"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"Picks up weaknesses in our app setups."
"I haven't seen reporting of that level in any other tool."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"The usability and overall scan results are good."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"Overall, it's a very good tool and a very good engine."
"They offer free access to some other tools."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"Simple to use, good user interface."
"Automatic scanning is a valuable feature and very easy to use."
"The solution is good at reporting the vulnerabilities of the application."
"The interface is easy to use."
"The stability of the solution is very good."
"The solution is scalable."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Currently only supports web scanning."
"The pricing is a bit on the higher side."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"The vulnerability identification speed should be improved."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"The forced browse has been incorporated into the program and it is resource-intensive."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Reporting format has no output, is cluttered and very long."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"Too many false positives; test reports could be improved."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
OWASP ZAP (Zed Attack Proxy) is a free, open-source web application security scanner that enables software developers and testers to perform penetration testing on their applications to discover vulnerabilities and prevent hostile attacks. To date, it is one of the most searched Open Web Application Security Project (OWASP) projects, and an international group of volunteers is maintaining it. This tool is both flexible and extensible and is intended to be used by users who are new to application security as well as expert testers. For the users' convenience, OWASP ZAP has versions for each major OS and Docker platform so as not to rely on any single OS.
OWASP ZAP focuses on being the “middle man proxy,” as it is positioned between the user’s browser and the web application. In doing so, it will intercept and examine messages that are sent between a browser and a web application. If needed, it will adjust the contents and pass those packets on to their destination. As is the case in many corporate settings, if there is already another network proxy in use, ZAP can be configured to join that proxy. A variety of add-ons for further functionality is available on ZAP Marketplace.
OWASP ZAP offers a range of security automation options, including:
Benefits of OWASP ZAP
Some of OWASP ZAP’s benefits include:
Reviews from Real Users
OWASP ZAP stands out among its competitors for a number of reasons. Among them are the solution’s automatic scanning feature, its ease of use, its ability to report vulnerabilities, and its being a free open-source solution..
PeerSpot user Piyush S., Technical Specialist (DevOps), notes that "Automatic scanning is a valuable feature and very easy to use. The initial setup is straightforward. The solution is free due to the fact that it is open-source. The product has a strong community surrounding it to help with issues and troubleshooting. The stability of the solution is very good."
Raj K., Business Analyst at Experion Technologies, notes, “The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.”
Balaji S., Assistant Vice President at Hexaware Technologies Limited, writes, “The solution is good at reporting the vulnerabilities of the application. It can help us with security, SQL injection vulnerability, known vulnerabilities, et cetera. Any kind of a threat that we get in the development cycle, is what we will look for. This solution helps us find them.
Many users like how the solution has improved over the years. As Alan G., CEO at Virtual Security International, notes, "It has evolved over the years, and recently in the last year they have added HUD (Heads Up Display)."
Acunetix is ranked 9th in Application Security Testing (AST) with 8 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 10 reviews. Acunetix is rated 7.4, while OWASP Zap is rated 7.0. The top reviewer of Acunetix writes "We are getting notably fewer false positives than previously, but reporting output needs to be simplified". On the other hand, the top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". Acunetix is most compared with PortSwigger Burp Suite Professional, Veracode, Invicti, Fortify WebInspect and SonarQube, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Qualys Web Application Scanning, Fortify WebInspect and Invicti. See our Acunetix vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.