We performed a comparison between Checkmarx and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature for me is the Jenkins Plugin."
"The SAST component was absolutely 100% stable."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"It has all the features we need."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"We use the solution for dynamic application testing."
"The solution is scalable."
"The stability of the solution is very good."
"The API is exceptional."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"Automatic updates and pull request analysis."
"Automatic scanning is a valuable feature and very easy to use."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Implementing a blackout time for any user or teams: Needs improvement."
"The solution sometimes reports a false auditable code or false positive."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx needs to be more scalable for large enterprise companies."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"OWASP Zap needs to extend to mobile application testing."
"The product should allow users to customize the report based on their needs."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"There's very little documentation that comes with OWASP Zap."
"The solution is unable to customize reports."
"It needs more robust reporting tools."
Checkmarx is ranked 3rd in Application Security Testing (AST) with 67 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews. Checkmarx is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and SonarCloud, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and Fortify WebInspect. See our Checkmarx vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.