2018-03-12 10:20:00 UTC

Which Would You Recommend To Your Boss, OWASP Zap or PortSwigger Burp?


One of the most popular comparisons on IT Central Station is OWASP Zap vs PortSwigger Burp?

https://www.itcentralstation.com/products/comparisons/owasp-zap_vs_portswigger-burp?tid=il-q

Which of these two solutions would you recommend for Application Security Testing and why?

Thanks!

--Rhea

Guest
44 Answers
Real UserTOP 5

Both have very powerful abilities. ZAP can be an advantage for free, but Burp's free version will work similarly. As someone who uses both, depending on the circumstances, one can be preferred to the other.

2018-03-15 05:49:42 UTC15 March 18
Real UserTOP 5LEADERBOARD

I’ll have to ask my community. I have had just passing experience with PortSwaggler and I know OWASP has a list of website security best dev
practices to avoid Xsite scripting and other vulnerabilities.

MicroFocus just did a demo with me on their product Fortify. It runs static and dynamic code analysis using OWASP recommendations, in about 16
programming languages, including VBScript. They do not have integration with ALM yet.

2018-03-15 12:40:18 UTC15 March 18
User

We use Rapid 7 for our dynamic testing. I do not have experience with the two below even though I went to a talk on Zap week ago and the person did warn this was not a tool to be using on production system since it would be putting some data in the database as part of its attacks so needed to be done in a test environment.

2018-03-14 19:27:02 UTC14 March 18
User

I wasn’t aware of OWASP ZAP and we are using PortSwigger Burp in our software development company, so I would recommend Burp, but I’m already downloading OWAPS ZAP and will evaluate it to see the advantages/disadvantages.

2018-03-14 13:34:33 UTC14 March 18
Find out what your peers are saying about OWASP Zap vs. PortSwigger Burp and other solutions. Updated: November 2019.
377,828 professionals have used our research since 2012.
Sign Up with Email