Try our new research platform with insights from 80,000+ expert users

Fortify Software Security Center vs OWASP Zap comparison

OpenText and OWASP are both solutions in the Static Application Security Testing (SAST) category. OpenText is ranked #26 with an average rating of 8.3, while OWASP is ranked #11 with an average rating of 7.7. OpenText holds a 0.4% mindshare in SAST, compared to OWASP’s 4.7% mindshare. Additionally, 100% of OpenText users are willing to recommend the solution, compared to 88% of OWASP users who would recommend it.
Fortify Software Security C...
Read 6 Fortify Software Security Center reviews
  • 437 Views
  • 319 Comparison Views
100% willing to recommend
OWASP Zap
Read 40 OWASP Zap reviews
  • 11,136 Views
  • 6,104 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Fortify Software Security Center and OWASP Zap compete in the security domain. Fortify appears to have an upper hand in support and pricing, while OWASP Zap is preferred for its features.

Features: Fortify Software Security Center offers comprehensive security testing capabilities, strong integration with enterprise systems, and extensive reporting tools. In contrast, OWASP Zap provides open-source accessibility, broad vulnerability finding, and adaptive customization options. Fortify is noted for its robust security, whereas Zap is highlighted for its flexibility and coverage.

Room for Improvement: Fortify users seek faster scanning, improved user-friendliness, and more intuitive interfaces. OWASP Zap users desire a richer feature set, better fit for complex environments, and enhanced usability features. Fortify focuses on optimizing technical performance, while OWASP Zap aims to broaden its functionality scope and enrich its toolset.

Ease of Deployment and Customer Service: Fortify Software Security Center is known for its professional support services but faces challenges with deployment complexity. OWASP Zap offers simpler deployment but lacks dedicated support, relying on community assistance. Fortify emphasizes a structured support system, whereas Zap provides easy startup without extensive guidance.

Pricing and ROI: Fortify Software Security Center involves higher upfront costs, with users reporting favorable ROI due to comprehensive security assurance. OWASP Zap attracts with a cost-effective model, offering satisfactory returns through minimal initial expenditure and open-source advantages. Fortify's ROI is linked to its extensive features, while Zap offers value through cost efficiency.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Fortify Software Security Center vs. OWASP Zap Report (Updated: April 2025).
Buyer's Guide
Fortify Software Security Center vs. OWASP Zap
April 2025
Download the complete report
Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortify Software Security C...
Ranking in Static Application Security Testing (SAST)
26th
Average Rating
7.8
Reviews Sentiment
8.3
Number of Reviews
6
Ranking in other categories
No ranking in other categories
OWASP Zap
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.6
Reviews Sentiment
7.3
Number of Reviews
40
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of May 2025, in the Static Application Security Testing (SAST) category, the mindshare of Fortify Software Security Center is 0.4%, up from 0.2% compared to the previous year. The mindshare of OWASP Zap is 4.7%, down from 5.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Jonathan Steyn - PeerSpot reviewer
Comprehensive vulnerability analysis and customization features with decent pricing
Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances. WebInspect supports a number of APIs and web endpoints. I find its feature of macro recording allows for testing vulnerabilities during multi-factor authentication sessions very valuable. I appreciate the ability to further analyze data with tools like Audit Workbench.
Read full review
Amit Beniwal - PeerSpot reviewer
Simplifies vulnerability discovery and has high quality support
There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores. Sometimes, a vulnerability initially categorized as high severity may be reduced to medium or low over time after security patches are applied. This alignment with the present severity score and CVSS score could be improved.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like the explanation of issues provided by Fortify Software Security Center."
"You can easily download the tool's rule packs and update them."
"This is a stable solution at the end of the day."
"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."
"Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances."
"The overall rating for this tool is ten out of ten."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"The scalability of this product is very good."
"The API is exceptional."
"One valuable feature of OWASP Zap is that it is simple to use."
"The stability of the solution is very good."
"We use the solution for security testing."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The most valuable feature is scanning the URL to drill down all the different sites."
More OWASP Zap pros
 

Cons

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."
"Fortify Software Security Center's setup is really painful."
"We are having issues with false positives that need to be resolved."
"Improvements needed for Software Security Center include better aggregation views of datasets."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"I am not satisfied with the percentage of false positives, which is around eighteen percent."
"Improvements needed for Software Security Center include better aggregation views of datasets."
"OWASP should work on reducing false positives by using AI and ML algorithms. They should expand their capabilities for broader coverage of business logic flaws and complex issues."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"There are too many false positives."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"It doesn't run on absolutely every operating system."
"Sometimes, we get some false positives."
More OWASP Zap cons
 

Pricing and Cost Advice

"The solution is priced fair."
"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."
"This is a costly solution that could be cheaper."
"This is an open-source solution and can be used free of charge."
"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
"This app is completely free and open source. So there is no question about any pricing."
"We have used the freeware version. I believe Zap only has freeware."
"It is open source, and we can scan freely."
"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
"The tool is open source."
"It is highly recommended as it is an open source tool."
More OWASP Zap pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
850,028 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
20%
Financial Services Firm
16%
Computer Software Company
12%
Government
5%
Computer Software Company
18%
Financial Services Firm
11%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Micro Focus Software Security Center?
You can easily download the tool's rule packs and update them.
See all answers
What is your experience regarding pricing and costs for Micro Focus Software Security Center?
In the beginning, it was difficult for me to verify that our usage of Fortify Software Security Center corresponded to the license and criteria. Now, we have negotiated a number of details to respe...
See all answers
What needs improvement with Micro Focus Software Security Center?
I would like the false positive issue to diminish. I have experienced a lot of false positives, but I think this is due to using an older version. I hope the new version will resolve my problem.
See all answers
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
See all answers
What do you like most about OWASP Zap?
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...
See all answers
What is your experience regarding pricing and costs for OWASP Zap?
OWASP might be cost-effective, however, people prefer to use the free edition available as open source.
See all answers
 

Comparisons

Fortify on Demand vs Fortify Software Security Center Logo
Fortify on Demand vs Fortify Software Security Center
Compared 57% of the time
Acunetix vs Fortify Software Security Center Logo
Acunetix vs Fortify Software Security Center
Compared 43% of the time
More Fortify Software Security Center Competitors
SonarQube Server (formerly SonarQube) vs OWASP Zap Logo
SonarQube Server (formerly SonarQube) vs OWASP Zap
Compared 21% of the time
Acunetix vs OWASP Zap Logo
Acunetix vs OWASP Zap
Compared 16% of the time
Qualys Web Application Scanning vs OWASP Zap Logo
Qualys Web Application Scanning vs OWASP Zap
Compared 10% of the time
Checkmarx One vs OWASP Zap Logo
Checkmarx One vs OWASP Zap
Compared 10% of the time
Veracode vs OWASP Zap Logo
Veracode vs OWASP Zap
Compared 9% of the time
More OWASP Zap Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
April 2025
Fortify Software Security Center reportDownload Fortify Software Security Center product report
Buyer's Guide
OWASP Zap
April 2025
OWASP Zap reportDownload OWASP Zap product report
 

Also Known As

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect
No data available
 

Overview

Software Security Center enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.
OpenText

OWASP Zap is a free and open-source web application security scanner. 

The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

OWASP
 

Sample Customers

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon
1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
Buyer's Guide
Fortify Software Security Center vs. OWASP Zap
April 2025
Free Report: Fortify Software Security Center vs. OWASP Zap
Find out what your peers are saying about Fortify Software Security Center vs. OWASP Zap and other solutions. Updated: April 2025.
DOWNLOAD NOW
850,028 professionals have used our research since 2012.
See our Fortify Software Security Center vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.