We performed a comparison between Fortify Software Security Center and OWASP Zap based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."You can easily download the tool's rule packs and update them."
"This is a stable solution at the end of the day."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"Fuzzer and Java APIs help a lot with our custom needs."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"It can be used effectively for internal auditing."
"Automatic updates and pull request analysis."
"It scans while you navigate, then you can save the requests performed and work with them later."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"It updates repositories and libraries quickly."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"We are having issues with false positives that need to be resolved."
"Fortify Software Security Center's setup is really painful."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The forced browse has been incorporated into the program and it is resource-intensive."
"There's very little documentation that comes with OWASP Zap."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"Sometimes, we get some false positives."
"Lacks resources where users can internally access a learning module from the tool."
"Reporting format has no output, is cluttered and very long."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Application Security Testing (AST) with 3 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Fortify Software Security Center is rated 7.4, while OWASP Zap is rated 7.6. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca, Fortify WebInspect and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.