Which Would You Recommend To Your Boss, OWASP Zap or PortSwigger Burp?

Both have very powerful abilities. ZAP can be an advantage for free, but Burp's free version will work similarly. As someone who uses both, depending on the circumstances, one can be preferred to the other.

I’ll have to ask my community. I have had just passing experience with PortSwaggler and I know OWASP has a list of website security best dev
practices to avoid Xsite scripting and other vulnerabilities.

MicroFocus just did a demo with me on their product Fortify. It runs static and dynamic code analysis using OWASP recommendations, in about 16
programming languages, including VBScript. They do not have integration with ALM yet.

We use Rapid 7 for our dynamic testing. I do not have experience with the two below even though I went to a talk on Zap week ago and the person did warn this was not a tool to be using on production system since it would be putting some data in the database as part of its attacks so needed to be done in a test environment.

I wasn’t aware of OWASP ZAP and we are using PortSwigger Burp in our software development company, so I would recommend Burp, but I’m already downloading OWAPS ZAP and will evaluate it to see the advantages/disadvantages.