OWASP Zap vs Rapid7 AppSpider comparison

Cancel
You must select at least 2 products to compare!
OWASP Logo
24,584 views|11,853 comparisons
Rapid7 Logo
1,507 views|1,135 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between OWASP Zap and Rapid7 AppSpider based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed OWASP Zap vs. Rapid7 AppSpider Report (Updated: November 2023).
744,865 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The product helps users to scan and fix vulnerabilities in the pipeline.""The most valuable feature is scanning the URL to drill down all the different sites.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high.""ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube.""The solution has tightened our security.""It's great that we can use it with Portswigger Burp.""You can run it against multiple targets."

More OWASP Zap Pros →

"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way.""The initial deployment is very straightforward and simple. The product is stable if configured properly.""What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions.""AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines.""It scans all the components developed within a web application."

More Rapid7 AppSpider Pros →

Cons
"There are too many false positives.""They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better.""The technical support team must be proactive.""The product should allow users to customize the report based on their needs.""ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline.""The solution is unable to customize reports.""The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more.""Lacks resources where users can internally access a learning module from the tool."

More OWASP Zap Cons →

"There are some glitches with stability, and it is an area for improvement.""The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution.""One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions.""AppSpider has some problems with the RAM needed while scanning.""It needs better integration with mobile applications."

More Rapid7 AppSpider Cons →

Pricing and Cost Advice
  • "We have used the freeware version. I believe Zap only has freeware."
  • "The solution’s pricing is high."
  • More OWASP Zap Pricing and Cost Advice →

  • "The licensing cost depends on the number of users."
  • "AppSpider is closed-source software and you need to acquire a license in order to use it."
  • "The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
  • More Rapid7 AppSpider Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    744,865 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The product helps users to scan and fix vulnerabilities in the pipeline.
    Top Answer:The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all… more »
    Top Answer:The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor. The price of the… more »
    Top Answer:The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution.
    Ranking
    Views
    24,584
    Comparisons
    11,853
    Reviews
    10
    Average Words per Review
    410
    Rating
    7.2
    Views
    1,507
    Comparisons
    1,135
    Reviews
    3
    Average Words per Review
    429
    Rating
    7.3
    Comparisons
    Also Known As
    AppSpider
    Learn More
    Overview

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

    Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

    Offer
    Learn more about OWASP Zap
    Learn more about Rapid7 AppSpider
    Sample Customers
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Microsoft
    Top Industries
    REVIEWERS
    Computer Software Company29%
    Financial Services Firm18%
    Retailer12%
    Energy/Utilities Company12%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm10%
    Comms Service Provider8%
    Government7%
    REVIEWERS
    Financial Services Firm33%
    University33%
    Comms Service Provider33%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm13%
    Government9%
    Healthcare Company6%
    Company Size
    REVIEWERS
    Small Business15%
    Midsize Enterprise30%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    REVIEWERS
    Small Business54%
    Midsize Enterprise15%
    Large Enterprise31%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise17%
    Large Enterprise63%
    Buyer's Guide
    OWASP Zap vs. Rapid7 AppSpider
    November 2023
    Find out what your peers are saying about OWASP Zap vs. Rapid7 AppSpider and other solutions. Updated: November 2023.
    744,865 professionals have used our research since 2012.

    OWASP Zap is ranked 8th in Application Security Testing (AST) with 11 reviews while Rapid7 AppSpider is ranked 21st in Application Security Testing (AST) with 5 reviews. OWASP Zap is rated 7.2, while Rapid7 AppSpider is rated 7.4. The top reviewer of OWASP Zap writes "Stable dynamic testing solution with unreliable manual processes". On the other hand, the top reviewer of Rapid7 AppSpider writes "Easy automated web app scanning, but gives many false positives and isn't always stable". OWASP Zap is most compared with PortSwigger Burp Suite Professional, SonarQube, Acunetix, Qualys Web Application Scanning and GitLab, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Acunetix, Tenable.io Web Application Scanning, Invicti and Qualys Web Application Scanning. See our OWASP Zap vs. Rapid7 AppSpider report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.