Try our new research platform with insights from 80,000+ expert users

OWASP Zap vs OpenText Dynamic Application Security Testing comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

OpenText Dynamic Applicatio...
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
21
Ranking in other categories
Dynamic Application Security Testing (DAST) (3rd), DevSecOps (10th)
OWASP Zap
Average Rating
7.6
Reviews Sentiment
7.3
Number of Reviews
41
Ranking in other categories
Static Application Security Testing (SAST) (11th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. OpenText Dynamic Application Security Testing is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 22.2%, down 30.5% compared to last year.
OWASP Zap, on the other hand, focuses on Static Application Security Testing (SAST), holds 4.6% mindshare, down 4.8% since last year.
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
 

Featured Reviews

Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…
Amit Beniwal - PeerSpot reviewer
Simplifies vulnerability discovery and has high quality support
There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores. Sometimes, a vulnerability initially categorized as high severity may be reduced to medium or low over time after security patches are applied. This alignment with the present severity score and CVSS score could be improved.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."
"The solution is easy to use."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The most valuable feature of this solution is the ability to make our customers more secure."
"It is easy to use, and its reporting is fairly simple."
"Technical support has been good."
"The accuracy of its scans is great."
"It's a well-known platform for doing dynamic application scanning."
"Automatic scanning is a valuable feature and very easy to use."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"You can run it against multiple targets."
"They offer free access to some other tools."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"I consider OWASP Zap to be the most effective solution overall; being open source allows integration with other systems via OWASP Zap APIs."
"The most valuable feature is scanning the URL to drill down all the different sites."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
 

Cons

"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"One thing I would like to see them introduce is a cloud-based platform."
"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."
"I would like WebInspect's scanning capability to be quicker."
"Not sufficiently compatible with some of our systems."
"The port scanner is a little too slow.​"
"There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores."
"OWASP should work on reducing false positives by using AI and ML algorithms."
"For scalability, I would rate OWASP Zap between four to five out of ten."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"OWASP Zap could benefit from a noise cancellation feature like that of Burp Suite Professional, where AI helps reduce certain non-critical findings."
"When comparing OWASP Zap and Burp Suite, the main difference besides pricing is that OWASP Zap has limitations with reporting levels and UI, which affects its reporting capabilities, whereas Burp Suite is already advancing with new AI features and scanning capabilities that OWASP Zap seems to be lacking."
 

Pricing and Cost Advice

"The pricing is not clear and while it is not high, it is difficult to understand."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"This solution is very expensive."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"The price is okay."
"Fortify WebInspect is a very expensive product."
"It’s a fair price for the solution."
"The tool is open source."
"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
"We have used the freeware version. I believe Zap only has freeware."
"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
"This solution is open source and free."
"The solution’s pricing is high."
"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
"It is highly recommended as it is an open source tool."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
862,624 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Government
15%
Manufacturing Company
12%
Computer Software Company
12%
Computer Software Company
17%
Financial Services Firm
11%
Manufacturing Company
8%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
The price of Fortify WebInspect is high, with the cost depending on the number of virtual users. It is approximately 25% higher than other solutions.
What needs improvement with Fortify WebInspect?
The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate. The cost of the license depends on the number of virtual users and, in comparison to...
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about OWASP Zap?
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...
What is your experience regarding pricing and costs for OWASP Zap?
OWASP might be cost-effective, however, people prefer to use the free edition available as open source.
 

Also Known As

Micro Focus WebInspect, WebInspect
No data available
 

Overview

 

Sample Customers

Aaron's
1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
Find out what your peers are saying about OWASP Zap vs. OpenText Dynamic Application Security Testing and other solutions. Updated: May 2022.
862,624 professionals have used our research since 2012.