OWASP Zap Questions

Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
Mar 17 2021

I would like to know if nowadays (2021) the license of Burp Suite Pro is worth the cost. Is it a good option to use OWASP Zap instead for testing security in web applications?

Avinash-KumarFirst things first both are having their own merits, however in my personal… more »
VishalDhamkeYes OWASP ZAP is a good option as it's an open source so always preferred but… more »
Miriam Tover
Content Specialist
IT Central Station
Feb 11 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station
Feb 11 2021

Hi Everyone,

What do you like most about OWASP Zap?

Thanks for sharing your thoughts with the community!

Miriam Tover
Content Specialist
IT Central Station
Feb 11 2021

Please share with the community what you think needs improvement with OWASP Zap.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover
Content Specialist
IT Central Station
Feb 11 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover
Content Specialist
IT Central Station
Feb 11 2021

If you were talking to someone whose organization is considering OWASP Zap, what would you say?

How would you rate it and why? Any other tips or advice?

Application Security Testing (AST) Questions
Charles Race
Manager of Data Processing at New York State Insurance Fund
Apr 26 2021

I'm choosing an Application Security Testing platform.

My use cases are as follows:

  • SAST
  • DAST
  • Component Scanning
  • Vulnerability auditing 
  • Mitigation

What product/solution would you recommend and why? 

Thomas RyanThe first thing you'd want to do is 1.Look at your application inventory to… more »
Raghavendra Rao PVI suggest go for a Secure SDLC approach by integrating security at each level of… more »
VishalDhamkeSAST - Veracode, goes well with integration DAST - Either Microfocus… more »
Rony_Sklar
IT Central Station

What are the different types of tools that should be used together in DevSecOps?

What are the specific tools that you like to use when working on your DevSecOps pipeline? 

What is essential, and what is a nice-to-have? 

Jeremy VaughanDepends on budget and the larger approach to security, compliance, and risk… more »
Rony_Sklar
IT Central Station
Mar 02 2021

Many companies wonder about whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?

Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
Thomas RyanThe easiest way to remember the role of each: SCA & SAST = Am I Vulnerable… more »
Rony_Sklar
IT Central Station

Which single application security tool provides the best overall protection?

Kangkan GoswamiThe best source to know the OWASP risks is the OWASP website. For top 10 risks… more »