"The user interface is ok and it is very simple to use."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The solution is easy to use."
"The accuracy of its scans is great."
"It is scalable and very easy to use."
"The most valuable feature is the static analysis."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"Automatic updates and pull request analysis."
"They offer free access to some other tools."
"The solution is good at reporting the vulnerabilities of the application."
"Automatic scanning is a valuable feature and very easy to use."
"The stability of the solution is very good."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The solution is scalable."
"The interface is easy to use."
"Creating reports is very slow and it is something that should be improved."
"Lately, we've seen more false negatives."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The scanner could be better."
"The forced browse has been incorporated into the program and it is resource-intensive."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Reporting format has no output, is cluttered and very long."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Too many false positives; test reports could be improved."
Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.
Fortify WebInspect is ranked 10th in Application Security Testing (AST) with 7 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.0. The top reviewer of Fortify WebInspect writes "Good reporting and vulnerability management, but needs better performance and resource utilization". On the other hand, the top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Micro Focus Fortify on Demand, Veracode, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Qualys Web Application Scanning and Netsparker by Invicti. See our Fortify WebInspect vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.