2018-07-09T07:46:00Z

What advice do you have for others considering OWASP Zap?


If you were talking to someone whose organization is considering OWASP Zap, what would you say?

How would you rate it and why? Any other tips or advice?

Guest
77 Answers

author avatar
Top 5Real User

I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance. I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.

2020-05-05T06:08:30Z
author avatar
Top 20Real User

I would recommend that you should go through the documentation really well. That's it. I would rate this product 8 out of 10.

2019-06-24T12:13:00Z
author avatar
Real User

I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.

2019-06-24T12:13:00Z
author avatar
Vendor

I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.

2019-06-23T09:40:00Z
author avatar
Top 5LeaderboardReal User

When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online. There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool. In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten.

2019-06-19T05:02:00Z
author avatar
Top 20Consultant

I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs. I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.

2019-02-05T07:16:00Z
author avatar
Real User

The community edition updates services regularly. They add new vulnerabilities into the scanning list.

2018-07-09T07:46:00Z
Find out what your peers are saying about OWASP, PortSwigger, Acunetix and others in Application Security Testing (AST). Updated: September 2020.
441,672 professionals have used our research since 2012.