We changed our name from IT Central Station: Here's why

Fortify WebInspect vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
Fortify WebInspect Logo
8,054 views|5,383 comparisons
OWASP Zap Logo
31,876 views|21,072 comparisons
Featured Review
Find out what your peers are saying about Fortify WebInspect vs. OWASP Zap and other solutions. Updated: January 2022.
564,729 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The user interface is ok and it is very simple to use.""The solution is able to detect a wide range of vulnerabilities. It's better at it than other products.""The solution is easy to use.""The accuracy of its scans is great.""It is scalable and very easy to use.""The most valuable feature is the static analysis.""Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."

More Fortify WebInspect Pros →

"Automatic updates and pull request analysis.""They offer free access to some other tools.""The solution is good at reporting the vulnerabilities of the application.""Automatic scanning is a valuable feature and very easy to use.""The stability of the solution is very good.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).""The solution is scalable.""The interface is easy to use."

More OWASP Zap Pros →

Cons
"Creating reports is very slow and it is something that should be improved.""Lately, we've seen more false negatives.""Our biggest complaint about this product is that it freezes up, and literally doesn't work for us.""It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved.""The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex.""It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application.""The scanner could be better."

More Fortify WebInspect Cons →

"The forced browse has been incorporated into the program and it is resource-intensive.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""Reporting format has no output, is cluttered and very long.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""Too many false positives; test reports could be improved."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "The pricing is not clear and while it is not high, it is difficult to understand."
  • "Our licensing is such that you can only run one scan at a time, which is inconvenient."
  • "Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
  • More Fortify WebInspect Pricing and Cost Advice →

  • "This is an open-source solution and can be used free of charge."
  • "This solution is open source and free."
  • More OWASP Zap Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    564,729 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer: 
    Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features.
    Top Answer: 
    Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up… more »
    Top Answer: 
    OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer: 
    It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
    Ranking
    Views
    8,054
    Comparisons
    5,383
    Reviews
    6
    Average Words per Review
    421
    Rating
    7.0
    Views
    31,876
    Comparisons
    21,072
    Reviews
    9
    Average Words per Review
    471
    Rating
    7.0
    Comparisons
    Also Known As
    Micro Focus WebInspect, WebInspect
    Learn More
    Overview
    Most enterprises rely heavily on the Web to conduct their normal operations, whether providing services, a mechanism for retail sales, or a host of other functions. Yet, most still struggle with efficiently managing their application security risks. For one thing, they need solutions of scale that can be used to manage thousands of active sites and assessments while also tracking discovered vulnerabilities, retesting procedures, and more. They need to perform repeated security tests to address compliance with regulations, legislation, and internal security policies and also see how their risk posture has changed over time. The enterprises have to protect their data, brand, and bottom line from the harsh impacts of what successful vulnerability exploitation could bring. Micro Focus WebInspect Enterprise enables organizations to solve these security problems quickly, efficiently, and intelligently.

    Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

    Offer
    Learn more about Fortify WebInspect
    Learn more about OWASP Zap
    Sample Customers
    Aaron's
    Information Not Available
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company33%
    Comms Service Provider14%
    Government12%
    Financial Services Firm9%
    REVIEWERS
    Computer Software Company27%
    Financial Services Firm18%
    Retailer9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Computer Software Company30%
    Comms Service Provider25%
    Government6%
    Financial Services Firm5%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise9%
    Large Enterprise73%
    REVIEWERS
    Small Business18%
    Midsize Enterprise32%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise16%
    Large Enterprise71%
    Find out what your peers are saying about Fortify WebInspect vs. OWASP Zap and other solutions. Updated: January 2022.
    564,729 professionals have used our research since 2012.

    Fortify WebInspect is ranked 10th in Application Security Testing (AST) with 7 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.0. The top reviewer of Fortify WebInspect writes "Good reporting and vulnerability management, but needs better performance and resource utilization". On the other hand, the top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Micro Focus Fortify on Demand, Veracode, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Qualys Web Application Scanning and Netsparker by Invicti. See our Fortify WebInspect vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.