2021-01-15T13:55:00Z

Is OWASP Zap better than PortSwigger Burp Suite Pro?

I would like to know if nowadays (2021) the license of Burp Suite Pro is worth the cost. Is it a good option to use OWASP Zap instead for testing security in web applications?

Guest
22 Answers
author avatar
Top 5LeaderboardReal User

Yes OWASP ZAP is a good option as it's an open source so always preferred but Burp Suite Pro  will give you more options, its one of the best tool to have for pentesters so defo worth it.

Reply Like (2)
2021-03-17T12:11:18Z
author avatar
Top 10Real User

@VishalDhamke Thanks for your reply, a personal opinion is always useful.

Reply Like (0)
2021-03-17T22:49:29Z
author avatar
Top 20Real User

First things first both are having their own merits, however in my personal experience ZAP can replace your burpsuite for sure considering the License. Also as the latest ZAP versions are covering more advanced techniques and spidering patterns with lots of options in it, it is worth considering ZAP. However remember that burpsuite from latest versions with inbuilt chromium and it's emerging plugin support (Installable jars) you can use burp to the fullest and you can keep it as a swiss knife for your web and app pentesting. Couple of extensions in burp pro are interesting especially the race condition one. I always prefer using Burp and at instances I go with ZAP.

Reply Like (2)
2021-03-15T15:13:04Z
author avatar
Top 10Real User

@Avinash-Kumar Thanks for your reply, a lot of info to make a decision.

Reply Like (0)
2021-03-17T22:48:54Z
Free Report: OWASP Zap vs. PortSwigger Burp Suite Professional
Find out what your peers are saying about OWASP Zap vs. PortSwigger Burp Suite Professional and other solutions. Updated: May 2021.
Download now
479,894 professionals have used our research since 2012.

Related Questions

Miriam Tover
Content Specialist
IT Central Station
Apr 14 2021
What do you like most about PortSwigger Burp Suite Professional?

Hi Everyone,

What do you like most about PortSwigger Burp Suite Professional?

Thanks for sharing your thoughts with the community!

See 23 Answers
Rony_Sklar
IT Central Station
Jan 13 2021
What are the threats associated with using ‘bogus’ cybersecurity tools?

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
See 11 Answers
Asked By
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
Real User
Top 10
Buyer's Guide
Download our free OWASP Zap Report and get advice and tips from experienced pros sharing their opinions.
Download Now