We changed our name from IT Central Station: Here's why

OWASP Zap vs Rapid7 AppSpider comparison

You must select at least 2 products to compare!
OWASP Zap Logo
31,876 views|21,072 comparisons
Rapid7 AppSpider Logo
4,267 views|3,299 comparisons
Featured Review
Find out what your peers are saying about OWASP Zap vs. Rapid7 AppSpider and other solutions. Updated: January 2022.
565,689 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"They offer free access to some other tools.""Automatic scanning is a valuable feature and very easy to use.""The stability of the solution is very good.""Automatic updates and pull request analysis.""Simple to use, good user interface.""The solution is good at reporting the vulnerabilities of the application.""The solution is scalable.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."

More OWASP Zap Pros →

"When it is set up properly, it can do scanning on web apps with multiple engines automatically.""I would say that it is stable, as I am not aware of any major issues.""The setup is usually straightforward.""It is really accurate and the rate of false positives is very low."

More Rapid7 AppSpider Pros →

"The forced browse has been incorporated into the program and it is resource-intensive.""Deployment is somewhat complicated.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""Too many false positives; test reports could be improved.""The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""Reporting format has no output, is cluttered and very long.""The documentation needs to be improved because I had to learn everything from watching YouTube videos."

More OWASP Zap Cons →

"AppSpider could improve in the area of integration. They need to add more integration opportunities.""Integration could be better.""The tech support is responsive but issues remain unresolved.""The dashboard and interface are crucial and they need some improvement.""Support response times are slow and can be improved.""The enterprise interface is too simple. It should be more customizable."

More Rapid7 AppSpider Cons →

Pricing and Cost Advice
  • "This is an open-source solution and can be used free of charge."
  • "This solution is open source and free."
  • More OWASP Zap Pricing and Cost Advice →

  • "It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
  • "The price is pretty fair."
  • More Rapid7 AppSpider Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    565,689 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer: 
    It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
    Ask a question

    Earn 20 points

    Average Words per Review
    Average Words per Review
    Also Known As
    Learn More

    Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

    SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

    Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

    Learn more about OWASP Zap
    Learn more about Rapid7 AppSpider
    Sample Customers
    Information Not Available
    Top Industries
    Computer Software Company27%
    Financial Services Firm18%
    Manufacturing Company9%
    Computer Software Company30%
    Comms Service Provider25%
    Financial Services Firm5%
    Computer Software Company25%
    Comms Service Provider24%
    Financial Services Firm8%
    Company Size
    Small Business18%
    Midsize Enterprise32%
    Large Enterprise50%
    Small Business14%
    Midsize Enterprise16%
    Large Enterprise71%
    Small Business50%
    Midsize Enterprise25%
    Large Enterprise25%
    Find out what your peers are saying about OWASP Zap vs. Rapid7 AppSpider and other solutions. Updated: January 2022.
    565,689 professionals have used our research since 2012.

    OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews while Rapid7 AppSpider is ranked 16th in Application Security Testing (AST) with 4 reviews. OWASP Zap is rated 7.0, while Rapid7 AppSpider is rated 7.6. The top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". On the other hand, the top reviewer of Rapid7 AppSpider writes "Scan web applications for vulnerabilities and automate testing with various engines". OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Qualys Web Application Scanning and Rapid7 InsightAppSec, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, Netsparker by Invicti, Acunetix by Invicti, HCL AppScan and Checkmarx. See our OWASP Zap vs. Rapid7 AppSpider report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.