We performed a comparison between OWASP Zap and Rapid7 AppSpider based on real PeerSpot user reviews.Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The most valuable feature is scanning the URL to drill down all the different sites."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The solution has tightened our security."
"It's great that we can use it with Portswigger Burp."
"You can run it against multiple targets."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"It scans all the components developed within a web application."
"There are too many false positives."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The technical support team must be proactive."
"The product should allow users to customize the report based on their needs."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"The solution is unable to customize reports."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"Lacks resources where users can internally access a learning module from the tool."
"There are some glitches with stability, and it is an area for improvement."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"AppSpider has some problems with the RAM needed while scanning."
"It needs better integration with mobile applications."
OWASP Zap is a free and open-source web application security scanner.
The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.
With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.
SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.
Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.
OWASP Zap is ranked 8th in Application Security Testing (AST) with 11 reviews while Rapid7 AppSpider is ranked 21st in Application Security Testing (AST) with 5 reviews. OWASP Zap is rated 7.2, while Rapid7 AppSpider is rated 7.4. The top reviewer of OWASP Zap writes "Stable dynamic testing solution with unreliable manual processes". On the other hand, the top reviewer of Rapid7 AppSpider writes "Easy automated web app scanning, but gives many false positives and isn't always stable". OWASP Zap is most compared with PortSwigger Burp Suite Professional, SonarQube, Acunetix, Qualys Web Application Scanning and GitLab, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Acunetix, Tenable.io Web Application Scanning, Invicti and Qualys Web Application Scanning. See our OWASP Zap vs. Rapid7 AppSpider report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.