We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"Picks up weaknesses in our app setups."
"The solution is highly stable."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"Our developers can run the attacks directly from their environments, desktops."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"You can run it against multiple targets."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The solution is good at reporting the vulnerabilities of the application."
"The product discovers more vulnerabilities compared to other tools."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The pricing is a bit on the higher side."
"While we do have it integrated with other solutions, it could still offer more integrations."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"The solution's pricing could be better."
"Acunetix needs to include agent analysis."
"The product reporting could be improved."
"It doesn't run on absolutely every operating system."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"Deployment is somewhat complicated."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"Reporting format has no output, is cluttered and very long."
"The reporting feature could be more descriptive."
"There isn't too much information about it online."
Acunetix is ranked 11th in Application Security Testing (AST) with 26 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Veracode and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.