Try our new research platform with insights from 80,000+ expert users

Ixia BreakingPoint vs OWASP Zap comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Ixia BreakingPoint
Ranking in Static Application Security Testing (SAST)
36th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
8
Ranking in other categories
No ranking in other categories
OWASP Zap
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.6
Reviews Sentiment
7.3
Number of Reviews
41
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Ixia BreakingPoint is 0.3%, up from 0.2% compared to the previous year. The mindshare of OWASP Zap is 4.6%, down from 4.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Sai Prasad - PeerSpot reviewer
Works better for testing traffic, mix profile, and enrollment scenarios than other solutions
Once, when I raised a ticket regarding a hardware or software issue, the solution's support team visited our company to discuss and find out ways to solve the problem. Sometimes, they asked us to send several photos from the back and front end to identify the issue. It was time-consuming as we were occupied with some other testing simultaneously. Instead, it would have been great if they could have visited our company and rectified the problem.
Amit Beniwal - PeerSpot reviewer
Simplifies vulnerability discovery and has high quality support
There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores. Sometimes, a vulnerability initially categorized as high severity may be reduced to medium or low over time after security patches are applied. This alignment with the present severity score and CVSS score could be improved.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"The DDoS testing module is useful and quick to use."
"The solution has many protocols and options, making it very flexible."
"I like that we can test cloud applications."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"It is a scalable solution."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The stability of the solution is very good."
"They offer free access to some other tools."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"I consider OWASP Zap to be the most effective solution overall; being open source allows integration with other systems via OWASP Zap APIs."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"We use the solution for security testing."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
 

Cons

"The integration could improve in Ixia BreakingPoint."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"They should improve UI mode packages for the users."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"The price could be better."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"Reporting format has no output, is cluttered and very long."
"OWASP should work on reducing false positives by using AI and ML algorithms. They should expand their capabilities for broader coverage of business logic flaws and complex issues."
"The forced browse has been incorporated into the program and it is resource-intensive."
"There's very little documentation that comes with OWASP Zap."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"OWASP Zap needs to extend to mobile application testing."
 

Pricing and Cost Advice

"We have a one year subscription license for $25,000 US Dollars."
"The solution is expensive."
"or us, the pricing is somewhere around $12,000 a year. I'm unsure as to what new licenses now cost."
"The price is high. We pay for the license monthly."
"The price of the solution is expensive."
"There is no differentiation in licenses for Breaking Point. For one license, you will get all the features. There is no complexity in that."
"This solution is open source and free."
"We have used the freeware version. I believe Zap only has freeware."
"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
"The tool is open-source."
"OWASP Zap is free to use."
"This app is completely free and open source. So there is no question about any pricing."
"It is highly recommended as it is an open source tool."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
860,632 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Manufacturing Company
14%
Financial Services Firm
11%
Comms Service Provider
6%
Computer Software Company
17%
Financial Services Firm
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Ask a question
Earn 20 points
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about OWASP Zap?
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...
What is your experience regarding pricing and costs for OWASP Zap?
OWASP might be cost-effective, however, people prefer to use the free edition available as open source.
 

Overview

 

Sample Customers

Corsa Technology
1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
Find out what your peers are saying about Ixia BreakingPoint vs. OWASP Zap and other solutions. Updated: June 2025.
860,632 professionals have used our research since 2012.