We performed a comparison between OWASP Zap and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ZAP scan and code crawler are valuable features."
"They offer free access to some other tools."
"You can run it against multiple targets."
"Simple and easy to learn and master."
"Automatic scanning is a valuable feature and very easy to use."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The product discovers more vulnerabilities compared to other tools."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Technical support is helpful."
"We have seen a return on investment."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"They have a feature where they can record traffic and create tests on the report traffic."
"The documentation is lacking and out-of-date, it really needs more love."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"There isn't too much information about it online."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"It would be nice to have a solid SQL injection engine built into Zap."
"The port scanner is a little too slow."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The product is very slow to start up, and that is a bit of a problem, actually."
"UI testing should be more in-depth."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The summary reports could be improved."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"From an automation point of view, it should have better clarity and be more user friendly."
"Reporting facilities can be better."
OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews while Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews. OWASP Zap is rated 7.6, while Parasoft SOAtest is rated 8.2. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Veracode, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork. See our OWASP Zap vs. Parasoft SOAtest report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.