We performed a comparison between Klocwork and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Technical support is quite good."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"The ability to create custom checkers is a plus."
"The most valuable feature is the Incremental analysis."
"It's integrated into our CI, continuous integration."
"I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
"One can increase the number of vendors, so the solution is scalable."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"The API is exceptional."
"The ZAP scan and code crawler are valuable features."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The solution is scalable."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The product discovers more vulnerabilities compared to other tools."
"It's great that we can use it with Portswigger Burp."
"Every update that we receive requires of us a lengthy and involved process."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"Klocwork has to improve its features to stay ahead of other free solutions."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"The product should allow users to customize the report based on their needs."
"OWASP Zap needs to extend to mobile application testing."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The port scanner is a little too slow."
"Too many false positives; test reports could be improved."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"The documentation is lacking and out-of-date, it really needs more love."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
Klocwork is ranked 13th in Application Security Testing (AST) with 20 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Klocwork is rated 8.0, while OWASP Zap is rated 7.6. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode. See our Klocwork vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.