"They offer free access to some other tools."
"Automatic scanning is a valuable feature and very easy to use."
"The stability of the solution is very good."
"Automatic updates and pull request analysis."
"Simple to use, good user interface."
"The solution is good at reporting the vulnerabilities of the application."
"The solution is scalable."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"I would say that it is stable, as I am not aware of any major issues."
"The setup is usually straightforward."
"It is really accurate and the rate of false positives is very low."
"The forced browse has been incorporated into the program and it is resource-intensive."
"Deployment is somewhat complicated."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Too many false positives; test reports could be improved."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"Reporting format has no output, is cluttered and very long."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"Integration could be better."
"The tech support is responsive but issues remain unresolved."
"The dashboard and interface are crucial and they need some improvement."
"Support response times are slow and can be improved."
"The enterprise interface is too simple. It should be more customizable."
Earn 20 points
Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.
SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.
Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.
OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews while Rapid7 AppSpider is ranked 16th in Application Security Testing (AST) with 4 reviews. OWASP Zap is rated 7.0, while Rapid7 AppSpider is rated 7.6. The top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". On the other hand, the top reviewer of Rapid7 AppSpider writes "Scan web applications for vulnerabilities and automate testing with various engines". OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Qualys Web Application Scanning and Rapid7 InsightAppSec, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Netsparker by Invicti, Acunetix by Invicti, HCL AppScan and Checkmarx. See our OWASP Zap vs. Rapid7 AppSpider report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.