution is open-source, so there is no cost involved. It's useful for beginners who are looking to learn about penetration testing.
View full review »PN
FA9
Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
The best part for me is that OWASP Zap provides several features, and it's absolutely free because it's open source. Unlike commercial web scanners that have strict feature limits in their free versions, OWASP Zap is open source, and we can scan freely. We can fuzz and do the scanning indefinitely.
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult.
The automatic scan will get blocked, or the IP will be blocked. But with the Zap HUD, we can manually explore the website without being blocked by the web application firewall.
Buyer's Guide
OWASP Zap
April 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,246 professionals have used our research since 2012.
It is a good solution. We get good feedback about the product from our clients. The product helps users to scan and fix vulnerabilities in the pipeline.
View full review »DD
Delmain Deyzel
Cloud Solutions Architect at TANGENT SOLUTIONS
The ZAP scan and code crawler are valuable features. It is automated in the DevOps pipeline. The scans are run automatically if a new project is set up and merged into the development branch. It makes our detection process easier. There are long-term benefits because we are not fixing it after we've developed. We are fixing it while we develop.
View full review »AG
Alan Gallagher
CEO at Virtual Security International
It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
It comes up in your browser and you have control of the program while you are on the website, in your browser. Everything that you can do in the program, you can do from your browser on the fly. It is similar to a targeted attack. You can see what you are doing.
It's a Java program installed on your computer.
View full review »The report design is very useful. The explanation is very clear. It also provides additional solutions and plugins. The product discovers more vulnerabilities compared to other tools. It might have additional plugins and features for testing.
View full review »YK
Yudhistiro Kusumonegoro
Security Officer at UnDisclosed
I think the automation feature is the one I used the most in the tool. For the crawling and enumeration one and the feature, we can manipulate the insides of the response. So, we can manipulate web responses and use them to test a certain website's security.
View full review »Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.
ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube.
View full review »There's a way to set up jobs where you can get it to run all the processes against the target to avoid doing so manually. You can run it against multiple targets.
It is easy to set up.
The solution is stable.
View full review »BS
Balaji Senthiappan
Assistant Vice President at Hexaware Technologies Limited
The solution is good at reporting the vulnerabilities of the application.
It can help us with security, SQL injection vulnerability, known vulnerabilities, et cetera. Any kind of a threat that we get in the development cycle, is what we will look for. This solution helps us find them.
View full review »EA
Eldar Aydayev
President & Owner at Aydayev's Investment Business Group
The solution enables a person to add the certificate and check the queries, to see if there are any that are undefined. This way, a person can have a list of the types of queries and can trace them.
View full review »VN
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool and at the same time give a comprehensive report with great confidence to the client for helping them in their go-live decision. In terms of technical supremacy, I would put PortSwigger's Burp Suite ahead in terms of the ease with which I can retry the request with different combinations or conduct different attacks.
OA
OluwatosinAina
Consultant with 1,001-5,000 employees
The most valuable feature is scanning the URL to drill down all the different sites and features embedded within the URL, like the crawler and the Spy Dream.
View full review »The application scanning feature is the most valuable feature.
View full review »The vulnerabilities that it finds, because the primary goal is to secure applications and websites.
View full review »- Interception of proxy traffic
- Session comparisons
- Port scanner
- Fuzzing
- Brute force
- Cookie management
PS
PiyushSharma
Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees
The automatic scanning is a valuable feature and very easy. The major advantage to this solution is the privacy it offers. We are able to achieve our objectives to some extent, but only for non-business critical applications.
View full review »VG
Vinod_Gupta
CEO and Founder at Indicrypt Systems
The most valuable feature is the spidering because, being a security person, it is very important for me to know each and every section of that application, so we cannot afford to miss any single web page or any single link on a particular website. The spidering mechanism is very good.
View full review »AP
reviewer981930
Security Consultant
Zap is an open-source and sophisticated product. It not only saves us money but also provides us with a good amount of information. In terms of testing and attack simulations, it's pretty good. It updates its repositories and libraries pretty quickly.
VF
Vidar Folden
Consultant at Harald A. Møller AS
Automatic scanning after a manual walkthrough is the most valuable feature.
View full review »RK
RajKumar3
Business Analyst at Experion Technologies
The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.
AM
Anish Mishra
Team Lead at a tech services company with 51-200 employees
Fuzzer and Java APIs help a lot with our custom needs.
View full review »AC
Manager677
Senior Manager at a marketing services firm with 10,001+ employees
The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.
View full review »RT
reviewer1487928
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
The solution is very easy to use.
The initial setup is straightforward.
The solution is free due to the fact that it is open-source.
The stability of the solution is very good.
The product has a strong community surrounding it to help with issues and troubleshooting.
View full review »KP
Krystian Przybyl
Works at a computer software company with 1,001-5,000 employees
- Automatic scanner: It makes work easier.
- I like the new solution, ZAP Browser Launch.
- Automation script
The API is exceptional.
View full review »RS
Roshni Shinde
Software Engineer at a computer software company with 201-500 employees
They offer free access to some other tools.
View full review »SK
SivaK1
Automation Engineer at a tech services company with 1,001-5,000 employees
The HUD, Heads Up Display, is a good feature. It provides on-site testing and saves a lot of time.
JT
Jaromir Tesar
Embedded Software Engineer at Y Soft
I would say that the automatic update is a very valuable feature because we are able to update our internal data base. The pull request analysis is also very good.
SB
Saraswathi B
Test Automation Project Lead at a tech services company with 1,001-5,000 employees
- Very good open source security tool supporting the top 10 vulnerabilities (Injections, Session Management, XSS, Authentication, Authorization, etc.).
- Simple and easy to learn and master.
- Good online product documentation.
- Built in features include: Intercepting proxy, Plug and Hack support, Automated scanning, Passing scan, Fuzzer, Traditional and Ajax Crawling and Web Socket support and so on.
- Detailed reporting mechanism.
- The tool has been translated in 25 different languages.
- Can be executed through GUI, command line and also in Daemon mode with the help of REST API.
- Very good API support for automating security tests.
- Supports multiple platforms like Mac, Linux and Windows.
- It's easy to create add-ons and extensions to scale up the features of the tool.
The interface is easy to use.
View full review »RR
Associa299191
Security Testing Engineer at a tech services company with 1,001-5,000 employees
The community support that ZAP provides me. As an open source, it provides me flexibility and is convenient to use.
View full review »Buyer's Guide
OWASP Zap
April 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,246 professionals have used our research since 2012.