2018-07-09T07:46:00Z

What advice do you have for others considering OWASP Zap?

Miriam Tover - PeerSpot reviewer
  • 0
  • 28
PeerSpot user
Get the report
Helped 765,386 peers since 2012
26

26 Answers

Rooshan Naeem - PeerSpot reviewer
Real User
Top 5
2024-01-26T07:29:00Z
Jan 26, 2024

Overall, i would rate the solution a seven out of ten.

Search for a product comparison
Mubarak Arimiyah - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-12-11T16:32:49Z
Dec 11, 2023

I rate the solution an eight out of ten.

NathanNV - PeerSpot reviewer
Real User
Top 10
2023-10-17T06:23:21Z
Oct 17, 2023

I would recommend the solution to my clients since it is a proven product. We have no issues with stability, scalability, and technical support. Overall, I rate the product an eight out of ten.

Saurabh_Srivastava - PeerSpot reviewer
Real User
Top 10
2023-05-23T10:05:32Z
May 23, 2023

I rate OWASP ZAP seven out of 10. It's an excellent penetration testing tool for developers. That scanning part is solid, but the integration with AWS and Azure pipelines could be better.

YK
Real User
Top 20
2023-05-04T09:25:00Z
May 4, 2023

I can recommend others to use the solution for a quick and easy introduction to dynamic testing. But for the more advanced solution and for users like myself who understand the application suite itself for others and any organization to use the commercial solution as a proxy. I rate the overall solution a seven out of ten.

NS
Real User
Top 5
2023-03-16T16:40:17Z
Mar 16, 2023

I am using the latest version. I usually download the latest version and then use it. Users need to read the documentation before starting. Users need to educate themselves before they start. I'd rate the solution seven out of ten.

Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
SK
Real User
Top 20
2022-10-31T18:37:08Z
Oct 31, 2022

It's worth exploring and learning the tool. It helps a lot to understand the vulnerabilities in the applications. I rate the solution eight out of 10.

OA
Consultant
Top 20
2022-09-19T18:01:12Z
Sep 19, 2022

I rate this solution a seven out of ten. The product is good, but the reporting process could be improved. I recommend this solution to people looking for a quick DAST application and a dynamic application security testing tool. Additionally, the solution is cost-effective.

AnkithKumar - PeerSpot reviewer
Real User
Top 10
2022-06-22T13:07:44Z
Jun 22, 2022

If you're a smaller organization, this tool is a great first choice as a starting point. It's quite usable. I rate this solution eight out of 10.

JoelGeorge - PeerSpot reviewer
Real User
Top 5
2022-04-25T09:36:38Z
Apr 25, 2022

My advice would be to not look at Zap as a one-stop-shop for all your results because Zap cannot do that. Zap is very good for a certain number of basic vulnerabilities or medium to high-level issues, but it can't go beyond that. You can use Zap along with another tool. If you're doing two or three levels of security testing, you can use Zap along with other tools. It is more of a learner tool. So, if you're using Zap, it would be best if you use it as a beginner in the field. Once you get into projects or work for people on their applications, you'll definitely end up needing something stronger. I would rate it a five out of ten.

AP
Real User
Top 5
2022-04-25T09:34:18Z
Apr 25, 2022

Whether this is a good solution depends on the use case. If an organization is looking for a professional license without putting down any money, this is one of the best solutions. I would rate this solution more highly if we were able to customize reports. For now, I rate this solution eight out of 10.

AG
Real User
2021-08-13T19:10:06Z
Aug 13, 2021

I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11. I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market. One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them. I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job. There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles. I would rate OWASP Zap a nine out of ten.

RS
Real User
2021-07-19T02:17:09Z
Jul 19, 2021

I rate OWASP Zap a six out of ten.

EA
Real User
2021-06-16T14:05:43Z
Jun 16, 2021

I used the source code design for the deployment. I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. I rate OWASP Zap as a six out of ten.

PS
Real User
2021-04-06T13:58:13Z
Apr 6, 2021

If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that. I rate this solution a six out of 10.

RT
Real User
2021-02-11T05:01:31Z
Feb 11, 2021

We are a customer and end-user of the product. There's lots of information online for users who are curious to learn more about the product. In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.

BS
Real User
2020-11-12T08:21:07Z
Nov 12, 2020

We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are. There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company. Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.

EricIgbinosun - PeerSpot reviewer
Real User
2020-07-16T06:21:08Z
Jul 16, 2020

This is a good product where most of the functionality is free, which is why I recommend that others use it. I would rate this solution a seven out of ten.

RK
Real User
2020-07-05T09:38:09Z
Jul 5, 2020

I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. I would rate this solution a seven out of 10.

JT
Real User
2020-05-05T06:08:30Z
May 5, 2020

I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance. I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.

VG
Real User
2019-06-24T12:13:00Z
Jun 24, 2019

I would recommend that you should go through the documentation really well. That's it. I would rate this product 8 out of 10.

AC
Real User
2019-06-24T12:13:00Z
Jun 24, 2019

I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.

CD
Real User
2019-06-23T09:40:00Z
Jun 23, 2019

I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.

VN
Real User
2019-06-19T05:02:00Z
Jun 19, 2019

When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online. There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool. In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten.

VF
Consultant
2019-02-05T07:16:00Z
Feb 5, 2019

I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs. I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.

RR
Real User
2018-07-09T07:46:00Z
Jul 9, 2018

The community edition updates services regularly. They add new vulnerabilities into the scanning list.

OWASP Zap is a free and open-source web application security scanner.  The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.  With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.
Download OWASP Zap ReportRead more