2021-01-15T13:55:00Z

Is OWASP Zap better than PortSwigger Burp Suite Pro?


I would like to know if nowadays (2021) the license of Burp Suite Pro is worth the cost. Is it a good option to use OWASP Zap instead for testing security in web applications?

Guest
22 Answers

author avatar
Top 5LeaderboardReal User

Yes OWASP ZAP is a good option as it's an open source so always preferred but Burp Suite Pro  will give you more options, its one of the best tool to have for pentesters so defo worth it.

2021-03-17T12:11:18Z
author avatar
Top 10Real User

@VishalDhamke Thanks for your reply, a personal opinion is always useful.

2021-03-17T22:49:29Z
author avatar
Top 20Real User

First things first both are having their own merits, however in my personal experience ZAP can replace your burpsuite for sure considering the License. Also as the latest ZAP versions are covering more advanced techniques and spidering patterns with lots of options in it, it is worth considering ZAP. However remember that burpsuite from latest versions with inbuilt chromium and it's emerging plugin support (Installable jars) you can use burp to the fullest and you can keep it as a swiss knife for your web and app pentesting. Couple of extensions in burp pro are interesting especially the race condition one. I always prefer using Burp and at instances I go with ZAP.

2021-03-15T15:13:04Z
author avatar
Top 10Real User

@Avinash-Kumar Thanks for your reply, a lot of info to make a decision.

2021-03-17T22:48:54Z
Find out what your peers are saying about OWASP Zap vs. PortSwigger Burp Suite Professional and other solutions. Updated: May 2021.
479,894 professionals have used our research since 2012.