"The interface is easy to use."
"Simple to use, good user interface."
"Automatic scanning is a valuable feature and very easy to use."
"They offer free access to some other tools."
"The solution is scalable."
"The stability of the solution is very good."
"Automatic updates and pull request analysis."
"The solution is good at reporting the vulnerabilities of the application."
"It is easy to use."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"It is a very stable solution."
"The interface is user-friendly and easy to understand."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"The forced browse has been incorporated into the program and it is resource-intensive."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"Reporting format has no output, is cluttered and very long."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Too many false positives; test reports could be improved."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The reporting contains too many false positives."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"Deployment can be complicated."
"The virus code updates are not frequent enough."
"The scanner reports a lot of false positives, which is something that needs to be improved."
Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.
OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews while Qualys Web Application Scanning is ranked 9th in Application Security Testing (AST) with 4 reviews. OWASP Zap is rated 7.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". On the other hand, the top reviewer of Qualys Web Application Scanning writes "Has a good progressive scan feature but the data server needs improvement". OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Fortify WebInspect and Netsparker by Invicti, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.