We just raised a $30M Series A: Read our story
2018-07-09T07:46:00Z

What advice do you have for others considering OWASP Zap?

6

If you were talking to someone whose organization is considering OWASP Zap, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
1515 Answers

author avatar
Top 20Real User

I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11. I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market. One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them. I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job. There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles. I would rate OWASP Zap a nine out of ten.

2021-08-13T19:10:06Z
author avatar
Top 20Real User

I rate OWASP Zap a six out of ten.

2021-07-19T02:17:09Z
author avatar
Top 10LeaderboardReal User

I used the source code design for the deployment. I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. I rate OWASP Zap as a six out of ten.

2021-06-16T14:05:43Z
author avatar
Top 20Real User

If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that. I rate this solution a six out of 10.

2021-04-06T13:58:13Z
author avatar
Top 20Real User

We are a customer and end-user of the product. There's lots of information online for users who are curious to learn more about the product. In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.

2021-02-11T05:01:31Z
author avatar
Top 20Real User

We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are. There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company. Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.

2020-11-12T08:21:07Z
author avatar
Top 20Real User

This is a good product where most of the functionality is free, which is why I recommend that others use it. I would rate this solution a seven out of ten.

2020-07-16T06:21:08Z
author avatar
Real User

I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. I would rate this solution a seven out of 10.

2020-07-05T09:38:09Z
author avatar
Top 20Real User

I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance. I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.

2020-05-05T06:08:30Z
author avatar
Real User

I would recommend that you should go through the documentation really well. That's it. I would rate this product 8 out of 10.

2019-06-24T12:13:00Z
author avatar
Real User

I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.

2019-06-24T12:13:00Z
author avatar
Vendor

I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.

2019-06-23T09:40:00Z
author avatar
Real User

When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online. There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool. In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten.

2019-06-19T05:02:00Z
author avatar
Consultant

I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs. I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.

2019-02-05T07:16:00Z
author avatar
Real User

The community edition updates services regularly. They add new vulnerabilities into the scanning list.

2018-07-09T07:46:00Z
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
555,358 professionals have used our research since 2012.